Application of Controller Area Network (CAN) bus anomaly detection based on time series prediction

Abstract Electronization and intelligentization are gradually becoming the basic characteristics of modern automobiles. With the continuous deepening of intelligent network integration, automotive information security has become increasingly prominent. The in-vehicle network system is responsible for controlling the state of intelligent connected vehicles and significantly affecting driving safety. This research focuses on one deep learning technique based on time series prediction, namely long short-term memory (LSTM). An anomaly detection algorithm based on two data formats is proposed to detect the abnormal behavior of the controller area network (CAN) bus under tampering attacks. Five forms of loss functions are proposed and used to compare the test results to determine the final one. The evaluation indicates that the anomaly detection algorithm based on LSTM algorithm has a lower false positive rate and a higher detection rate using the chosen loss function.

[1]  Jürgen Schmidhuber,et al.  Learning to Forget: Continual Prediction with LSTM , 2000, Neural Computation.

[2]  Yao Zhao,et al.  EA-LSTM: Evolutionary Attention-based LSTM for Time Series Prediction , 2018, Knowl. Based Syst..

[3]  Mustafa Saed,et al.  Security Concepts and Issues in Intra-Inter Vehicle Communication Network , 2014 .

[4]  David Vandyke,et al.  Semantically Conditioned LSTM-based Natural Language Generation for Spoken Dialogue Systems , 2015, EMNLP.

[5]  Peter Hellinckx,et al.  Automatic Reverse Engineering of CAN Bus Data Using Machine Learning Techniques , 2017, 3PGCIC.

[6]  Yun Liu,et al.  A SVM-based IDS Alarms Filtering Method , 2014 .

[7]  Yunpeng Wang,et al.  Comparative Performance Evaluation of Intrusion Detection Methods for In-Vehicle Networks , 2018, IEEE Access.

[8]  Huy Kang Kim,et al.  GIDS: GAN based Intrusion Detection System for In-Vehicle Network , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[9]  Dong Seong Kim,et al.  Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[10]  Kim-Kwang Raymond Choo,et al.  V2X security: A case study of anonymous authentication , 2017, Pervasive Mob. Comput..

[11]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[12]  Richard R. Brooks,et al.  Automobile ECU Design to Avoid Data Tampering , 2015, CISR.

[13]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[14]  Siti-Farhana Lokman,et al.  Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review , 2019, EURASIP J. Wirel. Commun. Netw..

[15]  Nilima Dongre,et al.  Hybrid IDS using SVM classifier for detecting DoS attack in MANET application , 2017, 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC).

[16]  Peng Deng,et al.  Design and verification for transportation system security , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[17]  N. M. Wagdarikar,et al.  A review: Control area network (CAN) based Intelligent vehicle system for driver assistance using advanced RISC machines (ARM) , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[18]  Liu Chao,et al.  Exploring LSTM based recurrent neural network for failure time series prediction , 2018 .

[19]  P. Prasanna,et al.  Security Issues on Inter-Vehicle Communications , 2012 .

[20]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[21]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[22]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[23]  Izhak Shafran,et al.  Context dependent phone models for LSTM RNN acoustic modelling , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[24]  Kazunari Nawa,et al.  Passive keyless entry system for long term operation , 2011, 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[25]  Lin Zhang,et al.  Mobile Edge Assisted Literal Multi-Dimensional Anomaly Detection of In-Vehicle Network Using LSTM , 2019, IEEE Transactions on Vehicular Technology.

[26]  Péter Gáspár,et al.  Security issues and vulnerabilities in connected car systems , 2015, 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS).

[27]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[28]  Feng Luo,et al.  A design for automotive CAN bus monitoring system , 2008, 2008 IEEE Vehicle Power and Propulsion Conference.

[29]  Li Li,et al.  Using LSTM and GRU neural network methods for traffic flow prediction , 2016, 2016 31st Youth Academic Annual Conference of Chinese Association of Automation (YAC).

[30]  Daojing He,et al.  How Effective Are the Prevailing Attack-Defense Models for Cybersecurity Anyway? , 2014, IEEE Intelligent Systems.

[31]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).