SAMPATH RAJAPAKSHA R WASALA MUDIYANSELAGE POLWATTE GEDARA s.rajapaksha@rgu.ac.uk
Research Student
Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.
Rajapaksha, