Event-Triggered Interval-Based Anomaly Detection and Attack Identification Methods for an In-Vehicle Network

Vehicle communication technology has been steadily progressing alongside the convergence of the in-vehicle network (IVN) and wireless communication technology. The communication with various external networks further reinforces the connectivity between the inside and outside of a vehicle. However, this bears risks of malicious packet attacks on computer-assisted mechanical mechanisms that are capable of hijacking the vehicle’s functions. The present study proposes a method to detect and identify abnormalities in vehicular networks based on the periodic event-triggered interval of the controller area network (CAN) messages. To this end, we first define four attack scenarios and then extract normal and abnormal driving data corresponding to these scenarios. Next, we analyze the CAN ID’s event-triggered interval and measure statistical moments depending on the defined time-window. Finally, we conduct extensive evaluations of the proposed methods’ performance by considering different attack scenarios and three types of machine learning models. The results demonstrate that the proposed method can effectively detect an abnormality in the IVN, with up to 99% accuracy. Our results suggest that when tree-based machine learning models are used as the classifier, the proposed method of attack identification can achieve more than 94% accuracy.

[1]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[2]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[3]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[4]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[5]  Jiyoung Woo,et al.  In-vehicle network intrusion detection using deep convolutional neural network , 2020, Veh. Commun..

[6]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[7]  Huy Kang Kim,et al.  Anomaly intrusion detection method for vehicular networks based on survival analysis , 2018, Veh. Commun..

[8]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[9]  Jae Wook Jeon,et al.  Gateway Framework for In-Vehicle Networks Based on CAN, FlexRay, and Ethernet , 2015, IEEE Transactions on Vehicular Technology.

[10]  Radha Poovendran,et al.  Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks , 2018, IEEE Transactions on Information Forensics and Security.

[11]  Dong Hoon Lee,et al.  MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks , 2020, IEEE Transactions on Vehicular Technology.

[12]  Jamie B. Coble,et al.  Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data , 2019, IEEE Transactions on Industrial Informatics.

[13]  Dae-Woon Lim,et al.  A Multiple Rényi Entropy Based Intrusion Detection System for Connected Vehicles , 2020, Entropy.

[14]  Rolf Ernst,et al.  SymTA/S - Symbolic Timing Analysis for Systems , 2004 .

[15]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[16]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[17]  Kyusuk Han,et al.  Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication , 2020, IEEE Transactions on Vehicular Technology.

[18]  Qian Luo,et al.  Wireless Telematics Systems in Emerging Intelligent and Connected Vehicles: Threats and Solutions , 2018, IEEE Wireless Communications.

[19]  Dong Hoon Lee,et al.  Enhanced Android App-Repackaging Attack on In-Vehicle Network , 2019, Wirel. Commun. Mob. Comput..

[20]  M. Amac Guvensan,et al.  Towards Next-Generation Vehicles Featuring the Vehicle Intelligence , 2020, IEEE Transactions on Intelligent Transportation Systems.

[21]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[22]  Hussein Zedan,et al.  A comprehensive survey on vehicular Ad Hoc network , 2014, J. Netw. Comput. Appl..

[23]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[24]  Xinkai Wu,et al.  Investigating the Effects of Attack Detection for In-Vehicle Networks Based on Clock Drift of ECUs , 2018, IEEE Access.

[25]  Jeremy Bryans,et al.  Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[26]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[27]  Huy Kang Kim,et al.  OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[28]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[29]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[30]  Gang Qu,et al.  An Entropy Analysis Based Intrusion Detection System for Controller Area Network in Vehicles , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[31]  Nei Kato,et al.  Attacker Identification and Intrusion Detection for In-Vehicle Networks , 2019, IEEE Communications Letters.