Controller Area Network Protocol Research Articles

ML-based Anomaly Detection for CAN Bus Network in Agriculture Machinery

The adoption of advanced automation and next-generation technologies like the Internet of Things (IoT) and modern communication networks has revolutionized the food and agriculture sector, boosting the efficiency and precision of farm machinery. However, this increased inter-connectivity has also exposed significant vulnerabilities, particularly in Controller Area Network (CAN) protocols, widely used in advanced agricultural machinery and equipment. Due to its lack of inherent security features, CAN is susceptible to various cyber-attacks, potentially leading to severe consequences if these attacks remain undetected and unmitigated. This paper introduces a supervised machine learning (ML)-based anomaly detection system (CAN-ADS) designed to detect various cyber-attacks on CAN-based agricultural machinery. The system leverages network traffic augmentation and data balancing techniques to train ML algorithms on CAN-specific datasets. Experimental results show that CAN-ADS achieves high accuracy (approx 98%) and true-positive rates with low false-negative rates (approx 1%).

Controller Area Network (CAN) Bus Transceiver with Authentication Support and Enhanced Rail Converters

This paper presents an advanced Controller Area Network (CAN) bus transceiver designed to enhance security using frame-level authentication with the concept of a nonphysical virtual auxiliary data channel. We describe the newly conceived transceiver security features and provide results concerning the design, implementation, fabrication and test of the transceiver to validate its functionality and robust operation in the presence of systemic error sources including Process, Voltage, and Temperature (PVT) variations. The virtual auxiliary channel integrates CAN frame authentication signatures into the primary data payload via phase modulation while also providing compatibility with existing CAN protocols, interoperability with non-enhanced systems and requiring no network or software modifications. Enhanced rail converters are designed to facilitate single-rail to dual-rail data conversion and vice versa, preserving phase information and minimizing phase errors across various nonideal effects such as frequency drift, Process, Voltage, and Temperature (PVT) variations, and cable phase mismatch. This ensures reliable data transmission and robust authentication in the presence of adversarial cyberattacks such as packet injection. The receiver recovers both the CAN frame data and the security signature, comparing the latter with an authorized signature to provide a real-time “GO/NO_GO” signal for verifying packet authenticity and without exceeding the CAN clock jitter specifications.

Semi-Supervised Intrusion Detection System for In-Vehicle Networks Based on Variational Autoencoder and Adversarial Reinforcement Learning

Despite the affordability, simplicity, and efficiency of controller area network (CAN) protocols, the security vulnerability remains a major challenge. Currently, a machine learning-based intrusion detection system (IDS) is considered an effective approach for improving security in CAN by identifying malicious attacks. However, earlier studies that relied on supervised learning methods required considerable amounts of labeled data. Data collection from vehicles is time-consuming and expensive. Furthermore, the obtained data exhibited a class imbalance, which presents further challenges in the analysis and model training. Thus, we propose a semi-supervised learning-based IDS that combines variational autoencoder (VAE) and adversarial reinforcement learning for the multi-class classification of both known and unknown attacks. The proposed system capitalizes on the diverse patterns inherent in unlabeled data, transforming this data space into one that is more conducive to classification. Concurrently, adversarial agents in the reinforcement learning algorithm interact competitively, progressively enhancing their ability to intelligently classify and select samples. To reduce the reliance on labeled data and effectively exploit them, we utilize a pseudo-labeling process for pre-training. Experimental results indicate that the proposed model achieves more effective classification while requiring less labeled data compared to other baseline models for known attacks. By inheriting the advantages of VAE, promising results demonstrate that the proposed system detects unknown attacks containing similar or completely different characteristics with high F1 scores exceeding 0.9 and 0.84, respectively. Finally, the proposed system was demonstrated to be a lightweight model for the expeditious detection of malevolent messages introduced into in-vehicle networks to ensure minimal latency.

