WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network’s transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.

[1]  Xiaochun Cheng,et al.  A Distributed Anomaly Detection System for In-Vehicle Network Using HTM , 2018, IEEE Access.

[2]  Bogdan Groza,et al.  DoS Attacks on Controller Area Networks by Fault Injections from the Software Layer , 2017, ARES.

[3]  Stefano Zanero,et al.  A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks , 2017, DIMVA.

[4]  Christian E. Schaerer,et al.  Anomaly-based Techniques for Web Attacks Detection , 2012 .

[5]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[6]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[7]  Bogdan Groza,et al.  Security Solutions for the Controller Area Network: Bringing Authentication to In-Vehicle Networks , 2018, IEEE Vehicular Technology Magazine.

[8]  Nandi O. Leslie,et al.  Estimating Attack Risk of Network Activities in Temporal Domain: A Wavelet Transform Approach , 2020, 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[9]  Aditya Mathur,et al.  Using Datasets from Industrial Control Systems for Cyber Security Research and Education , 2019, CRITIS.

[10]  Bogdan Groza,et al.  Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks , 2019, IEEE Transactions on Information Forensics and Security.

[11]  Gedare Bloom,et al.  Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes , 2019, AutoSec@CODASPY.

[12]  G. Peyré Mathematical Foundations of Data Sciences , 2018 .

[13]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[14]  Huy Kang Kim,et al.  GIDS: GAN based Intrusion Detection System for In-Vehicle Network , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[15]  Jeremy Bryans,et al.  Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[16]  Keqin Li,et al.  Sliding Window Optimized Information Entropy Analysis Method for Intrusion Detection on In-Vehicle Networks , 2018, IEEE Access.

[17]  D. Rincon,et al.  Wavelet transforms and change-point detection algorithms for tracking network traffic fractality , 2006, 2006 2nd Conference on Next Generation Internet Design and Engineering, 2006. NGI '06..

[18]  Tomas Olovsson,et al.  In-Vehicle CAN Message Authentication: An Evaluation Based on Industrial Criteria , 2017, 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall).

[19]  Vincent Nicomette,et al.  A language-based intrusion detection approach for automotive embedded networks , 2015, Int. J. Embed. Syst..

[20]  Jaein Kim,et al.  Fuzzing CAN Packets into Automobiles , 2015, 2015 IEEE 29th International Conference on Advanced Information Networking and Applications.

[21]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[22]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[23]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[24]  Jiyoung Woo,et al.  In-vehicle network intrusion detection using deep convolutional neural network , 2020, Veh. Commun..

[25]  Hiroshi Ueda,et al.  Anomaly-Based Intrusion Detection Using the Density Estimation of Reception Cycle Periods for In-Vehicle Networks , 2018 .

[26]  Matthew Spicer,et al.  Intrusion Detection System for Electronic Communication Buses: A New Approach , 2018 .

[27]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[28]  Huy Kang Kim,et al.  OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[29]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[30]  Jerry den Hartog,et al.  Evaluation Framework for Network Intrusion Detection Systems for In-Vehicle CAN , 2019, 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE).

[31]  Felix C. Freiling,et al.  A structured approach to anomaly detection for in-vehicle networks , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[32]  Reinhard German,et al.  Delay Bounds for CAN Communication in Automotive Applications , 2008, MMB.

[33]  Gedare Bloom,et al.  SAIDuCANT: Specification-Based Automotive Intrusion Detection Using Controller Area Network (CAN) Timing , 2020, IEEE Transactions on Vehicular Technology.

[34]  Tobias Hoppe,et al.  Exemplary Automotive Attack Scenarios : Trojan Horses for Electronic Throttle Control System ( ETC ) and Replay Attacks on the Power Window System , 2007 .

[35]  Sibylle B. Fröschle,et al.  Analyzing the Capabilities of the CAN Attacker , 2017, ESORICS.

[36]  Mohamed Hamdi,et al.  Detecting Denial-of-Service attacks using the wavelet transform , 2007, Comput. Commun..

[37]  I. Johnstone,et al.  Ideal spatial adaptation by wavelet shrinkage , 1994 .