Divider: Delay-Time Based Sender Identification in Automotive Networks

Controller Area Network (CAN) is one of the in-vehicle network protocols that is used to communicate among Electronic Control Units (ECUs) and has been de-facto standard. CAN is simple and has several vulnerabilities such as unable to distinguish spoofing messages because it doesn't support any authentication or sender identification properties. In previous work, some voltage-based methods to identify the sender node have been proposed. The methods can identify ECUs with high accuracy. However, the accuracy of source identification depends on a feature that is extracted from a continuous function of voltage use sampling. In general, as the sampling rate increases, the accuracy of identification is improved. Though the amount of data used for the identification increases too. Hence, it is desired to create an Intrusion Detection System (IDS) that identifies ECUs using few sampling features as there is a limited computing resource in vehicles. In this paper, we propose a delay-time based sender identification method of ECUs. We confirm that the proposed method achieved a true positive rate of 96.7% in CAN bus prototype against spoofing attack from a compromised ECU, detecting spoofing attack from an unmonitored ECU with a true positive rate of 98.0% in real-vehicle.

[1]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[2]  Ming Li,et al.  SIMPLE: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks , 2019, ACSAC.

[3]  Keqin Li,et al.  Sliding Window Optimized Information Entropy Analysis Method for Intrusion Detection on In-Vehicle Networks , 2018, IEEE Access.

[4]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[5]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[6]  Kang G. Shin,et al.  Viden: Attacker Identification on In-Vehicle Networks , 2017, CCS.

[7]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[8]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[9]  Christopher Huth,et al.  Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks , 2018, CCS.

[10]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[11]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[12]  Dong Hoon Lee,et al.  Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks , 2016, IEEE Transactions on Vehicular Technology.

[13]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[14]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[15]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[16]  Eibe Frank,et al.  Introducing Machine Learning Concepts with WEKA , 2016, Statistical Genomics.

[17]  Igor Kononenko,et al.  Estimating Attributes: Analysis and Extensions of RELIEF , 1994, ECML.

[18]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).