Advancing Vehicle Security: Deep Learning based Solution for Defending CAN Networks in the Internet of Vehicles

The Internet of Vehicle (IoV) is revolutionizing the automobile sector by allowing vehicles to interact with one another and with roadside infrastructure. The Controller Area Network (CAN) is a vital component of such smart vehicles, allowing communication between various Electronic Control Units (ECUs). However, the CAN protocol's intrinsic lack of security renders it open to a variety of cyber-attacks, posing substantial hazards to both safety and privacy.This research investigates the use of deep learning with multi-layer perceptron to improve the security of CAN networks inside the IoV framework. We discuss current threats to CAN networks, including spoofing, replay, and denial-of-service attacks, and how deep learning may be used to identify and mitigate these threats efficiently. We propose a unique deep learning-based defense mechanism for real-time threat detection. The suggested method is highly effective in identifying and mitigating potential risks, as evidenced by extensive testing on real-world CAN datasets. Based on our findings, the proposed solution has the potential to considerably enhance the security of CAN networks in the Internet of Vehicles, making car communication systems more secure and reliable.

Implications of architecture and implementation choices on timing analysis of automotive CAN networks

The Controller Area Network (CAN) protocol is widely adopted in industry such as automotive. It has been analyzed in a number of studies in the real-time systems community to compute the worst case response time of messages, based on an ideal model on the behavior of the message queuing and CAN controller. Recently, more results are being added to study systems that are not constructed according to the ideal model.In this paper, we further investigate the architecture choices that may affect the timing analysis. Specifically, we provide an assessment on the practical relevance of several analysis results. We also present theory and empirical studies on the relative importance of architecture implementation issues that are quite common in real systems but further deviate from the ideal behavior. We also experimentally evaluate the response time while using TxObjects without preemption. We propose a heuristic for the design of multiple software queues when TxObjects are not preemptable. Finally, we derive an upper bound on the worst case response time when message output at the CAN driver is polling based.

Enhancing ECU identification security in CAN networks using distortion modeling and neural networks

A novel technique for electronic control unit (ECU) identification is proposed in this study to address security vulnerabilities of the controller area network (CAN) protocol. The reliable ECU identification has the potential to prevent spoofing attacks launched over the CAN due to the lack of message authentication. In this regard, we model the ECU-specific random distortion caused by the imperfections in the digital-to-analog converter and semiconductor impurities in the transmitting ECU for fingerprinting. Afterward, a 4-layered artificial neural network (ANN) is trained on the feature set to identify the transmitting ECU and the corresponding ECU pin. The ECU-pin identification is also a novel contribution of this study and can be used to prevent voltage-based attacks. We have evaluated our method using ANNs over a dataset generated from 7 ECUs with 6 pins, each having 185 records, and 40 records for each pin. The performance evaluation against state-of-the-art methods revealed that the proposed method achieved 99.4% accuracy for ECU identification and 96.7% accuracy for pin identification, which signifies the reliability of the proposed approach.

A lightweight distributed ELM-based security framework for the internet of vehicles

The fast growth of internet of vehicles (IoV) has created a new area of connectedness, with promising safety and efficiency in transportation. However, this advancement in vehicle technology has come with significant cybersecurity risks, specifically through control area network (CAN) protocol and other communication techniques within vehicles. This experimental study suggests a machine learning (ML) based security approach based on the extreme learning machine (ELM) algorithm to address these challenges. Unlike customary neural networks, ELM is known for its fast processing, minimal training time, and high accuracy, making it preferably suitable for dynamic IoV environments. The methodology involves data preprocessing, feature selection, and employing ELM for attack classification; the algorithm’s performance is evaluated using CARHacking, NSL-KDD, and EdgeIIoT datasets. We also examine the significance of distributed processing to enhance the computational efficiency of the model, obtaining 89% accuracy in 3 ms run-time for external networks, and 83% accuracy with 9 ms run-time for intra-vehical networks. This newly proposed security mechanism using ELM shows very accurate results in detecting intrusions with a high recall rate and reduced computation time through distributed processing.

