Biblio

The Controller area network (CAN) is the most extensively used in-vehicle network. It is set to enable communication between a number of electronic control units (ECU) that are widely found in most modern vehicles. CAN is the de facto in-vehicle network standard due to its error avoidance techniques and similar features, but it is vulnerable to various attacks. In this research, we propose a CAN bus intrusion detection system (IDS) based on convolutional neural networks (CNN). U-CAN is a segmentation model that is trained by monitoring CAN traffic data that are preprocessed using hamming distance and saliency detection algorithm. The model is trained and tested using publicly available datasets of raw and reverse-engineered CAN frames. With an F\_1 Score of 0.997, U-CAN can detect DoS, Fuzzy, spoofing gear, and spoofing RPM attacks of the publicly available raw CAN frames. The model trained on reverse-engineered CAN signals that contain plateau attacks also results in a true positive rate and false-positive rate of 0.971 and 0.998, respectively.

In-vehicle CAN (Controller Area Network) bus network does not have any network security protection measures, which is facing a serious network security threat. However, most of the intrusion detection solutions requiring extensive computational resources cannot be implemented in in- vehicle network system because of the resource constrained ECUs. To add additional hardware or to utilize cloud computing, we need to solve the cost problem and the reliable communication requirement between vehicles and cloud platform, which is difficult to be applied in a short time. Therefore, we need to propose a short-term solution for automobile manufacturers. In this paper, we propose a signature-based light-weight intrusion detection system, which can be applied directly and promptly to vehicle's ECUs (Electronic Control Units). We detect the anomalies caused by several attack modes on CAN bus from real-world scenarios, which provide the basis for selecting signatures. Experimental results show that our method can effectively detect CAN traffic related anomalies. For the content related anomalies, the detection ratio can be improved by exploiting the relationship between the signals.

Recent advancements in the field of in-vehicle network and wireless communication, has been steadily progressing. Also, the advent of technologies such as Vehicular Adhoc Networks (VANET) and Intelligent Transportation System (ITS), has transformed modern automobiles into a sophisticated cyber-physical system rather than just a isolated mechanical device. Modern automobiles rely on many electronic control units communicating over the Controller Area Network (CAN) bus. Although protecting the car's external interfaces is an vital part of preventing attacks, detecting malicious activity on the CAN bus is an effective second line of defense against attacks. This paper proposes a hybrid anomaly detection system for CAN bus based on patterns of recurring messages and time interval of messages. The proposed method does not require modifications in CAN bus. The proposed system is evaluated on real CAN bus traffic with simulated attack scenarios. Results obtained show that our proposed system achieved a good detection rate with fast response times.

While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this paper, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay.