Flooding attack mitigator for in-vehicle CAN using fault confinement in CAN protocol

Abstract

For driver convenience and safety, a number of electronic control units (ECUs) have been installed on modern vehicles. To support communications among ECUs, the controller area network (CAN) is commonly used as in-vehicle network for several decades. However, the CAN protocol lacks security mechanisms, which means that it can be damaged by a number of cyber attacks. In particular, message flooding is one type of DoS attack known to be the easiest to perform because it continuously broadcasts a large number of CAN messages to the in-vehicle CAN without any CAN traffic analysis. To handle message flooding on the in-vehicle CAN, several countermeasures including intrusion detection and prevention have been studied, but unfortunately, these solutions could produce false positive detection rates or cause the communication failures of benign ECUs. In this paper, we introduce a message flooding attack mitigation method for the first time that does not accidentally cause the communication failures of benign ECUs. The proposed method can mitigate flooding attack attempts by using the fault confinement rule that is defined in the CAN protocol. Since the proposed method does not violate the rules of the CAN standard during mitigating, no system modifications are required. Experimental results show that the proposed mitigator guarantees a transmission rate up to 79.22% of normal messages that were not sent due to a flooding attack.