Skip to main content

Research Repository

Advanced Search

Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.

Rajapaksha, Sampath; Kalutarage, Harsha; Al-Kadri, M. Omar; Madzudzo, Garikayi; Petrovski, Andrei V.

Authors

M. Omar Al-Kadri

Garikayi Madzudzo

Andrei V. Petrovski



Contributors

T.
Editor

G. Visky
Editor

I. Winther
Editor

Abstract

The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat to information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles, including military vehicles, passenger cars and commercial vehicles, and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency.

Citation

RAJAPAKSHA, S., KALUTARAGE, H., AL-KADRI, M.O., MADZUDZO, G. and PETROVSKI, A.V. 2022. Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security. In JanĨárková, T., Visky, G. and Winther, I. (eds.). Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving, 31 May - 3 June 2022, Tallinn, Estonia. Tallinn: CCDCOE, pages 309-330. Hosted on IEEE Xplore [online]. Available from: https://doi.org/10.23919/CyCon55549.2022.9811048

Conference Name 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving
Conference Location Tallinn, Estonia
Start Date May 31, 2022
End Date Jun 3, 2022
Acceptance Date Oct 21, 2021
Online Publication Date Jun 3, 2022
Publication Date Jul 4, 2022
Deposit Date Jul 8, 2022
Publicly Available Date Jul 8, 2022
Publisher CCDCOE Nato Cooperative Cyber Defence Centre of Excellence
Pages 309-330
Series ISSN 2325-5366
Book Title Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving
ISBN 9789916978900
DOI https://doi.org/10.23919/CyCon55549.2022.9811048
Keywords Controller area network; Anomaly detection; Vehicle networks; CAN bus
Public URL https://rgu-repository.worktribe.com/output/1706298

Files

RAJAPAKSHA 2022 Keep the moving vehicle secure (AAM) (1.1 Mb)
PDF

Copyright Statement





You might also like



Downloadable Citations