Controller Area Network Research Articles

CICIoV2024: Advancing realistic IDS approaches against DoS and spoofing attack in IoV CAN bus

Considering the complexity of network traffic in IoV operations, methods that can identify complex patterns become useful. Machine learning fosters several techniques to enhance the detection, prevention, and mitigation of cyberattacks. However, important features are not addressed in the current state-of-the-art security datasets for IoV. For example, in the case of intra-vehicle communications, it is critical to consider the interaction among multiple Electronic Control Units (ECUs). Also, mimicking a realistic IoV environment is not simple since establishing a test environment requires considerable financial investment. Hence, there is a need for a testbed composed of several real ECUs in an IoV environment comprising network traffic. Thereupon, the main goal of this research is to propose a realistic benchmark dataset to foster the development of new cybersecurity solutions for IoV operations. To accomplish this, five attacks were executed against the fully intact inner structure of a 2019 Ford car, complete with all ECUs. However, the vehicle was immobile and incapable of causing any potential harm or injuries. Hence, all attacks were carried out on the vehicle without endangering the car’s driver or passengers. These attacks are classified as spoofing and Denial-of-Service (Dos) and were carried out through the Controller Area Network (CAN) protocol. This effort establishes a baseline complementary to existing contributions and supports researchers in proposing new IoV solutions to strengthen overall security using different techniques (e.g., Machine Learning — ML). The CICIoV2024 dataset has been published on CIC’s dataset page.

CAN Interface Insights for Electric Vehicle Battery Recycling

Road transportation is a significant worldwide contributor to greenhouse gases, and electrifying the driveline of road vehicles is essential in overcoming the evident challenge of climate change. A sustainable transition to electric vehicles requires efficient and safe methods for recycling and repurposing used electric vehicle batteries. While various testing methods have been explored for assessing battery state of health and state of risk for recycling and reuse, a research gap exists concerning using data from integrated battery monitoring systems in the recycling process of electric vehicle batteries. This study addresses the research gap by presenting an approach to extract data from the monitoring system integrated into the battery using the automotive standard controller area network interface. In addition, methods to use this interface to ensure the optimal state of charge of the batteries for storage are presented. The benefits, challenges, and limitations set by the proprietary nature of the data to assess the state of risk and health of electric vehicle batteries for recycling and repurposing are presented, discussed, and evaluated. Finally, the influence of battery regulations and the battery passport proposal on electric vehicle battery recycling and repurposing are discussed to provide future perspectives.

Performance Comparison of Timing-Based Anomaly Detectors for Controller Area Network: A Reproducible Study

This work presents an experimental evaluation of the detection performance of eight different algorithms for anomaly detection on the Controller Area Network (CAN) bus of modern vehicles based on the analysis of the timing or frequency of CAN messages. This work solves the current limitations of related scientific literature, which is based on a private dataset and lacks open implementations and a detailed description of the detection algorithms. These drawbacks prevent the reproducibility of published results, making it impossible to compare a novel proposal against related work, thus hindering the advancement of science. This article solves these issues by publicly releasing implementations and labeled datasets and by describing unbiased experimental comparisons.

Hybrid RNN-LSTM Networks for Enhanced Intrusion Detection in Vehicle CAN Systems

Electric vehicles (EVs) use electric motors for propulsion, relying on electric energy stored in batteries or other energy storage devices. The standard communication protocol used in EVs is the Control Area Network (CAN), a communication protocol widely used in the automotive industry for networking and communication between various components within a vehicle. CAN protocol, designed without any care about protection, as automotive systems become more connected, the vulnerability to cyber threats, including intrusion attacks. The most common intrusion attacks on EVs are Denial of Service (DoS), Fuzzy, and Impersonation Attacks. These become a significant challenge due to the imperative need for robust Intrusion Detection Systems (IDS) in CAN networks. This paper explores the application of advanced deep learning techniques, specifically Recurrent Neural Networks (RNN) and Long Short-Term Memory (LSTM) networks, to enhance the effectiveness of intrusion detection in the EV domain. We will use a hybrid Deep-learning model to improve the analysis. First, we will apply the RNN model, and the output will come as input for the second model, LSTM. Our proposed hybrid model achieved an accuracy of 93%. The outcomes of this research contribute to advancing cybersecurity measures in vehicular networks, ensuring the integrity and safety of connected vehicles. The applicability of RNN and LSTM techniques in the context of CAN networks demonstrates their potential to evolve as integral components of next-generation intrusion detection systems, fostering a secure and resilient automotive ecosystem.

