Abstract

Analysis of in-vehicle networks is an open research area that gained relevance after recent reports of cyber attacks against connected vehicles. After those attacks gained international media attention, many security researchers started to propose different algorithms that are capable to model the normal behaviour of the CAN bus to detect the injection of malicious messages. However, despite the automotive area has different constraint than classical IT security, many security research have been conducted by applying sophisticated algorithm used in IT anomaly detection, thus proposing solutions that are not applicable on current Electronic Control Units (ECUs). This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. Moreover, the proposed algorithm has been designed and implemented with the very strict constraint of low-end ECUs, having low computational complexity and small memory footprints. The proposed algorithm identifies anomalies in the sequence of the payloads of different classes of IDs by computing the Hamming distance between consecutive payloads. Its detection performance are evaluated through experiments carried out using real CAN traffic gathered from an unmodified licensed vehicle.

Highlights

  • The increasing adoption of advanced infotainment systems and self-driving capabilities makes modern vehicles similar to mobile networks of computing devices, often connected to the public Internet

  • This paper proposes a novel anomaly detection algorithm for the Controller Area Network (CAN) bus of modern vehicles that is based on the evaluation of the Hamming distance [4] between the payloads of consecutive CAN messages having the same ID [5]

  • This paper proposes a novel algorithm that aims to detect cyber-attacks that involve the injection of malicious forged CAN messages into modern vehicles networks

Read more

Summary

INTRODUCTION

The increasing adoption of advanced infotainment systems and self-driving capabilities makes modern vehicles similar to mobile networks of computing devices, often connected to the public Internet. This trend opens different scenarios of groundbreaking innovation, and exposes novel attack surfaces that cyber-attackers can exploit. This paper proposes a novel anomaly detection algorithm for the CAN bus of modern vehicles that is based on the evaluation of the Hamming distance [4] between the payloads of consecutive CAN messages having the same ID [5]. To the best of our knowledge, this is the first algorithm that inspects the sequences of the payload values for different classes of IDs of the vehicle

RELATED WORK
Controller Area Network
Hamming Distance
ATTACK SCENARIO
Fuzzing Attack
Replay Attack
ALGORITHM DESCRIPTION
Model Creation and Validation
Live Detection
EXPERIMENTAL EVALUATION
Fuzzing Attack Detection
Computational cost
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.