Towards a CAN IDS Based on a Neural Network Data Field Predictor

Pawelec, Krzysztof; Bridges, Robert A.; Combs, Frank L.

doi:10.1145/3309171.3309180

Cited by 20 publications

(13 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2019, Pawelec et al [26] proposed a 3-layer LSTM neural network to predict the data payload for each CAN ID, which avoided reverse engineering proprietary encoding. Similarly, Qin et al [12] also implemented anomaly detection for CAN bus based on timing features by LSTM and re-considered two data formats of CAN frames.…”

Section: Intrusion Detection Model Based On Deep Learningmentioning

confidence: 99%

STC-IDS: Spatial-Temporal Correlation Feature Analyzing based Intrusion Detection System for Intelligent Connected Vehicles

Han,

Cheng,

Zhang

2022

Preprint

View full text Add to dashboard Cite

Intrusion detection is an important defensive measure for the security of automotive communications. Accurate frame detection models assist vehicles to avoid malicious attacks. Uncertainty and diversity regarding attack methods make this task challenging. However, the existing works have the limitation of only considering local features or the weak feature mapping of multi-features. To address these limitations, we present a novel model for automotive intrusion detection by spatial-temporal correlation features of in-vehicle communication traffic (STC-IDS). Specifically, the proposed model exploits an encodingdetection architecture. In the encoder part, spatial and temporal relations are encoded simultaneously. To strengthen the relationship between features, the attention-based convolution network still captures spatial and channel features to increase the receptive field, while attention-LSTM build important relationships from previous time series or crucial bytes. The encoded information is then passed to detector for generating forceful spatial-temporal attention features and enabling anomaly classification. In particular, single-frame and multi-frame models are constructed to present different advantages respectively. Under automatic hyperparameter selection based on Bayesian optimization, the model is trained to attain the best performance. Extensive empirical studies based on a real-world vehicle attack dataset demonstrate that STC-IDS has outperformed baseline methods and cables fewer false-positive rates while maintaining efficiency.

show abstract

Section: Intrusion Detection Model Based On Deep Learningmentioning

confidence: 99%

STC-IDS: Spatial-Temporal Correlation Feature Analyzing based Intrusion Detection System for Intelligent Connected Vehicles

Han,

Cheng,

Zhang

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Jichici et al 46 evaluate the possibilities for integrating the NN‐based IDS on automotive‐grade embedded platforms, and the experiment results show that this task is quite challenging due to large requirement of memory size and computational power. Pawelec et al 47 test the effectiveness of employing DNN to predict CAN message at the bit level, which would offer the IDS capability but avoiding reverse engineering proprietary encodings of CAN messages. Kuwahara et al 48 study the applicability of statistical anomaly detection methods to identify malicious CAN messages, where a pipeline technology is proposed to extract the timestamp and ID information in each messages quickly, and the efficiency of the proposed method is evaluated in real message datasets and in supervised and unsupervised cases.…”

Section: The State‐of‐the‐art Work About Security Protection Of In‐vehicle Networkmentioning

confidence: 99%

Cybersecurity protection on in‐vehicle networks for distributed automotive cyber‐physical systems: State‐of‐the‐art and future challenges

Xie

Zhou

et al. 2021

Softw Pract Exp

View full text Add to dashboard Cite

The ever‐evolving trip mode of human being leads the automobiles moving toward connected, autonomous, sharing, and electrified vehicles rapidly. But the connection introduces new cybersecurity problems on in‐vehicle networks, which poses great challenges for safety guarantee of distributed automotive cyber‐physical systems. This article first analyzes the cybersecurity vulnerabilities and defines the security requirements for in‐vehicle networks, and then introduces the architecture evolution of in‐vehicle network. Based on the definition on architecture of in‐vehicle networks, this article defines a security protection framework for it. And then, it surveys the state‐of‐the‐art works for availability protection, integrity protection, and confidentiality protection of in‐vehicle networks, respectively, and detailed analysis and comparisons are given about the proposed cybersecurity protection mechanisms. Finally, it summarizes the future challenges for cybersecurity protection of in‐vehicle networks, and proposes possible solutions for these challenges.

show abstract

“…In parallel, CAN defensive security research is growing quickly; we found 15 surveys of the area since 2017, e.g., [23,24], with over 60 works on CAN intrusion detection between 2016-19. Yet these works are impeded by obfuscated CAN data, forced to either use side-channel methods that ignore message contents [25][26][27], use black-box methods ignorant of message meanings [28][29][30], or either arduously reverse engineer a few signals for a specific vehicle [31] or rely on an OEM for signal definitions [32], which keeps CAN security in the OEM's hands and develops per-make (not vehicle-agnostic) capabilities. A vehicle-agnostic CAN signal reverse engineering tool promises to remove these limitations and provide rich, online, time-series data for advancements in detection and other security technologies.…”

Section: Impactmentioning

confidence: 99%

CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data

Verma¹,

Bridges²,

Sosnowski³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Controller area networks (CANs) are a broadcast protocol for real-time communication of critical vehicle subsystems. Original equipment manufacturers (OEMs) of passenger vehicles hold secret their mappings of CAN data to vehicle signals, and these definitions vary per make, model, and year. Without these mappings, the wealth of real-time vehicle information hidden in the CAN packets is uninterpretable-severely impeding vehicle-related research including CAN cybersecurity and privacy studies, after-market tuning, efficiency and performance monitoring, and fault diagnosis to name a few.Guided by the four-part CAN signal definition, we present CAN-D (CAN Decoder), a modular, four-step pipeline for identifying each signal's boundaries (start bit and length), endianness (byte ordering), signedness (bit-to-integer encoding), and by leveraging diagnostic standards, augmenting a subset of the extracted signals with meaningful, physical interpretation. En route to CAN-D, we provide a comprehensive review of the CAN signal reverse engineering research. All previous methods ignore endianness and signedness, rendering them simply incapable of decoding many standard CAN signal definitions. Incorporating endianness grows the search space from 128 to 4.72E21 signal tokenizations, and introduces a web of changing dependencies. In response, we formulate, formally analyze, and provide an efficient solution to an optimization problem, allowing identification of the optimal set of signal boundaries and byte orderings. In addition, we provide two novel, state-of-the-art signal boundary classifiers (both superior to previous approaches in precision and recall in three different test scenarios) and the first signedness classification algorithm, which exhibits > 97% F-score. Overall, CAN-D is the only solution with the potential to extract any CAN signal and is the state of the art. In evaluation on ten vehicles of different makes, CAN-D's average 1 error is 5 times better (81% less) than all preceding methods, and exhibits lower average error even when considering only signals that meet prior methods' assumptions. Finally, CAN-D is implemented in lightweight hardware allowing OBD-II plugin for real-time invehicle CAN decoding.

show abstract

Towards a CAN IDS Based on a Neural Network Data Field Predictor

Cited by 20 publications

References 18 publications

STC-IDS: Spatial-Temporal Correlation Feature Analyzing based Intrusion Detection System for Intelligent Connected Vehicles

STC-IDS: Spatial-Temporal Correlation Feature Analyzing based Intrusion Detection System for Intelligent Connected Vehicles

Cybersecurity protection on in‐vehicle networks for distributed automotive cyber‐physical systems: State‐of‐the‐art and future challenges

CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data

Contact Info

Product

Resources

About