A Novel Architecture for an Intrusion Detection System Utilizing Cross-Check Filters for In-Vehicle Networks.

The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

Implement Standard UDS Diagnostics over can for Automotive Actuator ECU

Electronic control units (ECUs) are an integral part of modern vehicles, controlling everything from safety procedures and system diagnostics to engine optimization. These ECUs need to work flawlessly to keep the vehicle reliable and efficient. The aim of this project is to use Controller Area Network (CAN) and Unified Diagnostic Services (UDS) communication systems to diagnose ECUs in vehicles (specifically those that control the engine). The main goal of this project is to create a comprehensive diagnostic system specifically designed for vehicle ECUs with the aim of improving engine diagnostics and improving vehicle maintenance procedures. The project combines UDS and CAN, two communication methods widely used in the automotive industry, to achieve these goals and provide effective communication between diagnostic tools and ECUs.

A Mixed-Criticality Traffic Scheduler with Mitigating Congestion for CAN-to-TSN Gateway

The network architecture that Time-Sensitive Networking (TSN) is used as the backbone network and the Controller Area Network (CAN) serves as the intra-domain network is considered as the CAN-TSN interconnection network architecture, which has gained considerable attention within industrial embedded networks, such as spacecraft, intelligent automobiles, and factory automation. The architecture employs the CAN-TSN gateway as a central hub for transmitting and managing a significant volume of communications between the CAN domains and TSN. However, the CAN-TSN gateway faces a high congestion challenge due to the rapid growth in data volume, making it difficult to effectively support different time planning mechanisms provided by TSN. In this paper, we propose a two-stage mixed-criticality traffic scheduler. The scheduler in the first stage adopts a Message Optimization Algorithm (MOA) to aggregate multiple CAN messages into a single TSN message (including the aggregation of critical and non-critical CAN messages), which reduces the number of CAN messages requiring transmission. In the second stage, the scheduler proposes a Message Scheduling Optimization Algorithm (MSOA) to schedule critical TSN messages. This algorithm reassembles all the critical CAN messages (within the un-schedulable TSN messages) to generate new TSN messages for rescheduling. Experimental results show that our proposed scheduler effectively improves the acceptance ratio of critical and non-critical CAN messages and outperforms the state-of-the-art message scheduling method in terms of acceptance ratio while improving the bandwidth utilization and the number of schedule table entries. We further construct a hardware platform to evaluate the performance of MSOA. The consistency between practical results and theoretical results shows the effectiveness of MSOA.

Availability evaluation of controller area networks under the influence of intermittent connection faults

Availability evaluation of controller area networks under the influence of intermittent connection faults

Windowed Hamming Distance-Based Intrusion Detection for the CAN Bus

The use of a Controller Area Network (CAN) bus in the automotive industry for connecting electronic control units (ECUs) poses security vulnerabilities due to the lack of built-in security features. Intrusion Detection Systems (IDSs) have emerged as a practical solution for safeguarding the CAN bus. However, developing an effective IDS for in-vehicle CAN buses encounters challenges in achieving high precision for detecting attacks and meeting real-time requirements with limited computational resources. To address these challenges, we propose a novel method for anomaly detection on CAN data using windowed Hamming distance. Our approach utilizes sliding windows and Hamming distance to extract features from time series data. By creating benchmark windows that span at least one cycle of data, we compare newly generated windows with recorded benchmarks using the Hamming distance to identify abnormal CAN messages. During the experimental phase, we conduct extensive testing on both the public car-hack dataset and a proprietary dataset. The experimental results indicate that our method achieves an impressive accuracy of up to 99.67% in detecting Denial of Service (DoS) attacks and an accuracy of 98.66% for fuzzing attacks. In terms of two types of spoofing attacks, our method achieves detection accuracies of 99.48% and 99.61%, respectively, significantly outperforming the methods relying solely on the Hamming distance. Furthermore, in terms of detection time, our method significantly reduces the time consumption by nearly 20-fold compared to the approach using deep convolutional neural networks (DCNN), decreasing it from 6.7 ms to 0.37 ms.

Dynamic Event-Triggered-Based Adaptive Finite-Time Neural Control for Active Suspension Systems With Displacement Constraint.

In this article, we give an event-based control algorithm for nonlinear active suspension systems (ASSs) with the vertical displacement constraint. For in-vehicle communication networks, the controller area network (CAN) is a widely used standard for interconnecting electronic control units (ECUs). The main task in this work is, thus, to reduce the communication burden on the CAN. To this end, we develop a dynamic event-triggered communication mechanism in ASSs. Meanwhile, in practice, the vehicle safety is degraded when the body vibration exceeds the allowable maximum. Thus, the vertical displacement of ASSs should be constrained within a reliable range. For this purpose, we present a novel finite-time integral barrier Lyapunov function (FTIBLF), which not only guarantees that the vertical displacement constraint bounds are not violated, but also enables the position of the suspension to be stabilized in the neighborhood of a desired position in finite settling time. Furthermore, neural networks (NNs) are utilized to identify the unknown nonlinear characteristics in ASSs subjected to the modeling error and unknown mass. As a result, we propose an adaptive neural control technique based on the dynamic event-triggered condition, which helps to improve the ride comfort while ensuring the driving safety and handling stability. Finally, simulation results are provided to verify the validity of the presented methodology.

ADVANCES IN NETWORK SECURITY FOR A RESILIENT DIGITAL CYBERSPACE INFRASTRUCTURE

In network security, safeguarding digital cyberspace infrastructure against malicious intrusions remains a paramount concern. This study addresses this imperative by proposing a novel approach that integrates digital watermarking, Huffman coding, and sophisticated attack classification techniques within the Controller Area Network (CAN) protocol framework. The proliferation of interconnected systems and the increasing sophistication of cyber threats necessitate novel strategies to fortify network defenses and ensure resilience in the face of adversarial activities. The research problem revolves around the need to develop an effective method for detecting and categorizing reconnaissance and violent attacks within cyberspace networks, particularly those utilizing the CAN protocol. Despite advancements in security protocols and intrusion detection systems, existing methodologies often fall short in accurately distinguishing between benign and malicious network activities, leaving critical infrastructure vulnerable to exploitation. This research uses digital watermarking to embed metadata within network packets, Huffman coding for efficient data compression, and advanced attack classification algorithms for real-time threat identification. The experimental results demonstrate the efficacy of the proposed approach in accurately differentiating between reconnaissance probes and violent attacks, thereby enabling timely and targeted responses to mitigate security threats.

Disturbance Observer-Based Event-Triggered Control of Vehicle Suspension With Finite-Time Prescribed Performance

In this article, we develop a disturbance observer-based event-triggered control strategy for uncertain active suspension systems (ASSs), while guaranteeing the transient behavior and reducing the communication burden over the controller area network (CAN). In order to improve the transient and steady-state performances of ASSs, a novel global finite-time prescribed performance function is proposed. Unlike the existing vehicle suspension results on prescribed performance control, the proposed scheme is able to relax the restriction that the initial value depends on the prescribed function. Meanwhile, the proposed approach ensures that the tracking error is stabilized in a prescribed zone in a finite time independent of the initial condition. Then, a performance function dependent event-triggered mechanism is suggested to alleviate the bandwidth occupancy on the CAN while obtaining satisfactory tracking performance. In addition, a disturbance observer is employed to estimate the lumped uncertainty in ASSs. All signals in the resulting close-loop ASSs are ensured bounded. Finally, the effectiveness of the developed methodology are demonstrated in simulation results.

Predictable Timestamping for the Controller Area Network: Evaluation and Effect on Clock Synchronization Accuracy

Predictable Timestamping for the Controller Area Network: Evaluation and Effect on Clock Synchronization Accuracy

Single-Frame-Based Data Compression for CAN Security

To authenticate a controller area network (CAN) data frame, a message authentication code (MAC) must be sent along with the CAN frame, but there is no space reserved for the MAC in the CAN frame. Recently, difference-based compression (DBC) algorithms have been used to create a space inside the frame. DBC has the advantage of being very efficient, but its drawback is that, if an error occurs in one frame, the effects of that error propagate to subsequent frames. In this paper, a CAN data compression algorithm is proposed that compresses the current frame without relying on previous frames. Therefore, an error generated in one frame cannot be propagated to subsequent frames. In addition, a CAN signal grouping technique is proposed based on entropy analysis. To efficiently authenticate CAN frames, the length of the compressed data must be 4 bytes or less (4BL). Simulation shows that the 4BL-compression ratio of a Kia Sorento vehicle is 99.36% in the DBC method, but 100% in the proposed method. In an LS Mtron tractor, the 4BL-compression ratio is 98.58% in the DBC method, but 100% in the proposed method. In addition, the execution time of the proposed compression algorithm is only 27.39% of that of the DBC algorithm. The results show that the proposed algorithm has better compression characteristics for CAN security than the DBC algorithms.

