The modern automobile is a complex piece of technology that uses the Controller Area Network (CAN) bus system as a central system for managing the communication between the electronic control units (ECUs). Despite its central importance, the CAN bus system does not support authentication and authorization mechanisms, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways including Denial of Service (DoS), Fuzzing and Spoofing attacks. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We generate our own dataset by first extracting attack-free data from our experimental car and by injecting attacks into the latter and collecting the dataset. We use the dataset for testing and training our model. With our selected hyper-parameter values, our results demonstrate that our classifier is efficient in detecting the CAN bus network attacks, we achieved an overall detection accuracy of 99.995%. We also compare the proposed LSTM method with the Survival Analysis for automobile IDS dataset which is developed by the Hacking and Countermeasure Research Lab, Korea. Our proposed LSTM model achieves a higher detection rate than the Survival Analysis method. INDEX TERMS Modern Car Security, Controller Area Network, Deep Learning, LSTM, Intrusion Detection System FIGURE 1. CAN message format in 11bit mode with DLC=8. There are no security features implemented in this protocol.
Controller Area Network (CAN) is a de facto standard of in-vehicle networks. Since CAN employs broadcast communication and a slower network than other general networks (e.g. Ethernet, IEEE802.11), it is inherently vulnerable to Denial-of-Service (DoS) attacks. As a countermeasure against DoS attacks on CAN, a method for detecting a DoS attack using the entropy in a sliding window has been proposed. This method has a good advantage in terms of effectiveness and the small computational overhead. However, this method may only be effective against DoS attacks under naive conditions such as some higher priority messages. In addition, if an adversary can adjust the entropy of the DoS attack to its normal value, the conventional method cannot detect a DoS attack in which the adversary manipulates the entropy. We found this type of DoS attack, which is called an entropy-manipulated attack. In this paper, we propose a method that can detect an entropy-manipulated attack by using the similarity of two sliding windows. We confirmed that the proposed method detected the DoS attack in 100% of the cases in our experiment, and we showed that the detection time is up to 93% (14 µs) shorter than the conventional method.INDEX TERMS Automotive security, controller area network, DoS attack, intrusion detection system, simulated annealing.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.