Graph-Based Intrusion Detection System for Controller Area Networks

Islam, Riadul; Refat, Rafi Ud Daula; Yerram, Sai Manikanta; Malik, Hafiz

doi:10.1109/tits.2020.3025685

Cited by 64 publications

(46 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The common data sources that are used to assess the accuracy of the ML-based IDS solutions include; data from the owner devices [24], synthetic/artificial data [25], simulated data [26], and data from a stationary/parked vehicle [27], [28], [29]. This limits the confidence in the results and threatens its validity [30].…”

Section: Related Workmentioning

confidence: 99%

Evaluation of the Architecture Alternatives for Real-time Intrusion Detection Systems for Connected Vehicles

Jedh¹,

Lee²,

Othmane³

2022

Preprint

View full text Add to dashboard Cite

Attackers demonstrated the use of remote access to the in-vehicle network of connected vehicles to launch cyber-attacks and remotely take control of these vehicles. Machine-learning-based Intrusion Detection Systems (IDSs) techniques have been proposed for the detection of such attacks. The evaluation of some of these IDS demonstrated their efficacy in terms of accuracy in detecting message injections but was performed offline, which limits the confidence in their use for real-time protection scenarios. This paper evaluates four architecture designs for real-time IDS for connected vehicles using Controller Area Network (CAN) datasets collected from a moving vehicle under malicious speed reading message injections. The evaluation shows that a realtime IDS for a connected vehicle designed as two processes, a process for CAN Bus monitoring and another one for anomaly detection engine is reliable (no loss of messages) and could be used for real-time resilience mechanisms as a response to cyber-attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Evaluation of the Architecture Alternatives for Real-time Intrusion Detection Systems for Connected Vehicles

Jedh¹,

Lee²,

Othmane³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…However, these two works incur significant error rates. The work in [35] proposes a graphbased IDS that models the sequence of exchanged CAN messages. However, it cannot detect attacks by examining isolated frames and also has significant error rates for fuzzing attacks.…”

Section: Related Workmentioning

confidence: 99%

An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform

Araujo-Filho¹,

Pinheiro

Kaddoum

et al. 2021

IEEE Access

View full text Add to dashboard Cite

The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms' ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than 80µs for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry's primary concerns. INDEX TERMS IntrusionDetection System (IDS), Intrusion Prevention System (IPS), Machine Learning, Controller Area Network (CAN).

show abstract

“…The common data sources that are used to assess the accuracy of the ML-based IDS solutions include; data from the owner devices [38], synthetic/artificial data [39], simulated data [40], and data from a stationary/parked vehicle [36], [41], [42]. This limits the confidence in the results and threatens its validity [43].…”

Section: Related Workmentioning

confidence: 99%

Detection of Message Injection Attacks Onto the CAN Bus Using Similarities of Successive Messages-Sequence Graphs

Jedh

Othmane

Ahmed

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The smart features of modern cars are enabled by a number of Electronic Control Units (ECUs) components that communicate through an in-vehicle network, known as Controller Area Network (CAN) bus. The fundamental challenge is the security of the communication link where an attacker can inject messages (e.g., increase the speed) that may impact the safety of the driver. Most of existing practical IDS solutions rely on the knowledge of the identity of the ECUs, which is proprietary information. This paper proposes a message injection attack detection solution that is independent of the IDs of the ECUs. First, we represent the sequencing of the messages in a given time-interval as a direct graph and compute the similarities of the successive graphs using the cosine similarity and Pearson correlation. Then, we apply threshold, change point detection, and Long Short-Term Memory (LSTM)-Recurrent Neural Network (RNN) to detect and predict malicious message injections into the CAN bus. The evaluation of the methods using a dataset collected from a moving vehicle under malicious RPM and speed reading message injections show a detection accuracy of 97.32% and detection speed of 2.5 milliseconds when using a threshold method. The performance metrics makes the IDS suitable for real-time control mechanisms for vehicle resiliency to cyber attacks.

show abstract

Graph-Based Intrusion Detection System for Controller Area Networks

Cited by 64 publications

References 26 publications

Evaluation of the Architecture Alternatives for Real-time Intrusion Detection Systems for Connected Vehicles

Evaluation of the Architecture Alternatives for Real-time Intrusion Detection Systems for Connected Vehicles

An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform

Detection of Message Injection Attacks Onto the CAN Bus Using Similarities of Successive Messages-Sequence Graphs

Contact Info

Product

Resources

About