Michael R. Moore
Robert A. Bridges
ABSTRACT
Modern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become common, and vehicle-to-vehicle / vehicle-to-infrastructure technology is in the near future, the attack surface for vehicles grows, exposing control networks to potentially life-critical attacks. This paper addresses the need for securing the controller area network (CAN) bus by detecting anomalous traffic patterns via unusual refresh rates of certain commands. While previous works have identified signal frequency as an important feature for CAN bus intrusion detection, this paper provides the first such algorithm with experiments using three attacks in five (total) scenarios. Our data-driven anomaly detection algorithm requires only five seconds of training time (on normal data) and achieves true positive / false discovery rates of 0.9998/0.00298, respectively (micro-averaged across the five experimental tests).
- Ian Broster and Alan Burns. 2003. An analysable bus-guardian for event-triggered communication. In Real-Time Systems Symposium, 2003. RTSS 2003. 24th IEEE. IEEE, 410--419. Google Scholar
Digital Library
- Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno, and others. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces.. In USENIX Security Symposium. San Francisco. Google ScholarDigital Library
- Tobias Hoppe, Stefan Kiltz, and Jana Dittmann. 2008. Security Threats to Automotive CAN Networks - Practical Examples and Selected Short-Term Countermeasures. Springer Berlin Heidelberg, Berlin, Heidelberg, 235--248. Google ScholarDigital Library
- Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and others. 2010. Experimental security analysis of a modern automobile. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 447--462. Google ScholarDigital Library
- Tsutomu Matsumoto, Masato Hata, Masato Tanabe, Katsunari Yoshioka, and Kazuomi Oishi. 2012. A method of preventing unauthorized data transmission in controller area network. In Vehicular Technology Conference (VTC Spring), 2012 IEEE 75th. IEEE, 1--5.Google ScholarCross Ref
- Michael Müter and Naim Asaj. 2011. Entropy-based anomaly detection for in-vehicle networks. In Intelligent Vehicles Symposium (IV), 2011 IEEE. IEEE, 1110--1115.Google ScholarCross Ref
- Michael Müter, André Groll, and Felix C Freiling. 2010. A structured approach to anomaly detection for in-vehicle networks. In Information Assurance and Security (IAS), 2010 Sixth International Conference on. IEEE, 92--98.Google ScholarCross Ref
- Hendrik Schweppe and Yves Roudier. 2012. Security and privacy for in-vehicle networks. In Vehicular Communications, Sensing, and Computing (VCSC), 2012 IEEE 1st International Workshop on. IEEE, 12--17.Google Scholar
- Ivan Studnia, Vincent Nicomette, Eric Alata, Yves Deswarte, Mohamed Kaãniche, and Youssef Laarouchi. 2013. Survey on security threats and protection mechanisms in embedded automotive networks. In Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on. IEEE, 1--12.Google ScholarCross Ref
- Marko Wolf, André Weimerskirch, and Thomas Wollinger. 2007. State of the art: Embedding security in vehicles. EURASIP Journal on Embedded Systems 2007, 1 (2007), 074706.Google ScholarCross Ref
Index Terms
- Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection
Recommendations
Anomaly Detection System of Controller Area Network (CAN) Bus Based on Time Series Prediction
Smart Computing and CommunicationAbstractWith the development of intelligent networked vehicles, the research on the safety of in-vehicle networks has gradually become a hot spot. CAN (controller area network) is the most widely used in-vehicle network bus, and its safety problem has ...
Cyber security attacks to modern vehicular systems
Security is a fundamental concern in modern vehicular systems. The advancement in modern vehicular systems provides many benefits such as reducing traffic congestion and improving safety and fuel economy via vehicular networks. However, many vehicular ...
Towards a CAN IDS Based on a Neural Network Data Field Predictor
AutoSec '19: Proceedings of the ACM Workshop on Automotive CybersecurityModern vehicles contain a few controller area networks (CANs), which allow scores of on-board electronic control units (ECUs) to communicate messages critical to vehicle functions and driver safety. CAN provides a lightweight and reliable broadcast ...
Comments