Abstract
Modern vehicles are equipped with Electronic Control Units (ECUs), and they communicate with each other over in-vehicle networks. However, since the Controller Area Network (CAN), a common communication protocol for ECUs, does not have a security mechanism, malicious attackers might take advantage of its vulnerability to inject a malicious message to cause unintended controls of the vehicle. In this paper, we study the applicability of statistical anomaly detection methods for identifying malicious CAN messages in in-vehicle networks. To incorporate various types of information included in a CAN message, we apply a rule-based field classification algorithm for extracting message features, and then obtain low dimensional embeddings of message features, and use the reconstruction error as a maliciousness score of a message. We collected CAN message data from a real vehicle, and confirmed the effectiveness of the methods in practical situations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Proceedings of the 25th USENIX Security Symposium (USENIX), pp. 911–927 (2016)
Hamada, Y., Inoue, M., Horihata, S., Kamemura, A.: Intrusion detection by density estimation of reception cycle periods for in-vehicle networks: a proposal. In: Proceedings of the Embedded Security in Cars Conference (ESCAR) (2016)
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 447–462 (2010)
Marchetti, M., Stabili, D., Guido, A., Colajanni, M.: Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: Proceedings of the 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a Better Tomorrow (RTSI), pp. 1–6 (2016)
Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown CAN bus networks. In: Proceedings of the Embedded Security in Cars Conference (ESCAR) (2015)
Miller, C., Valasek, C.: Adventures in automotive networks and control units (2013). http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf
Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: Proceedings of the IEEE Intelligent Vehicles Symposium, pp. 1110–1115 (2011)
Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus. In: 2015 World Congress on Industrial Control Systems Security (WCICSS) (2015)
Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 130–139 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Kuwahara, T. et al. (2018). Payload-Based Statistical Intrusion Detection for In-Vehicle Networks. In: Ganji, M., Rashidi, L., Fung, B., Wang, C. (eds) Trends and Applications in Knowledge Discovery and Data Mining. PAKDD 2018. Lecture Notes in Computer Science(), vol 11154. Springer, Cham. https://doi.org/10.1007/978-3-030-04503-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-04503-6_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04502-9
Online ISBN: 978-3-030-04503-6
eBook Packages: Computer ScienceComputer Science (R0)