Mirco Marchetti scite author profile

This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. The proposed algorithm identifies anomalies in the sequence of messages that flow in the CAN bus and is characterized by small memory and computational footprints, that make it applicable to current ECUs. Its detection performance are demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle

show abstract

READ: Reverse Engineering of Automotive Data Frames

Marchetti

Stabili

2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Security analytics and forensics applied to in-vehicle networks are growing research areas that gained relevance after recent reports of cyber-attacks against unmodified licensed vehicles. However, the application of security analytics algorithms and tools to the automotive domain is hindered by the lack of public specifications about proprietary data exchanged over in-vehicle networks. Since the controller area network (CAN) bus is the de-facto standard for the interconnection of automotive electronic control units, the lack of public specifications for CAN messages is a key issue. This paper strives to solve this problem by proposing READ: a novel algorithm for the automatic Reverse Engineering of Automotive Data frames. READ has been designed to analyze traffic traces containing unknown CAN bus messages in order to automatically identify and label different types of signals encoded in the payload of their data frames. Experimental results based on CAN traffic gathered from a licensed unmodified vehicle and validated against its complete formal specifications demonstrate that the proposed algorithm can extract and classify more than twice the signals with respect to the previous related work. Moreover, the execution time of signal extraction and classification is reduced by two orders of magnitude. Applications of READ to CAN messages generated by real vehicles demonstrate its usefulness in the analysis of CAN traffic.

show abstract

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

et al. 2016

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems

show abstract

Deep Reinforcement Adversarial Learning Against Botnet Evasion Attacks

Apruzzese

Andreolini

Marchetti

et al. 2020

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms

et al. 2016

View full text Add to dashboard Cite

This paper evaluates the effectiveness of information-theoretic anomaly detection algorithms applied to networks included in modern vehicles. In particular, we focus on providing an experimental evaluation of anomaly detectors based on entropy. Attacks to in-vehicle networks were simulated by injecting different classes of forged CAN messages in traces captured from a modern licensed vehicle. Experimental results show that if entropy-based anomaly detection is applied to all CAN messages it is only possible to detect attacks that comprise a high volume of forged CAN messages. On the other hand, attacks characterized by the injection of few forged CAN messages attacks can be detected only by applying several independent instances of the entropy based anomaly detector, one for each class of CAN messages

show abstract

Addressing Adversarial Attacks Against Security Systems Based on Machine Learning

Apruzzese

Colajanni

Ferretti

et al. 2019

View full text Add to dashboard Cite

Endoscopic transnasal management of cerebrospinal fluid leaks of the sphenoid sinus

Muscatello

Lenzi

Dallan

et al. 2010

Journal of Cranio-Maxillofacial Surgery

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mirco Marchetti

On the effectiveness of machine and deep learning for cyber security

Anomaly detection of CAN bus messages through analysis of ID sequences

READ: Reverse Engineering of Automotive Data Frames

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Deep Reinforcement Adversarial Learning Against Botnet Evasion Attacks

Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms

Addressing Adversarial Attacks Against Security Systems Based on Machine Learning

Endoscopic transnasal management of cerebrospinal fluid leaks of the sphenoid sinus

Contact Info

Product

Resources

About