Clock-Based Sender Identification and Attack Detection for Automotive CAN Network

Zhou, Jia; Xie, Guoqi; Yu, Siyang; Li, Renfa

doi:10.1109/access.2020.3046862

Cited by 19 publications

(10 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… c The method is described in [12], where N represents the number of data frames required for fingerprint extraction;…”

Section: Resultsmentioning

confidence: 99%

“…We have configured the three ECU message simulation modules to send messages with different intervals. Specifically, module #1 is set to transmit messages with ID 38A at intervals of 10 ms, module #2 is set to transmit messages with ID 0BA at intervals of 25 ms, and module #3 is set to transmit messages with ID 2B6 at intervals of 500 ms. Then The method is described in [11]; c The method is described in [12], where N represents the number of data frames required for fingerprint extraction; d The method is described in [6].…”

Section: Intrusion Detectionmentioning

confidence: 99%

“…The existing research on security protection for vehicular CAN bus mainly includes security defence schemes based on cryptographic primitives [7][8][9] and intrusion detection methods [6,[10][11][12][13][14]. The former schemes are limited by the bandwidth of CAN bus, strong real-time requirements, and node computing performance, and need to compromise on security by transmitting authentication tags through lightweight authentication frameworks or covert channels.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Intrusion detection and defence for CAN bus through frequency anomaly analysis and arbitration mechanism

Dong,

Song,

Shao

2024

Electronics Letters

View full text Add to dashboard Cite

As automobile intelligence continues to develop, the electronic control units connected to the Controller Area Network (CAN) bus within vehicles face an increasing number of threats from potential attacks originating from the internet. To address this issue, an intrusion detection and defence method is proposed that is capable of detecting illegal messages through the use of frequency anomaly detection, and subsequently disrupting them through utilization of the CAN bus arbitration mechanism. This proposed method offers a simple implementation compared to traditional approaches, while being able to identify suspicious units and neutralize threats in real‐time. Experimental results demonstrate the effectiveness of this approach.

show abstract

“… c The method is described in [12], where N represents the number of data frames required for fingerprint extraction;…”

Section: Resultsmentioning

confidence: 99%

Section: Intrusion Detectionmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Intrusion detection and defence for CAN bus through frequency anomaly analysis and arbitration mechanism

Dong,

Song,

Shao

2024

Electronics Letters

View full text Add to dashboard Cite

show abstract

“…The detection approaches can be broadly categorized into either rule-based, where humans design detection rules manually, or ML-based, where an ML model is trained from data. Rule-based approaches include: methods based on physical fingerprints, e.g., clock [59] or voltage measurements [14]; methods based on message timing [39,44] or frequency [48]; methods based on message ID entropy [51] or Hamming distance [46], and many others. Due to the increasing complexity and diversity of in-vehicle network workloads, rule-based methods are generally viewed as not as accurate or flexible/adaptable as ML-based methods [56].…”

Section: Related Workmentioning

confidence: 99%

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Zhao

Chen

et al. 2022

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle’s attack surface. We address the problem of Intrusion Detection on the CAN bus, and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks, and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrate that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.

show abstract

“…When the skews are similar or they are both still at a certain threshold, the device is called a valid device. Other area exploring clock skew are distributed anonymity architecture [20], [27], non-cryptography security [28], [35] and wireless sensor network [32], [33]. All areas used clock skew depends on the accurate value of the measured clock skew.…”

Section: Introductionmentioning

confidence: 99%

Coexisting Parallelogram Method to Handle Jump Point on Hough Transform-based Clock Skew Measurement

Sastra

Saputra

Wiharta

2021

JCOMSS

View full text Add to dashboard Cite

In this paper, we improve the robustness of the Hough transform-based clock skew measurement on the occurrence of a jump point. The current Hough transform-based skew method uses angle (θ), thickness (ω), and region (β), to create a parallelogram that covers the densest part of an offset-set. However, the assumption that all offsets are considered to line up roughly in only one direction restricts the ability of the current method when handling an offset-set in which its densest part is located separately, the jump point condition. By acquiring the parallelogram from coexisting angle-region tuples at the beginning and the ending parts of the offset-set, we completed the ability of the Hough transform-based method to handle the jump point. When handling the jump point problem, the proposed coexisting parallelogram method could reach 0.35 ppm accuracy compared with tens ppm by the current methods.

show abstract

Clock-Based Sender Identification and Attack Detection for Automotive CAN Network

Cited by 19 publications

References 31 publications

Intrusion detection and defence for CAN bus through frequency anomaly analysis and arbitration mechanism

Intrusion detection and defence for CAN bus through frequency anomaly analysis and arbitration mechanism

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Coexisting Parallelogram Method to Handle Jump Point on Hough Transform-based Clock Skew Measurement

Contact Info

Product

Resources

About