Traffic anomaly detection algorithm for CAN bus using similarity analysis

Abstract

Recently, vehicles have experienced a rise in networking and informatization, leading to increased security concerns. As the most widely used automotive bus network, the Controller Area Network (CAN) bus is vulnerable to attacks, as security was not considered in its original design. This paper proposes SIDuBzip2, a traffic anomaly detection method for the CAN bus based on the bzip2 compression algorithm. The proposed method utilizes the pseudo-periodic characteristics of CAN bus traffic, constructing time series of CAN IDs and calculating the similarity between adjacent time series to identify abnormal traffic. The method consists of three parts: the conversion of CAN ID values to characters, the calculation of similarity based on bzip2 compression, and the optimal solution of model parameters. The experimental results demonstrate that the proposed SIDuBzip2 method effectively detects various attacks, including Denial of Service , replay, basic injection, mixed injection, and suppression attacks. In addition, existing CAN bus traffic anomaly detection methods are compared with the proposed method in terms of performance and delay, demonstrating the feasibility of the proposed method.