In-vehicle detection of targeted CAN bus attacks

Most vehicles use the controller area network bus for communication between their components. Attackers who have already penetrated the in-vehicle network often utilize this bus in order to take control of safety-relevant components of the vehicle. Such targeted attack scenarios are often hard to detect by network intrusion detection systems because the specific payload is usually not contained within their training data sets. In this work, we describe an intrusion detection system that uses decision trees that have been modelled through genetic programming. We evaluate the advantages and disadvantages of this approach compared to artificial neural networks and rule-based approaches. For this, we model and simulate specific targeted attacks as well as several types of intrusions described in the literature. The results show that the genetic programming approach is well suited to identify intrusions with respect to complex relationships between sensor values which we consider important for the classification of specific targeted attacks. However, the system is less efficient for the classification of other types of attacks which are better identified by the alternative methods in our evaluation. Further research could thus consider hybrid approaches.

[1]  Avishai Wool,et al.  Field classification, modeling and anomaly detection in unknown CAN bus networks , 2017, Veh. Commun..

[2]  Haibo Zeng,et al.  Understanding and Using the Controller Area Network Communication Protocol: Theory and Practice , 2012 .

[3]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[4]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[5]  David E. Goldberg,et al.  Genetic Algorithms, Tournament Selection, and the Effects of Noise , 1995, Complex Syst..

[6]  Adrian Taylor,et al.  Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework , 2018, IEEE Intelligent Systems.

[7]  Marc Parizeau,et al.  DEAP: evolutionary algorithms made easy , 2012, J. Mach. Learn. Res..

[8]  Riccardo Poli,et al.  Evolution of a Brain-Computer Interface Mouse via Genetic Programming , 2011, EuroGP.

[9]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[10]  Vidroha Debroy,et al.  Genetic Programming , 1998, Lecture Notes in Computer Science.

[11]  David J. Montana,et al.  Strongly Typed Genetic Programming , 1995, Evolutionary Computation.

[12]  Santosh Kumar,et al.  Genetic Algorithms in Intrusion Detection Systems: A Survey , 2014 .

[13]  Michael D. Iannacone,et al.  ROAD: The Real ORNL Automotive Dynamometer Controller Area Network Intrusion Detection Dataset (with a comprehensive CAN IDS dataset survey & guide) , 2020, ArXiv.

[14]  Anup Goyal,et al.  GA-NIDS : A Genetic Algorithm based Network Intrusion Detection System , 2007 .

[15]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[16]  Huy Kang Kim,et al.  GIDS: GAN based Intrusion Detection System for In-Vehicle Network , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[17]  Christoph Krauß,et al.  SEPAD – Security Evaluation Platform for Autonomous Driving , 2020, 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP).

[18]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[19]  Jiyoung Woo,et al.  In-vehicle network intrusion detection using deep convolutional neural network , 2020, Veh. Commun..

[20]  Adrian Taylor,et al.  Anomaly-Based Detection of Malicious Activity in In-Vehicle Networks , 2017 .

[21]  Yves Deswarte,et al.  Security of embedded automotive networks: state of the art and a research proposal , 2013, CARS@SAFECOMP.

[22]  Carsten Maple,et al.  Intrusion Detection Systems for Intra-Vehicle Networks: A Review , 2019, IEEE Access.

[23]  Tomas Olovsson,et al.  Extending AUTOSAR's Counter-Based Solution for Freshness of Authenticated Messages in Vehicles , 2019, 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC).

[24]  Yannick Chevalier,et al.  ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection , 2019, IDC.

[25]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.