Using a one-class compound classifier to detect in-vehicle network attacks

Tomlinson, Andrew; Bryans, Jeremy; Shaikh, Siraj Ahmed

doi:10.1145/3205651.3208223

Cited by 18 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Primarily used in rapid image processing applications (.e.g. [20]), it has also been used in medical diagnosis [21], and was considered by us as a potential CAN data anomaly detector [22]. Its authors state that the CC: can generalise, learn and make rapid decisions; lends itself to visualisation; and, can be used for multi-class and one-class problems [19].…”

Section: Our Evaluated Methodsmentioning

confidence: 99%

Using internal context to detect automotive controller area network attacks

Tomlinson

Bryans

Shaikh

2021

Computers & Electrical Engineering

Self Cite

View full text Add to dashboard Cite

Section: Our Evaluated Methodsmentioning

confidence: 99%

Using internal context to detect automotive controller area network attacks

Tomlinson

Bryans

Shaikh

2021

Computers & Electrical Engineering

Self Cite

View full text Add to dashboard Cite

“…However, both of these models [11], [12] have a low generalization capability as they require specific knowledge of CAN data. A one-class compound classifier was used in [13] to detect CAN bus attacks. But this detected only 45-65% of attacks.…”

Section: Related Workmentioning

confidence: 99%

Keep the Moving Vehicle Secure: Context-Aware Intrusion Detection System for In-Vehicle CAN Bus Security

Rajapaksha

Kalutarage

Al-Kadri

et al. 2022

2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon)

View full text Add to dashboard Cite

The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat the information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles including military vehicles, passenger cars, commercial vehicles and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency.

show abstract

“…Non neural network based methods for anomaly detection on the CAN bus payload include signature based methods [15], finger printing [2], clustering methods [19], fuzzy logic [9], Hidden-Markov-Model based methods [12], and entropy based methods [8,11]. A comprehensive review of the strengths and weaknesses of these and other non-payload based methods can be found in [18].…”

Section: Related Researchmentioning

confidence: 99%

CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data

et al. 2020

View full text Add to dashboard Cite

We propose a novel neural network architecture for detecting intrusions on the CAN bus. The Controller Area Network (CAN) is the standard communication method between the Electronic Control Units (ECUs) of automobiles. However, CAN lacks security mechanisms and it has recently been shown that it can be attacked remotely. Hence, it is desirable to monitor CAN traffic to detect intrusions. In order to detect both, known and unknown intrusion scenarios, we consider a novel unsupervised learning approach which we call CANet. To our knowledge, this is the first deep learning based intrusion detection system (IDS) that takes individual CAN messages with different IDs and evaluates them in the moment they are received. This is a significant advancement because messages with different IDs are typically sent at different times and with different frequencies. Our method is evaluated on real and synthetic CAN data. For reproducibility of the method, our synthetic data is publicly available. A comparison with previous machine learning based methods shows that CANet outperforms them by a significant margin.

show abstract

Using a one-class compound classifier to detect in-vehicle network attacks

Abstract: This document is the author's post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

Cited by 18 publications

References 11 publications

Using internal context to detect automotive controller area network attacks

Using internal context to detect automotive controller area network attacks

Keep the Moving Vehicle Secure: Context-Aware Intrusion Detection System for In-Vehicle CAN Bus Security

CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data

Contact Info

Product

Resources

About