Anomaly detection of CAN bus messages through analysis of ID sequences

This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. The proposed algorithm identifies anomalies in the sequence of messages that flow in the CAN bus and is characterized by small memory and computational footprints, that make it applicable to current ECUs. Its detection performance are demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle

Auto Deep Learning-based Automated Surveillance Technique to Recognize the Activities in the Cyber-Physical System

In recent days, the Internet of Things (IoT) plays a significant role and increasing in rapid usage in various applications. As IoT is being developed for cyber-physical systems in the specific domain of e-health care, military, etc. Based on real-time applications, security plays a vital role in certain activities in educational institutions. In the institutions, there are multiple videos are collected and stored in the data repositories. Those datasets are developed specifically for certain activities and no other datasets are developed for academic activities. As there is a large number of videos and images are collected and considered, advanced technologies like, deep learning and IoT are used to perform certain tasks. In this paper, a Auto Deep learning-based Automated Identification Framework (DLAIF) is proposed to consider and reconsider the activities based on image pre-processing, model can be trained through the proposed GMM model and then predication to make an effective surveillance process based on HMM. This proposed process makes to recognize the activities through EM and log Likelihood for cyber-physical systems. In the performance analysis, the proposed model efficiency can be determined through Accuracy detection, False Positive rate and F1 Score requirement. Then calculating the accuracy is more effective for the proposed model compared to other existing models such as BWMP and LATTE

Intrusion detection on the in-vehicle network using machine learning

Controller Area Network (CAN) is a protocol for the in-vehicle network that connects microcontrollers called Electronic Control Units (ECUs) and other components in a vehicle so that they may communicate among themselves and control the operations of the vehicle. The CAN protocol was initially not designed with security in mind, but as modern vehicles are increasingly becoming connected to the outside world through wired and wireless interfaces, the CAN bus has become susceptible to intrusions and attacks such as message injection, replay attacks, denial of service (DoS) attacks, and eavesdropping. This paper presents an intrusion detection method based on the Isolation Forest (iForest) algorithm that detects message insertion attacks using message timing information. The resulting intrusion detection system benefits from the linear time complexity and low memory requirement of the iForest algorithm, as well as the ability to train the classifier with only a small sample of normal CAN traffic. The usage of only timing information for intrusion detection makes it a vehicle-agnostic method that does not rely on the message content, which is often proprietary and confidential information. The intrusion detection system was trained with normal CAN traffic trace and tested with two spoof attack CAN datasets. The high values obtained for the Area Under Curve (AUC) measure in the two cases, 0.966 and 0.974, indicated the effectiveness of this approach for intrusion detectio

Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.

The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat to information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles, including military vehicles, passenger cars and commercial vehicles, and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency