Securing Vehicular Controller Area Networks: An Approach to Active Bus-Level Countermeasures

Giannopoulos, Hristos; Wyglinski, Alexander M.; Chapman, Joseph C.

doi:10.1109/mvt.2017.2647814

Cited by 22 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Spoofing Attack: Spoofing is the act of changing the appearance of a message or identification so that it pretends to come from a reliable, authentic source [10]. Spoofing attacks are further categorized into revolution per minute (RPM) and gear spoofing attack [24]. We have used the attack dataset from the CAR-Hacking dataset provided by Huy Kang Kim et al [1][25].…”

Section: B Can Attack Typesmentioning

confidence: 99%

Anomaly Detection in Intra-Vehicle Networks

Dwivedi¹

2022

Preprint

View full text Add to dashboard Cite

The progression of innovation and technology and ease of inter-connectivity among networks has allowed us to evolve towards one of the promising areas, the Internet of Vehicles. Nowadays, modern vehicles are connected to a range of networks, including intra-vehicle networks and external networks. However, a primary challenge in the automotive industry is to make the vehicle safe and reliable; particularly with the loopholes in the existing traditional protocols, cyberattacks on the vehicle network are rising drastically. Practically every vehicle uses the universal Controller Area Network (CAN) bus protocol for the communication between electronic control units to transmit key vehicle functionality and messages related to driver safety. The CAN bus system, although its critical significance, lacks the key feature of any protocol authentication and authorization. Resulting in compromises of CAN bus security leads to serious issues to both car and driver safety. This paper discusses the security issues of the CAN bus protocol and proposes an Intrusion Detection System (IDS) that detects known attacks on in-vehicle networks. Multiple Artificial Intelligence (AI) algorithms are employed to provide recognition of known potential cyber-attacks based on messages, timestamps, and data packets traveling through the CAN. The main objective of this paper is to accurately detect cyberattacks by considering time-series features and attack frequency. The majority of the evaluated AI algorithms, when considering attack frequency, correctly identify known attacks with remarkable accuracy of more than 99%. However, these models achieve approximately 92% to 97% accuracy when timestamps are not taken into account. Long Short Term Memory (LSTM), Xgboost, and SVC have proved to the well-performing classifiers.

show abstract

Section: B Can Attack Typesmentioning

confidence: 99%

Anomaly Detection in Intra-Vehicle Networks

Dwivedi¹

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The proposed solution combined with another module that injects errors on a CAN network would form an Intrusion Prevention System (IPS), actively preventing the detected anomalies to be spread across the network. Such a module has already been proposed in solutions like CAN Stomping [Giannopoulos et al 2017] and error injection techniques [Freitas de Araujo-Filho 2018]. Regarding the classification made in Table 1, the solution proposed in this paper uses data from payload, a learned model and a single frame detection time lower than 1µs.…”

Section: Real-time Anomaly-based Ids For Canmentioning

confidence: 99%

“…In order to prevent a frame from being correctly transmitted throughout the network, a possible solution is to introduce a bit stuffing error [Giannopoulos et al 2017] before the end of the frame. According to the CAN specification [Bosch 1991], a bit stuffing error occurs when six equal bits are received consecutively.…”

Section: The Time Constraintmentioning

confidence: 99%

“…An IDS can detect attacks, but it is not capable of preventing it. [Abbott-McCune and Shay 2016] and [Giannopoulos et al 2017] suggest inserting a bit stuffing error during malicious frame transmission in order to prevent it from being successfully transmitted throughout the network. The IDS must respond fast enough in order to generate the bit stuffing error while the malicious frame is still being transmitted, The purpose of this paper is to present an IDS capable of detecting anomalies in an automotive CAN network before the end of the transmission of a CAN frame.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Real-time Anomaly-based Intrusion Detection System for Automotive Controller Area Networks

D'Andrada¹,

Araujo-Filho²,

Campelo³

2020

Anais XXXVIII Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2020)

View full text Add to dashboard Cite

The Controller Area Network (CAN) is the most pervasive in-vehiclenetwork technology in cars. However, since CAN was designed with no securityconcerns, solutions to mitigate cyber attacks on CAN networks have been pro-posed. Prior works have shown that detecting anomalies in the CAN networktraffic is a promising solution for increasing vehicle security. One of the mainchallenges in preventing a malicious CAN frame transmission is to be able todetect the anomaly before the end of the frame. This paper presents a real-timeanomaly-based Intrusion Detection System (IDS) capable of meeting this dead-line by using the Isolation Forest detection algorithm implemented in a hardwaredescription language. A true positive rate higher than 99% is achieved in testscenarios. The system requires less than 1μs to evaluate a frame’s payload, thusbeing able to detect the anomaly before the end of the frame.

show abstract

“…Since CAN is a multi-master broadcast bus protocol, the IDS may be deployed as a separate dedicated node on the CAN bus, implemented as either hardware (FPGA or ASIC) or integrated into one of the ECUs as a software application. Upon detecting intrusions/attacks, the Intrusion Prevention System (IPS) may take immediate countermeasures, e.g., sending error frames to stop the current transmission [18]. In addition, a detailed log of the onboard security events may be sent to the Security Operations Center in the cloud, which performs in-depth post-attack analysis of the collected data both for single vehicles and the whole fleet, e.g., root cause analysis, impact analysis, for developing threat response strategies.…”

Section: Introductionmentioning

confidence: 99%

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Zhao

Chen

et al. 2022

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle’s attack surface. We address the problem of Intrusion Detection on the CAN bus, and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks, and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrate that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.

show abstract

Securing Vehicular Controller Area Networks: An Approach to Active Bus-Level Countermeasures

Cited by 22 publications

References 13 publications

Anomaly Detection in Intra-Vehicle Networks

Anomaly Detection in Intra-Vehicle Networks

A Real-time Anomaly-based Intrusion Detection System for Automotive Controller Area Networks

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Contact Info

Product

Resources

About