Voltage inspector: Sender identification for in-vehicle CAN bus using voltage slice

Abstract

Controller Area Network (CAN) serves as the neural system of modern cars, connecting and coordinating various electronic control units (ECUs) responsible for vehicle operation. However, the inherent features of CAN, such as broadcast communication and lack of authentication, make it increasingly vulnerable to cyberattacks. Although existing intrusion detection systems (IDSs) perform well in detecting malicious attacks, they often lack the ability to accurately locate the senders of these malicious messages. In this paper, we propose an efficient sender identification method called Voltage Inspector, which leverages physical voltage signal slice to accurately identify the source of messages for CAN bus. We start by extracting voltage slices from the raw physical signals of the CAN bus. Next, we leverage clustering technology to infer the ECU mapping information, which is typically considered confidential. This mapping information, combined with a machine learning classifier, is then utilized to construct an identification model capable of accurately identifying the sender of each message. To validate the effectiveness of our proposed method, we conducted extensive experiments using a publicly available voltage dataset collected from ten real vehicles. The experimental results demonstrate the remarkable accuracy of our approach, achieving a minimum identification accuracy of 99%. Furthermore, our method significantly reduces the data volume by half and reduces the identification time by a quarter when compared to state-of-the-art methods. Our research reveals that even a small portion of the voltage signal can be used to uniquely fingerprint an ECU. We emphasize that our method serves as an alternative identification approach and can complement existing works in the field.