Controller Area Network bus systems within vehicular networks are not
equipped with the tools necessary to ward off and protect themselves from
modern cyber-security threats. Work has been done on using machine learning
methods to detect and report these attacks, but common methods are not robust
towards unknown attacks. These methods usually rely on there being a sufficient
representation of attack data, which may not be available due to there either
not being enough data present to adequately represent its distribution or the
distribution itself is too diverse in nature for there to be a sufficient
representation of it. With the use of one-class classification methods, this
issue can be mitigated as only normal data is required to train a model for the
detection of anomalous instances. Research has been done on the efficacy of
these methods, most notably One-Class Support Vector Machine and Support Vector
Data Description, but many new extensions of these works have been proposed and
have yet to be tested for injection attacks in vehicular networks. In this
paper, we investigate the performance of various state-of-the-art one-class
classification methods for detecting injection attacks on Controller Area
Network bus traffic. We investigate the effectiveness of these techniques on
attacks launched on Controller Area Network buses from two different vehicles
during normal operation and while being attacked. We observe that the Subspace
Support Vector Data Description method outperformed all other tested methods
with a Gmean of about 85%.Comment: 7 pages, 2 figures, 4 tables. Accepted at IEEE Symposium Series on
Computational Intelligence 202