An Intelligent Attack Detection Framework for the Internet of Autonomous Vehicles with Imbalanced Car Hacking Data

The modern Internet of Autonomous Vehicles (IoVs) has enabled the development of autonomous vehicles that can interact with each other and their surroundings, facilitating real-time data exchange and communication between vehicles, infrastructure, and the external environment. The lack of security procedures in vehicular networks and Controller Area Network (CAN) protocol leaves vehicles exposed to intrusions. One common attack type is the message injection attack, which inserts fake messages into original Electronic Control Units (ECUs) to trick them or create failures. Therefore, this paper tackles the pressing issue of cyber-attack detection in modern IoV systems, where the increasing connectivity of vehicles to the external world and each other creates a vast attack surface. The vulnerability of in-vehicle networks, particularly the CAN protocol, makes them susceptible to attacks such as message injection, which can have severe consequences. To address this, we propose an intelligent Intrusion detection system (IDS) to detect a wide range of threats utilizing machine learning techniques. However, a significant challenge lies in the inherent imbalance of car-hacking datasets, which can lead to misclassification of attack types. To overcome this, we employ various imbalanced pre-processing techniques, including NearMiss, Random over-sampling (ROS), and TomLinks, to pre-process and handle imbalanced data. Then, various Machine Learning (ML) techniques, including Logistic Regression (LR), Linear Discriminant Analysis (LDA), Naive Bayes (NB), and K-Nearest Neighbors (k-NN), are employed in detecting and predicting attack types on balanced data. We evaluate the performance and efficacy of these techniques using a comprehensive set of evaluation metrics, including accuracy, precision, F1_Score, and recall. This demonstrates how well the suggested IDS detects cyberattacks in external and intra-vehicle vehicular networks using unbalanced data on vehicle hacking. Using k-NN with various resampling techniques, the results show that the proposed system achieves 100% detection rates in testing on the Car-Hacking dataset in comparison with existing work, demonstrating the effectiveness of our approach in protecting modern vehicle systems from advanced threats.

CANSat-IDS: An adaptive distributed Intrusion Detection System for satellites, based on combined classification of CAN traffic

The increasing dependence on satellite technology for critical applications, such as telecommunications, Earth observation, and navigation, underscores the need for robust security measures to safeguard these assets from potential cyber threats. Moreover, as many satellite systems rely on the Controller Area Network (CAN) protocol for efficient data exchange among onboard subsystems, they become prime targets for cyberattacks. While contributions present various options for detecting attacks in the CAN bus, no one proposes an architecture suitable for satellite systems. To address this concern, this paper presents a novel approach to develop an adaptive distributed Intrusion Detection System (IDS) for satellites, which integrates machine and deep learning techniques for the classification of CAN frames. This system is specifically designed to overcome the inherent power and computational challenges of satellite operations by executing time-based anomaly detection on board, and content-based detection at the ground segment. To evaluate the effectiveness of the proposed solution, experiments are conducted using representative Datasets. The obtained results demonstrate that the distributed IDS presented in this research offers a promising solution to improve the security of satellite systems by achieving high detection rates ranging from 91.12% to 99.86% (F1-score).

Formal analysis of an AUTOSAR-based basic software module

The widespread use of advanced driver assistance systems in modern vehicles, together with their integration with the Internet and other road nodes, has made vehicle more vulnerable to cyber-attacks. To address these risks, the automotive industry is increasingly focusing on the development of security solutions: formal methods and software verification techniques, which have been successfully applied to a number of safety-critical systems, could be a promising approach in the automotive area. In this work, we concentrate on in-vehicle communications, provided by many Electronic Control Units (ECUs) that work together thanks to serial protocols such as Controller Area Network (CAN). However, increasing connectivity exposes the internal network to a variety of cyber-risks. Our aim is to formally verify the AUTOSAR-based Basic Software module called CINNAMON, designed to ensure confidentiality, integrity, and authentication at the same time for traffic exchanged over CAN protocol. More precisely, it adds confidentiality guarantees to the Secure Onboard Communication (SecOC) module. We formally analyze CINNAMON with the verification tool Tamarin. Our analysis shows that CINNAMON could be an effective security solution, as it can ensure the desired properties, in particular, confidentiality in a send-receive scenario between two ECUs. Finally, we describe a potential application scenario.

