SAMPATH RAJAPAKSHA R WASALA MUDIYANSELAGE POLWATTE GEDARA s.rajapaksha@rgu.ac.uk
Research Student
Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.
Rajapaksha, Sampath; Kalutarage, Harsha; Al-Kadri, M. Omar; Madzudzo, Garikayi; Petrovski, Andrei V.
Authors
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Lecturer
M. Omar Al-Kadri
Garikayi Madzudzo
Andrei V. Petrovski
Contributors
T.
Editor
G. Visky
Editor
I. Winther
Editor
Abstract
The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat to information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles, including military vehicles, passenger cars and commercial vehicles, and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency.
Citation
RAJAPAKSHA, S., KALUTARAGE, H., AL-KADRI, M.O., MADZUDZO, G. and PETROVSKI, A.V. 2022. Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security. In JanĨárková, T., Visky, G. and Winther, I. (eds.). Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving, 31 May - 3 June 2022, Tallinn, Estonia. Tallinn: CCDCOE, pages 309-330. Hosted on IEEE Xplore [online]. Available from: https://doi.org/10.23919/CyCon55549.2022.9811048
Conference Name | 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving |
---|---|
Conference Location | Tallinn, Estonia |
Start Date | May 31, 2022 |
End Date | Jun 3, 2022 |
Acceptance Date | Oct 21, 2021 |
Online Publication Date | Jun 3, 2022 |
Publication Date | Jul 4, 2022 |
Deposit Date | Jul 8, 2022 |
Publicly Available Date | Jul 8, 2022 |
Publisher | CCDCOE Nato Cooperative Cyber Defence Centre of Excellence |
Pages | 309-330 |
Series ISSN | 2325-5366 |
Book Title | Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving |
ISBN | 9789916978900 |
DOI | https://doi.org/10.23919/CyCon55549.2022.9811048 |
Keywords | Controller area network; Anomaly detection; Vehicle networks; CAN bus |
Public URL | https://rgu-repository.worktribe.com/output/1706298 |
Files
RAJAPAKSHA 2022 Keep the moving vehicle secure (AAM)
(1.1 Mb)
PDF
Copyright Statement
You might also like
AI-based intrusion detection systems for in-vehicle networks: a survey.
(2023)
Journal Article
Developing secured android applications by mitigating code vulnerabilities with machine learning.
(2022)
Conference Proceeding
Robust, effective and resource efficient deep neural network for intrusion detection in IoT networks.
(2022)
Conference Proceeding
Improving intrusion detection through training data augmentation.
(2021)
Conference Proceeding
Reasoning with counterfactual explanations for code vulnerability detection and correction.
(2021)
Conference Proceeding