DeepAI AI Chat
Log In Sign Up

Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection

by   Zachariah Tyree, et al.
Oak Ridge National Laboratory
Florida Atlantic University

Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors--one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.


ACTT: Automotive CAN Tokenization and Translation

Modern vehicles contain scores of Electrical Control Units (ECUs) that b...

Towards a CAN IDS based on a neural-network data field predictor

Modern vehicles contain a few controller area networks (CANs), which all...

Anomaly Detection in Intra-Vehicle Networks

The progression of innovation and technology and ease of inter-connectiv...

Time-Based CAN Intrusion Detection Benchmark

Modern vehicles are complex cyber-physical systems made of hundreds of e...

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

This paper presents a new masquerade attack called the cloaking attack a...

Two-Point Voltage Fingerprinting: Increasing Detectability of ECU Masquerading Attacks

Automotive systems continuously increase their dependency on Electronic ...