Reconfigurable CAN Intrusion Detection and Response System

The controller area network (CAN) remains the de facto standard for intra-vehicular communication. CAN enables reliable communication between various microcontrollers and vehicle devices without a central computer, which is essential for sustainable transportation systems. However, it poses some serious security threats due to the nature of communication. According to caranddriver.com, there were at least 150 automotive cybersecurity incidents in 2019, a 94% year-over-year increase since 2016, according to a report from Upstream Security. To safeguard vehicles from such attacks, securing CAN communication, which is the most relied-on in-vehicle network (IVN), should be configured with modifications. In this paper, we developed a configurable CAN communication protocol to secure CAN with a hardware prototype for rapidly prototyping attacks, intrusion detection systems, and response systems. We used a field programmable gate array (FPGA) to prototype CAN to improve reconfigurability. This project focuses on attack detection and response in the case of bus-off attacks. This paper introduces two main modules: the multiple generic errors module with the introduction of the error state machine (MGEESM) module and the bus-off attack detection (BOAD) module for a frame size of 111 bits (BOAD111), based on the CAN protocol presenting the introduction of form error, CRC error, and bit error. Our results show that, in the scenario with the transmit error counter (TEC) value 127 for switching between the error-passive state and bus-off state, the detection times for form error, CRC error, and bit error introduced in the MGEESM module are 3.610 ms, 3.550 ms, and 3.280 ms, respectively, with the introduction of error in consecutive frames. The detection time for BOAD111 module in the same scenario is 3.247 ms.

Multi-classification in-vehicle intrusion detection system using packet- and sequence-level characteristics from time-embedded transformer with autoencoder

In recent years, the increased application of controller area network (CAN) protocols has made it the de facto standard for communication between electronic control units (ECUs) in the automotive and transportation fields. This widely used protocol was designed as a reliable and straightforward broadcast-based protocol that connects ECUs without considering security concerns such as node authentication or traffic encryption. Despite its efficiency, this tradeoff makes the CAN bus vulnerable to attacks. Implementing intrusion detection systems (IDSs) based on machine learning (ML) can address these security challenges effectively. However, existing ML-based IDSs have limited classification capabilities, lack adaptability and time sensitivity, incomprehensive analysis, and produce high false-negative rates (FNR), while attack schemes are becoming increasingly complex, resulting in insufficient capability of intrusion detection in real-time and insufficient ability to offer reliable protection. Therefore, our study proposes a novel in-vehicle IDS for multiclass classification using both packet- and sequence-level characteristics extracted from an autoencoder and a variant transformer (Time-embedded Transformer) with an improved position encoding mechanism, which analyses CAN traffic in-depth from various perspectives to overcome the existing challenges above. Both standard (Car-Hacking) and advanced (ROAD) datasets are used to evaluate the capabilities of our proposed IDS. The evaluation results demonstrated 100 % detection accuracy and 0 % FNR for both the Car-Hacking and ROAD Masquerade datasets, which also peaked at the highest F1 score for the ROAD Fabrication dataset, emphasizing superior intrusion detection to minimize FNR of the proposed model with high adaptability through its multi-dimensional analysis at packet- and sequence-level.

CICIoV2024: Advancing realistic IDS approaches against DoS and spoofing attack in IoV CAN bus

Considering the complexity of network traffic in IoV operations, methods that can identify complex patterns become useful. Machine learning fosters several techniques to enhance the detection, prevention, and mitigation of cyberattacks. However, important features are not addressed in the current state-of-the-art security datasets for IoV. For example, in the case of intra-vehicle communications, it is critical to consider the interaction among multiple Electronic Control Units (ECUs). Also, mimicking a realistic IoV environment is not simple since establishing a test environment requires considerable financial investment. Hence, there is a need for a testbed composed of several real ECUs in an IoV environment comprising network traffic. Thereupon, the main goal of this research is to propose a realistic benchmark dataset to foster the development of new cybersecurity solutions for IoV operations. To accomplish this, five attacks were executed against the fully intact inner structure of a 2019 Ford car, complete with all ECUs. However, the vehicle was immobile and incapable of causing any potential harm or injuries. Hence, all attacks were carried out on the vehicle without endangering the car’s driver or passengers. These attacks are classified as spoofing and Denial-of-Service (Dos) and were carried out through the Controller Area Network (CAN) protocol. This effort establishes a baseline complementary to existing contributions and supports researchers in proposing new IoV solutions to strengthen overall security using different techniques (e.g., Machine Learning — ML). The CICIoV2024 dataset has been published on CIC’s dataset page.

