SAIDuCANT: Specification-Based Automotive Intrusion Detection Using Controller Area Network (CAN) Timing

Olufowobi, Habeeb; Young, Choi Eun; Zambreno, Joseph; Bloom, Gedare

doi:10.1109/tvt.2019.2961344

Cited by 105 publications

(71 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the second experiment, the WINDS is tested on the realworld vehicle attacks and compared with baseline frequencybased IDS and other existing methods; GIDS [11], DCNN [14], and SAIDuCANT [32], which are based on generative adversarial nets, deep convolutional neural network, and a specification of CAN timing, respectively. The results for the real-vehicle attacks are summarized in Table VII.…”

Section: ) Real Vehicle Attacksmentioning

confidence: 99%

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

2021

View full text Add to dashboard Cite

Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network's transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.

show abstract

Section: ) Real Vehicle Attacksmentioning

confidence: 99%

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

2021

View full text Add to dashboard Cite

show abstract

“…The controller area network (CAN) protocol specification has been utilised by Olufowobi et al in [28] as specification source. Larson et al in [29] employ the CAN protocol version 2 and the CANOpen application layer draft standard 3.01 as specification source to extract the expected behaviour of electronic control unit of an in-vehicle network.…”

Section: A Specification Sourcementioning

confidence: 99%

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

Cyber-physical systems (CPS) integrate computation and communication capabilities to monitor and control physical systems. Even though this integration improves the performance of the overall system and facilitates the application of CPS in several domains, it also introduces security challenges. Over the years, intrusion detection systems (IDS) have been deployed as one of the security controls for addressing these security challenges. Traditionally, there are three main approaches to IDS, namely: anomaly detection, misuse detection and specificationbased detection. However, due to the unique attributes of CPS, the traditional IDS need to be modified or completely replaced before it can be deployed for CPS. In this paper, we present a survey of specification-based intrusion detection techniques for CPS. We classify the existing specification-based intrusion detection techniques in the literature according to the following attributes: specification source, specification extraction, specification modelling, detection mechanism, detector placement and validation strategy. We also discuss the details of each attribute and describe our observations, concerns and future research directions. We argue that reducing the efforts and time needed to extract the system specification of specification-based intrusion detection techniques for CPS and verifying the correctness of the extracted system specification are open issues that must be addressed in the future.

show abstract

“…The dataset presented a quite complex structure to analyse since it contained a high number of different attack types, more than 2000, with just one occurrence, sent totally at random. Olufowobi et al [38] implemented an IDS based on a supervised learning approach and tested the model using the described dataset but only including the messages sent at regular or with a minimum interval time. We included in the analysis all kinds of messages and despite the complex structure of the CAN bus dataset, the proposed methods showed a high performance in identifying even the attack messages sent totally at random at arbitrary times on the CAN bus.…”

Section: Related Workmentioning

confidence: 99%

“…Olufowobi et al suggested a specification-based IDS using a response time analysis of the CAN bus. They restricted the analysis only checking periodic and sporadic messages [38]. Seo et al proposed an anomaly-based IDS using a deep-learning model, in particular, generative adversarial nets (GAN) [27].…”

Section: Dataset Detection Rate (%) Precision (%) Fpr (False Positivementioning

confidence: 99%

A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

et al. 2020

View full text Add to dashboard Cite

The diffusion of connected devices in modern vehicles involves a lack in security of the in-vehicle communication networks such as the controller area network (CAN) bus. The CAN bus protocol does not provide security systems to counter cyber and physical attacks. Thus, an intrusion-detection system to identify attacks and anomalies on the CAN bus is desirable. In the present work, we propose a distance-based intrusion-detection network aimed at identifying attack messages injected on a CAN bus using a Kohonen self-organizing map (SOM) network. It is a power classifier that can be trained both as supervised and unsupervised learning. SOM found broad application in security issues, but was never performed on in-vehicle communication networks. We performed two approaches, first using a supervised X–Y fused Kohonen network (XYF) and then combining the XYF network with a K-means clustering algorithm (XYF–K) in order to improve the efficiency of the network. The models were tested on an open source dataset concerning data messages sent on a CAN bus 2.0B and containing large traffic volume with a low number of features and more than 2000 different attack types, sent totally at random. Despite the complex structure of the CAN bus dataset, the proposed architectures showed a high performance in the accuracy of the detection of attack messages.

show abstract

SAIDuCANT: Specification-Based Automotive Intrusion Detection Using Controller Area Network (CAN) Timing

Cited by 105 publications

References 38 publications

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

Contact Info

Product

Resources

About