Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows

Tomlinson, Andrew; Bryans, Jeremy; Shaikh, Siraj Ahmed; Kalutarage, Harsha

doi:10.1109/dsn-w.2018.00069

Cited by 49 publications

(37 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Machine learning algorithms like One-Class Support Vector Machine (OCSVM) [30], Gaussian mixture model [31] also proposed to detect anomalies via frame timing analysis; however, they require a comprehensive training data set for each vehicle model. ARIMA and Z-score were proposed [35] to minimize the training phase and vehicle dependency, but a successful result requires a long window size, which will increase the detection time. Lee et al [33] analyzed the response time of the ECUs by sending them remote frames.…”

Section: Intrusion Detection and Related Workmentioning

confidence: 99%

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

2021

View full text Add to dashboard Cite

Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network's transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.

show abstract

Section: Intrusion Detection and Related Workmentioning

confidence: 99%

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

2021

View full text Add to dashboard Cite

show abstract

“…The possible attacks, vulnerabilities and exploitatios for autonomous vehicles was briefly outlined by [599]. [616] has made an analysis of this CAN data broadcasts and have tested multiple statistical methods to detect the anomalies in the CAN traffic in time windows which will yield a valuable collection of data. The built-in DNNs of a typical modern-day autonomous vehicle system often may demonstrate potentially fatal incorrect errors.…”

Section: J Deep Learning and Cyber Security In Autonomous Vehicle Tementioning

confidence: 99%

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

Ravi¹,

Alazab²,

Sriram³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…The authors of [25]- [27] presented an analysis of CAN broadcasts and subsequent testing of statistical methods to detect timing changes in the CAN traffic that were indicative of some of the predicted attacks.…”

Section: Related Workmentioning

confidence: 99%

An Intelligent Secured Framework for Cyberattack Detection in Electric Vehicles’ CAN Bus Using Machine Learning

et al. 2019

View full text Add to dashboard Cite

Electric Vehicles' Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle network communication. Simplicity, robustness, and suitability for real-time systems are the salient features of CAN bus. Unfortunately, the CAN bus protocol is vulnerable to various cyberattacks due to the lack of a message authentication mechanism in the protocol itself, paving the way for attackers to penetrate the network. This paper proposes a new effective anomaly detection model based on a modified one-class support vector machine in the CAN traffic. The proposed model makes use of an improved algorithm, known as the modified bat algorithm, to find the most accurate structure in the offline training. To evaluate the effectiveness of the proposed method, CAN traffic is logged from an unmodified licensed electric vehicle in normal operation to generate a dataset for each message ID and a corresponding occurrence frequency without any attacks. In addition, to measure the performance and superiority of the proposed method compared to the other two famous CAN bus anomaly detection algorithms such as Isolation Forest and classical one-class support vector machine, we provided Receiver Operating Characteristic (ROC) for each method to quantify the correctly classified windows in the test sets containing attacks. Experimental results indicate that the proposed method achieved the highest rate of True Positive Rate (TPR) and lowest False Positive Rate (FPR) for anomaly detection compared to the other two algorithms. Moreover, in order to show that the proposed method can be applied to other datasets, we used two recent popular public datasets in the scope of CAN bus traffic anomaly detection. Benchmarking with more CAN bus traffic datasets proves the independency of the proposed method from the meaning of each message ID and data field that make the model adaptable with different CAN datasets.INDEX TERMS Electric vehicles, controller area network (CAN Bus), anomaly detection, one-class support vector machine, optimization algorithm.

show abstract

Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows

Cited by 49 publications

References 14 publications

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

An Intelligent Secured Framework for Cyberattack Detection in Electric Vehicles’ CAN Bus Using Machine Learning

Contact Info

Product

Resources

About