research-article

Anomaly detection of CAN bus messages through analysis of ID sequences

Authors:

Mirco Marchetti,

Dario StabiliAuthors Info & Claims

2017 IEEE Intelligent Vehicles Symposium (IV)

Pages 1577 - 1583

https://doi.org/10.1109/IVS.2017.7995934

Published: 11 June 2017 Publication History

Abstract

This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. The proposed algorithm identifies anomalies in the sequence of messages that flow in the CAN bus and is characterized by small memory and computational footprints, that make it applicable to current ECUs. Its detection performance are demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.

References

[1]

M. Marchetti, D. Stabili, A. Guido, and M. Colajanni, “Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms,” in 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (R TSI), Sept 2016, pp. 1–6.

[2]

C. Miller and C. Valasek. (2015) Remote exploitation of an unaltered passenger vehicle. Appeared in Blackhat US conference. [Online]. Available: https://www.blackhat.com/us-15/briefings.html#remote-exploitation-of-an-unaltered-passenger-vehicle.

[3]

Keen Security Lab of Tencent. (2016) Car hacking research: Remote attack tesla motors. [Online]. Available: http://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/.

[4]

A. Taylor, N. Japkowicz, and S. Leblanc, “Frequency-based anomaly detection for the automotive can bus,” in 2015 World Congress on Industrial Control Systems Security (WCICSS), Dec 2015, pp. 45–49.

[5]

M. J. Kang and J. W. Kang, “A novel intrusion detection method using deep neural network for in-vehicle network security,” in 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring), May 2016, pp. 1–5.

[6]

C. Miller and C. Valasek. (2015) Remote exploitation of an unaltered passenger vehicle. White paper of Blackhat US conference. [Online]. Available: http://illmatics.com/Remote%20Car%20Hacking.pdf.

[7]

B. Gmbh. (1995) Can specification version 2.0. [Online]. Available: http://esd.cs.ucr.edu/webres/can20.pdf.

[8]

M. Wolf and T. Gendrullis, Design, Implementation, and Evaluation of a Vehicular Hardware Security Module. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 302–318. [Online]. Available: https://doi.org/10.1007/978-3-642-31912-9_20.

[9]

B. Carnevale, F. Falaschi, L. Crocetti, H. Hunjan, S. Bisase, and L. Fanucci, “An implementation of the 802.1 ae mac security standard for in-car networks,” in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Dec 2015, pp. 24–28.

[10]

M. Andreolini, M. Colajanni, and M. Marchetti, “A collaborative framework for intrusion detection in mobile networks,” Information Sciences, vol. 321, pp. 179–192, 2015.

Digital Library

[11]

M. Marchetti, M. Colajanni, and F. Manganiello, “Framework and models for multistep attack detection,” International Journal of Security and Its Applications, vol. 5, no. 4, pp. 73–90, 2011.

[12]

M. Colajanni, D. Gozzi, and M. Marchetti, “Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems,” in Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems. ACM, 2007, pp. 165–174.

[13]

V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A survey,” ACM computing surveys (CSUR), vol. 41, no. 3, p. 15, 2009.

Digital Library

[14]

S. Bayer and A. Ptok, “Dont fuss about fuzzing: Fuzzing controllers in vehicular networks.”.

[15]

H. Lee, K. Choi, K. Chung, J. Kim, and K. Yim, “Fuzzing can packets into automobiles,” in 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, March 2015, pp. 817–821.

Cited By

Song JQin GLiang YYan JSun M(2025)DGIDSComputers and Security10.1016/j.cose.2024.104076147:COnline publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104076
Xu HWu DLu YLu JZeng HBagchi SZhang Y(2024)Models on the moveProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692056(1049-1063)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692056
Song JQin GLiang YYan JSun M(2024)SIDiLDNGComputers and Security10.1016/j.cose.2024.103847142:COnline publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103847
Show More Cited By

Index Terms

Anomaly detection of CAN bus messages through analysis of ID sequences
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Anomaly Detection for Mixed Transmission CAN Messages Using Quantized Intervals and Absolute Difference of Payloads
AutoSec '19: Proceedings of the ACM Workshop on Automotive Cybersecurity

The control of vehicles can be taken over by injecting malicious controller area network (CAN) messages. To detect malicious messages, anomaly-detection systems based on intervals or payloads of CAN messages have been proposed. However, these systems ...
Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network
ICOIN '16: Proceedings of the 2016 International Conference on Information Networking (ICOIN)

Controller Area Network (CAN) bus in the vehicles is a de facto standard for serial communication to provide an efficient, reliable and economical link between Electronic Control Units (ECU). However, CAN bus does not have enough security features to ...
Quantum optimization for fast CAN bus intrusion detection
QP4SE 2022: Proceedings of the 1st International Workshop on Quantum Programming for Software Engineering

Modern vehicles, nowadays, come loaded with hundreds of different sensors generating a huge amount of data. This data is shared and processed among different Electronic Control Units (ECUs) through an in-vehicle network, such as the CAN bus, to ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

2017 IEEE Intelligent Vehicles Symposium (IV)

Jun 2017

1919 pages

Copyright © 2017.

Publisher

IEEE Press

Publication History

Published: 11 June 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Song JQin GLiang YYan JSun M(2025)DGIDSComputers and Security10.1016/j.cose.2024.104076147:COnline publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104076
Xu HWu DLu YLu JZeng HBagchi SZhang Y(2024)Models on the moveProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692056(1049-1063)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692056
Song JQin GLiang YYan JSun M(2024)SIDiLDNGComputers and Security10.1016/j.cose.2024.103847142:COnline publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103847
Sharmin SMansor HAbdul Kadir AA. Aziz N(2023)Comparative Evaluation of Anomaly-Based Controller Area Network IDSProceedings of the 2023 12th International Conference on Software and Computer Applications10.1145/3587828.3587861(218-226)Online publication date: 23-Feb-2023
https://dl.acm.org/doi/10.1145/3587828.3587861
Hellemans WRabbani MPreneel BMentens NBartolini ARietveld KSchuman CMoreira J(2023)Yes we CAN!Proceedings of the 20th ACM International Conference on Computing Frontiers10.1145/3587135.3592818(352-357)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3587135.3592818
Rajapaksha SKalutarage HAl-Kadri MPetrovski AMadzudzo GCheah M(2023)AI-Based Intrusion Detection Systems for In-Vehicle Networks: A SurveyACM Computing Surveys10.1145/357095455:11(1-40)Online publication date: 9-Feb-2023
https://dl.acm.org/doi/10.1145/3570954
Mehta JRichard GLugosch LYu DMeyer B(2023)DT-DS: CAN Intrusion Detection with Decision Tree EnsemblesACM Transactions on Cyber-Physical Systems10.1145/35661327:1(1-27)Online publication date: 22-Mar-2023
https://dl.acm.org/doi/10.1145/3566132
Wang XYang LLi DMa LHe YXiao JLiu JYang Y(2022)MADDC: Multi-Scale Anomaly Detection, Diagnosis and Correction for Discrete Event LogsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567972(769-784)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567972
Fenzl FRieke RDominik A(2021)In-vehicle detection of targeted CAN bus attacksProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3465755(1-7)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3465755
Wang ZChen ZNi JLiu HChen HTang JZhu FChin Ooi BMiao CWang HSkrypnyk IHsu WChawla S(2021)Multi-Scale One-Class Recurrent Neural Networks for Discrete Event Sequence Anomaly DetectionProceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining10.1145/3447548.3467125(3726-3734)Online publication date: 14-Aug-2021
https://dl.acm.org/doi/10.1145/3447548.3467125
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten