Towards Reverse Engineering Controller Area Network Messages Using Machine Learning

The automotive Controller Area Network (CAN) allows Electronic Control Units (ECUs) to communicate with each other and control various vehicular functions such as engine and braking control. Consequently CAN and ECUs are high priority targets for hackers. As CAN implementation details are held as proprietary information by vehicle manufacturers, it can be challenging to decode and correlate CAN messages to specific vehicle operations. To understand the precise meanings of CAN messages, reverse engineering techniques that are time-consuming, manually intensive, and require a physical vehicle are typically used. This work aims to address the process of reverse engineering CAN messages for their functionality by creating a machine learning classifier that analyzes messages and determines their relationship to other messages and vehicular functions. Our work examines CAN traffic of different vehicles and standards to show that it can be applied to a wide arrangement of vehicles. The results show that the function of CAN messages can be determined without the need to manually reverse engineer a physical vehicle.

[1]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[2]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[3]  Felix C. Freiling,et al.  A structured approach to anomaly detection for in-vehicle networks , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[4]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[5]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[6]  Gergely Ács,et al.  Extracting Vehicle Sensor Signals from CAN Logs for Driver Re-identification , 2019, ICISSP.

[7]  Huy Kang Kim,et al.  Automated Reverse Engineering and Attack for CAN Using OBD-II , 2018, 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall).

[8]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[9]  Kang G. Shin,et al.  LibreCAN: Automated CAN Message Translator , 2019, CCS.

[10]  Mirco Marchetti,et al.  READ: Reverse Engineering of Automotive Data Frames , 2003, IEEE Transactions on Information Forensics and Security.

[11]  Robert A. Bridges,et al.  ACTT: Automotive CAN Tokenization and Translation , 2018, 2018 International Conference on Computational Science and Computational Intelligence (CSCI).

[12]  Kazuomi Oishi,et al.  A Method of Preventing Unauthorized Data Transmission in Controller Area Network , 2012, 2012 IEEE 75th Vehicular Technology Conference (VTC Spring).