Hybrid RNN-LSTM Networks for Enhanced Intrusion Detection in Vehicle CAN Systems

Electric vehicles (EVs) use electric motors for propulsion, relying on electric energy stored in batteries or other energy storage devices. The standard communication protocol used in EVs is the Control Area Network (CAN), a communication protocol widely used in the automotive industry for networking and communication between various components within a vehicle. CAN protocol, designed without any care about protection, as automotive systems become more connected, the vulnerability to cyber threats, including intrusion attacks. The most common intrusion attacks on EVs are Denial of Service (DoS), Fuzzy, and Impersonation Attacks. These become a significant challenge due to the imperative need for robust Intrusion Detection Systems (IDS) in CAN networks. This paper explores the application of advanced deep learning techniques, specifically Recurrent Neural Networks (RNN) and Long Short-Term Memory (LSTM) networks, to enhance the effectiveness of intrusion detection in the EV domain. We will use a hybrid Deep-learning model to improve the analysis. First, we will apply the RNN model, and the output will come as input for the second model, LSTM. Our proposed hybrid model achieved an accuracy of 93%. The outcomes of this research contribute to advancing cybersecurity measures in vehicular networks, ensuring the integrity and safety of connected vehicles. The applicability of RNN and LSTM techniques in the context of CAN networks demonstrates their potential to evolve as integral components of next-generation intrusion detection systems, fostering a secure and resilient automotive ecosystem.

ADVANCES IN NETWORK SECURITY FOR A RESILIENT DIGITAL CYBERSPACE INFRASTRUCTURE

In network security, safeguarding digital cyberspace infrastructure against malicious intrusions remains a paramount concern. This study addresses this imperative by proposing a novel approach that integrates digital watermarking, Huffman coding, and sophisticated attack classification techniques within the Controller Area Network (CAN) protocol framework. The proliferation of interconnected systems and the increasing sophistication of cyber threats necessitate novel strategies to fortify network defenses and ensure resilience in the face of adversarial activities. The research problem revolves around the need to develop an effective method for detecting and categorizing reconnaissance and violent attacks within cyberspace networks, particularly those utilizing the CAN protocol. Despite advancements in security protocols and intrusion detection systems, existing methodologies often fall short in accurately distinguishing between benign and malicious network activities, leaving critical infrastructure vulnerable to exploitation. This research uses digital watermarking to embed metadata within network packets, Huffman coding for efficient data compression, and advanced attack classification algorithms for real-time threat identification. The experimental results demonstrate the efficacy of the proposed approach in accurately differentiating between reconnaissance probes and violent attacks, thereby enabling timely and targeted responses to mitigate security threats.

DivaCAN: Detecting in-vehicle intrusion attacks on a controller area network using ensemble learning

The controller area network (CAN) protocol is a critical communication mechanism in vehicular systems. However, the widespread adoption of this protocol has introduced vulnerabilities to in-vehicle communication channels, making them susceptible to various security threats, including denial-of-service, fuzzy, and impersonation attacks. There is thus an urgent need to develop effective security measures to counter these threats. Unfortunately, existing approaches to attack detection suffer from shortcomings such as suboptimal accuracy and high false-positive rates. Herein, we propose a novel methodology to address these limitations, DivaCAN. DivaCAN leverages an ensemble of classifiers, including deep neural networks, the multi-layer perceptron, the light gradient-boosting machine, extra trees, random forest, and Bagging, along with k-nearest neighbors, for intrusion-attack recognition on the CAN bus. The DivaCAN model was thoroughly evaluated, and its exceptional performance, which surpasses that of the latest methodologies, was demonstrated. It was found to achieve a precision of 94.93%, a recall of 94.98%, and an F1 score of 94.97%. One notable aspect of this research is the emphasis on achieving a low false-positive rate, which is often overlooked by other methodologies. Additionally, the DivaCAN model was found to exhibit an acceptable execution time of 406 s, highlighting the importance of considering both accuracy and efficiency when evaluating the performance of classification models. This study thus significantly enhances the security of in-vehicle communication on the CAN protocol. DivaCAN is a robust and accurate intrusion-detection system that addresses the pressing need for effective security measures in vehicular systems.