An Effective Ensemble Learning-Based Real-Time Intrusion Detection Scheme for an In-Vehicle Network

The emergence of connected and autonomous vehicles has led to complex network architectures for electronic control unit (ECU) communication. The controller area network (CAN) enables the transmission of data inside vehicle networks. However, although it has low latency and enjoys data broadcast capability, it is vulnerable to attacks on security. The lack of effectiveness of conventional security mechanisms in addressing these vulnerabilities poses a danger to vehicle safety. This study presents an intrusion detection system (IDS) that accurately detects and classifies CAN bus attacks in real-time using ensemble techniques and the Kappa Architecture. The Kappa Architecture enables real-time attack detection, while ensemble learning combines multiple machine learning classifiers to enhance the accuracy of attack detection. The scheme utilizes ensemble methods with Kappa Architecture’s real-time data analysis to detect common CAN bus attacks. This study entails the development and evaluation of supervised models, which are further enhanced using ensemble techniques. The accuracy, precision, recall, and F1 score are used to measure the scheme’s effectiveness. The stacking ensemble technique outperformed individual supervised models and other ensembles with accuracy, precision, recall, and F1 of 0.985, 0.987, and 0.985, respectively.

Can-train-and-test: A curated CAN dataset for automotive intrusion detection

When it comes to in-vehicle networks (IVNs), the controller area network (CAN) bus dominates the market; automobiles manufactured and sold worldwide depend on the CAN bus for safety-critical communications between various components of the vehicle (e.g., the engine, the transmission, the steering column). Unfortunately, the CAN bus is inherently insecure; in fact, it completely lacks controls such as authentication, authorization, and confidentiality (i.e., encryption). Therefore, researchers have travailed to develop automotive security enhancements. The automotive intrusion detection system (IDS) is especially popular in the literature—due to its relatively low cost in terms of money, resource utilization, and implementation effort. That said, developing and evaluating an automotive IDS is often challenging; if researchers do not have access to a test vehicle, then they are forced to depend on publicly available CAN data—which is not without limitations. Lack of access to adequate CAN data, then, becomes a barrier to entry into automotive security research.We seek to lower that barrier to entry by introducing a new CAN dataset to facilitate the development and evaluation of automotive IDSs. Our datasets—dubbed can-dataset, can-log, can-csv, can-ml, and can-train-and-test—provide CAN data from four different vehicles produced by two different manufacturers. The attack captures for each vehicle model are equivalent, enabling researchers to assess the ability of a given IDS to generalize to different vehicle models and even different vehicle manufacturers. Our datasets contain replayable .log files as well as labeled and unlabeled .csv files, thereby meeting a variety of development and evaluation needs. In particular, the can-train-and-test dataset offers nine unique attacks, ranging from denial of service (DoS) to gear spoofing to standstill; as such, researchers can select a subset of the attacks for training and save the remainder for testing in order to assess a given IDS against unseen attacks. Many of our attacks, particularly the spoofing-related attacks, were conducted during live, on-the-road experiments with real vehicles. These attacks have known physical impacts. As a benchmark, we pit a number of machine learning IDSs against our dataset and analyze the results. We present our datasets—especially can-train-and-test—as a contribution to the existing catalogue of open-access datasets in hopes of filling in the gaps left by those datasets.

Unsupervised intrusion detection system for in-vehicle communication networks

In-vehicle communication has been optimized day to day to keep updated of the technologies. Control area network (CAN) is used as a standard communication method because of its efficient and reliable connection. However, CAN is prone to several network level attacks because of its lack in security mechanisms. Various methods have been introduced to incorporate this in CAN. We proposed an unsupervised method of intrusion detection for in-vehicle communication networks by combining the optimal feature extracting ability of autoencoders and more precise clustering using fuzzy C-means (FCM). The proposed method is light weight and requires less computation time. We performed an extensive experiment and achieved an accuracy of 75.51 % with the ML350 in-vehicle intrusion dataset. By experimental result, the proposed method also works better for other intrusion detection problems like wireless intrusion detection datasets such as WNS-DS with accuracy of 84.05 % and network intrusion detection datasets such as KDDCup with accuracy 60.63 % , UNSW_NB15 with accuracy 73.62 % and Information Security Center of Excellence (ISCX) with accuracy 74.83 %. Overall, the proposed method outperforms the existing methods and avoids labeled datasets when training an in-vehicle intrusion detection model. The results of the experiment of our proposed method performed on various intrusion detection datasets indicate that the proposed approach is generalized and robust in detecting intrusions and can be effectively deployed in real time to monitor CAN traffic in vehicles and proactively alert during attacks.

A real-time field bus architecture for multi-smart-motor servo system

The multi-motor servo system (MMSS) is an electro-mechanical system widely used in various fields, including electric vehicles, robotics, and industrial machinery. Depending on the application, the number of motors in the system can range from several dozens to tens of thousands, which imposes additional communication demands. Thus, ensuring synchronization and control precision of the system requires addressing the challenge of guaranteeing the performance and reliability of communication among motors in the MMSS. In this paper, we design a smart servo motor (SSM) to upgrade the system to the multi-smart-motor servo system (MSMSS) based on a distributed real-time field bus architecture, namely, Multi-Motor Bus (MMB) architecture. The proposed MMB architecture is lightweight and stable, providing real-time support for Control Area Network connections to a central user computer and inter-integrated circuit connections to SSM units. This MMB architecture facilitates the synchronization of command transmission across SSMs and ensures the consistency of motors in the MSMSS. Additionally, a serial experiments to examine 3 key system performance and reliability characteristics are conducted, including command transmission time, transmission jitters, and rotation consistency. The analysis of these characteristics demonstrates the system’s potential and feasibility to be applicable in industry.

Remote Fault Diagnosis for the Powertrain System of Fuel Cell Vehicles Based on Random Forest Optimized with a Genetic Algorithm.

To enhance the safety and reliability of fuel cell vehicles, a remote monitoring system based on 5th generation (5G) mobile networks and controller area networks (CANs) was designed, and a random forest (RF) algorithm for the fault diagnosis for eight typical malfunctions of its powertrain system was incorporated. Firstly, the information on the powertrain system was obtained through a 5G-based monitoring terminal, and the Alibaba Cloud IoT platform was utilized for data storage and remote monitoring. Secondly, a fault diagnosis model based on the RF algorithm was constructed for fault classification; its parameters were optimized with a genetic algorithm (GA), and it was applied on the Alibaba Cloud PAI platform. Finally, the performance of the proposed RF fault diagnosis model was evaluated by comparing it with three other classification models: random search conditioning, grid search conditioning, and Bayesian optimization. Results show that the model accuracy, F1 score, and kappa value of the optimized RF fault classification model are higher than the other three. The model achieves an F1 value of 97.77% in identifying multiple typical faults of the powertrain system, as validated by vehicle malfunction data. The method demonstrates the feasibility of remote monitoring and fault diagnosis for the powertrain system of fuel cell vehicles.

Intrusion detection system for controller area network

The rapid expansion of intra-vehicle networks has increased the number of threats to such networks. Most modern vehicles implement various physical and data-link layer technologies. Vehicles are becoming increasingly autonomous and connected. Controller area network (CAN) is a serial bus system that is used to connect sensors and controllers (electronic control units—ECUs) within a vehicle. ECUs vary widely in processing power, storage, memory, and connectivity. The goal of this research is to design, implement, and test an efficient and effective intrusion detection system for intra-vehicle CANs. Classic cryptographic approaches are resource-intensive and increase processing delay, thereby not meeting CAN latency requirements. There is a need for a system that is capable of detecting intrusions in almost real-time with minimal resources. Our research proposes a long short-term memory (LSTM) network to detect anomalies and a decision engine to detect intrusions by using multiple contextual parameters. We have tested our anomaly detection algorithm and our decision engine using data from real automobiles. We present the results of our experiments and analyze our findings. After detailed evaluation of our system, we believe that we have designed a vehicle security solution that meets all the outlined requirements and goals.