CAN-ADF: The controller area network attack detection framework

Abstract In recent years, there has been significant interest in developing autonomous vehicles such as self-driving cars. In-vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is widely used as the de facto standard to provide serial communications between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed due to the lack of defense mechanisms in the CAN bus. In this work, we propose CAN Bus Message Attack Detection Framework (CAN-ADF) - a comprehensive anomaly generation, detection, and evaluation system for a CAN bus. In CAN-ADF, not only various anomalies and attack characteristics can be configured but also different detection methods, and visualization frameworks are provided to effectively detect those attacks and anomalies. For the detector, we employ both a rule-based approach crafted from dynamic network traffic characteristics and Recurrent Neural Networks (RNN). For evaluation, we use 7,875,791 in-vehicle CAN packets collected from real cars, KIA Soul and Hyundai Sonata. Our detection algorithm achieves accurate intrusion detection performance, with an average accuracy of 99.45% on CAN datasets, outperforming prior approach. Furthermore, we developed a visualization tool to validate the detection of anomalies by CAN-ADF and to find new patterns in the dataset.

[1]  Simon S. Woo,et al.  Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs , 2018, IOSec@RAID.

[2]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[3]  Simon S. Woo,et al.  CANTransfer: transfer learning based intrusion detection on a controller area network using convolutional LSTM network , 2020, SAC.

[4]  Tobias Hoppe,et al.  Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats , 2009, SAFECOMP.

[5]  Ulf E. Larson,et al.  Simulated attacks on CAN buses: vehicle virus , 2008 .

[6]  Antoine Boulanger,et al.  A simple intrusion detection method for controller area network , 2016, 2016 IEEE International Conference on Communications (ICC).

[7]  Simon S. Woo,et al.  Detecting Anomalies in Space using Multivariate Convolutional LSTM with Mixtures of Probabilistic PCA , 2019, KDD.

[8]  Adrian Taylor,et al.  Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework , 2018, IEEE Intelligent Systems.

[9]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[10]  Dong Hoon Lee,et al.  VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System , 2018, IEEE Transactions on Information Forensics and Security.

[11]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[12]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[13]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[14]  Stefano Zanero,et al.  A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks , 2017, DIMVA.

[15]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[16]  Xiangang Li,et al.  Constructing long short-term memory based deep recurrent neural networks for large vocabulary speech recognition , 2014, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[17]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[18]  Avishai Wool,et al.  Field classification, modeling and anomaly detection in unknown CAN bus networks , 2017, Veh. Commun..

[19]  Fred J. Damerau,et al.  A technique for computer detection and correction of spelling errors , 1964, CACM.

[20]  Les E. Atlas,et al.  Recurrent neural networks and robust time series prediction , 1994, IEEE Trans. Neural Networks.

[21]  Huy Kang Kim,et al.  OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[22]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2011, Reliab. Eng. Syst. Saf..

[23]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[24]  Andrew W. Senior,et al.  Long short-term memory recurrent neural network architectures for large scale acoustic modeling , 2014, INTERSPEECH.