ANALYZING THE CAN PROTOCOL: VULNERABILITIES, PROTECTIVE MEASURES AND IMPROVEMENTS

The Controller Area Network (CAN) bus, originally designed for internal communication among a limited number of Electronic Control Units (ECUs) within vehicles, faces significant security challenges due to the rapid expansion of ECUs in modern automobiles. This expansion necessitates accessibility for diagnostic purposes, yet the CAN protocol lacks fundamental security features such as encryption, authentication, and integrity checks, rendering it vulnerable to various attacks including message injection, Denial of Service (DoS), and masquerading ECUs. This paper surveys existing literature and investigates potential intrusions on the CAN bus, highlighting attacks ranging from GPS spoofing to remote sensor tampering. Various solutions are discussed, including network subdivision, encryption, authentication techniques, and intrusion detection systems (IDS). Recent research proposes IDS solutions utilizing machine learning algorithms such as Random Forest, Support Vector Machine, and Deep Neural Networks (DNN), demonstrating effectiveness in detecting known attacks. However, challenges persist in identifying unknown attacks and enhancing overall system performance. Innovative approaches, such as event-triggered detection and bloom filtering techniques, show promise in mitigating specific attack vectors but may introduce overhead or limitations in real-time response. Deep learning-based IDS systems exhibit high performance but struggle with the detection of novel attacks. Furthermore, while some solutions address specific vulnerabilities, others propose more comprehensive security measures, such as preventing remote manipulation of critical vehicle functions like steering and braking. Overall, the research emphasizes the critical need for robust security measures in automotive systems to safeguard against evolving threats to vehicle safety and integrity.

Bit scanner: Anomaly detection for in-vehicle CAN bus using binary sequence whitelisting

Due to the vulnerability of in-vehicle networks, particularly the Controller Area Network (CAN), malicious remote intrusion into vehicles has been a prominent public concern in recent years. The majority of existing technologies disregard the importance of the frame payload, making it difficult to detect tampered frames. In this paper, we propose Bit Scanner, a whitelist-based anomaly detection method that employs fine-grained checking for frame payload. Bit Scanner has no dependency on the CAN periodicity or CAN protocol. Its detection capabilities are evaluated using genuine CAN traffic collected from an autonomous bus. The results show that the proposed method has a malicious frames detection rate improvement of about 20% under replay attack scenarios, and a malicious packets detection rate improvement of at least 20% under tampering attack situations compared to the state-of-art methods.

An Anomaly Detection Method Based on Multiple LSTM-Autoencoder Models for In-Vehicle Network

The CAN (Controller Area Network) protocol is widely adopted for in-vehicle networks due to its cost efficiency and reliable transmission. However, despite its popularity, the protocol lacks built-in security mechanisms, making it vulnerable to attacks such as flooding, fuzzing, and DoS. These attacks can exploit vulnerabilities and disrupt the expected behavior of the in-vehicle network. One of the main reasons for these security concerns is that the protocol relies on broadcast frames for communication between ECUs (Electronic Control Units) within the network. To tackle this issue, we present an intrusion detection system that leverages multiple LSTM-Autoencoders. The proposed system utilizes diverse features, including transmission interval and payload value changes, to capture various characteristics of normal network behavior. The system effectively detects anomalies by analyzing different types of features separately using the LSTM-Autoencoder model. In our evaluation, we conducted experiments using real vehicle network traffic, and the results demonstrated the system’s high precision with a 99% detection rate in identifying anomalies.

Optimal Control Design and Online Controller-Area-Network Bus Data Analysis for a Light Commercial Hybrid Electric Vehicle

In this article, a hybrid powertrain for the Volkswagen (VW) Crafter is designed using the Model-In-The-Loop (MIL) method. An enhanced Proportional-Integral (PI) control technique based on integral cost functions is developed by carrying out a time-based simulation in MATLAB/Simulink software to realize the optimal fuel economy of the vehicle. Moreover, a comparative study is conducted between the vehicle’s hybrid and pure electric versions to assess the optimal battery energy consumption per unit distance traveled. Communication within our vehicles’ Electronic Control Units (ECUs) is facilitated by a message-based protocol called a Controller Area Network (CAN). Consequently, this paper presents an online CAN Bus data analysis using the Hardware-In-The-Loop (HIL) method. This method uses a standard frame, J1939 CAN protocol, implemented with Net CAN Plus 110 hardware. A graphical user interface is developed on a host Personal Computer (PC) using LabVIEW for decoding the acquired raw CAN data to physical values. The simulation results reveal that the proposed controller is promising and suitable for realizing optimal performance over the HIL method.