Abstract
Modern automobiles have more than 70 electronic control units (ECUs) and 100 million lines of code to improve safety, fuel economy, performance, durability, user experience, and to reduce emissions. Automobiles are becoming increasingly interconnected with the outside world. Consequently, modern day automobiles are becoming more prone to cyber security attacks. Towards this end, we present an approach that uses machine learning to detect abnormal behavior, including malicious ones, on embedded networks in heavy vehicles. Our modular algorithm uses machine learning approaches on the internal network traffic in heavy vehicles to generate warning alarms in real-time. We tested our hypothesis on five separate data logs that characterize the operations of heavy vehicles having different specifications under varying driving conditions. We report a malicious detection rate of 98–99% and a mean accuracy rate of 96–99% across all experiments using five-fold cross-validation. Our analysis also shows that with a small subset of hand-crafted features, the complex dynamic behavior of heavy vehicle ECUs can be predicted and classified as normal or abnormal.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A false-alarm occurs when an alert is not due to an actual attack.
- 2.
- 3.
Due to a Non-Disclosure Agreement (NDA), we cannot release the make and model of the vehicle.
- 4.
The data is available at http://tucrrc.utulsa.edu/J1939Database.html.
References
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle (2015)
Cho, K.-T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: USENIX Security Symposium (2016)
Wolf, M., Lambert, R.: Hacking trucks-cybersecurity risks and effective cybersecurity protection for heavy duty vehicles (2017)
Kang, M.-J., Kang, J.-W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: Vehicular Technology Conference (2016)
Chockalingam, V., Larson, I., Lin, D., Nofzinger, S.: Detecting attacks on the CAN protocol with machine learning. In: Annual EECS 588 Security Symposium (2016)
Narayanan, S.N., Mittal, S., Joshi, A.: OBD\_SecureAlert: an anomaly detection system for vehicles. In: International Conference on Smart Computing (2016)
Bosch, R., et al.: CAN specification version 2.0 (1991)
Murvay, P.-S., Groza, B.: Security shortcomings and countermeasures for the SAE J1939 commercial vehicle bus protocol (2018)
SAE J1931, Data Link Layer (2016)
SAE J1939, Digital Annex (2015)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms (2004)
Szilagyi, C.J.: Low cost multicast network authentication for embedded control systems. Ph.D. thesis (2012)
Nilsson, D.K., Larson, U.E., Jonsson, E.: Efficient in-vehicle delayed data authentication based on compound message authentication codes. In: Vehicular Technology Conference (2008)
Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In: Workshop on Lightweight Cryptography (2011)
Murvay, P.-S., Groza, B.: Source identification using signal characteristics in controller area networks. In: Signal Processing Letters (2014)
Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: Voltageids: low-level communication characteristics for automotive intrusion detection system. Trans. Inf. Forensics Secur. 13, 2114–2129 (2018)
Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ECUs using inimitable characteristics of signals in controller area networks. Trans. Veh. Technol. 67, 4757–4770 (2018)
Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: International Conference on Data Science and Advanced Analytics (2016)
Mukherjee, S., Walker, J., Ray, I., Daily, J.: A precedence graph-based approach to detect message injection attacks in J-1939 based networks. In: International Conference on Privacy, Security and Trust (2017)
Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks – practical examples and selected short-term countermeasures. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 235–248. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87698-4_21
Burakova, Y., Hass, B., Millar, L., Weimerskirch, A.: Truck hacking: an experimental analysis of the SAE J1939 standard. In: Workshop on Offensive Technologies (2016)
John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Uncertainty in Artificial Intelligence (1995)
Acknowledgement
We thank Landon Zweigle for reading through the manuscript. This work was supported in part by NSF Award Number CNS 1715458.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Shirazi, H., Ray, I., Anderson, C. (2020). Using Machine Learning to Detect Anomalies in Embedded Networks in Heavy Vehicles. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-45371-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45370-1
Online ISBN: 978-3-030-45371-8
eBook Packages: Computer ScienceComputer Science (R0)