5 research outputs found
Using A One-Class Compound Classifier To Detect In-Vehicle Network Attacks
The Controller Area Network (CAN) in vehicles provides serial communication between electronic control units that manage en- gine, transmission, steering and braking. Researchers have recently demonstrated the vulnerability of the network to cyber-attacks which can manipulate the operation of the vehicle and compromise its safety. Some proposals for CAN intrusion detection systems, that identify attacks by detecting packet anomalies, have drawn on one-class classi cation, whereby the system builds a decision surface based on a large number of normal instances. The one-class approach is discussed in this paper, together with initial results and observations from implementing a classi er new to this eld. The Compound Classier has been used in image processing and medical analysis, and holds advantages that could be relevant to CAN intrusion detection.<br/
Intrusion detection on the in-vehicle network using machine learning
Controller Area Network (CAN) is a protocol for
the in-vehicle network that connects microcontrollers called
Electronic Control Units (ECUs) and other components in a
vehicle so that they may communicate among themselves and
control the operations of the vehicle. The CAN protocol was
initially not designed with security in mind, but as modern
vehicles are increasingly becoming connected to the outside
world through wired and wireless interfaces, the CAN bus has
become susceptible to intrusions and attacks such as message
injection, replay attacks, denial of service (DoS) attacks, and
eavesdropping. This paper presents an intrusion detection
method based on the Isolation Forest (iForest) algorithm that
detects message insertion attacks using message timing
information. The resulting intrusion detection system benefits
from the linear time complexity and low memory requirement
of the iForest algorithm, as well as the ability to train the
classifier with only a small sample of normal CAN traffic. The
usage of only timing information for intrusion detection makes
it a vehicle-agnostic method that does not rely on the message
content, which is often proprietary and confidential
information. The intrusion detection system was trained with
normal CAN traffic trace and tested with two spoof attack CAN
datasets. The high values obtained for the Area Under Curve
(AUC) measure in the two cases, 0.966 and 0.974, indicated the
effectiveness of this approach for intrusion detectio
Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.
The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat to information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles, including military vehicles, passenger cars and commercial vehicles, and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency
Cyberattacks and Countermeasures For In-Vehicle Networks
As connectivity between and within vehicles increases, so does concern about
safety and security. Various automotive serial protocols are used inside
vehicles such as Controller Area Network (CAN), Local Interconnect Network
(LIN) and FlexRay. CAN bus is the most used in-vehicle network protocol to
support exchange of vehicle parameters between Electronic Control Units (ECUs).
This protocol lacks security mechanisms by design and is therefore vulnerable
to various attacks. Furthermore, connectivity of vehicles has made the CAN bus
not only vulnerable from within the vehicle but also from outside. With the
rise of connected cars, more entry points and interfaces have been introduced
on board vehicles, thereby also leading to a wider potential attack surface.
Existing security mechanisms focus on the use of encryption, authentication and
vehicle Intrusion Detection Systems (IDS), which operate under various
constrains such as low bandwidth, small frame size (e.g. in the CAN protocol),
limited availability of computational resources and real-time sensitivity. We
survey In-Vehicle Network (IVN) attacks which have been grouped under: direct
interfaces-initiated attacks, telematics and infotainment-initiated attacks,
and sensor-initiated attacks. We survey and classify current cryptographic and
IDS approaches and compare these approaches based on criteria such as real time
constrains, types of hardware used, changes in CAN bus behaviour, types of
attack mitigation and software/ hardware used to validate these approaches. We
conclude with potential mitigation strategies and research challenges for the
future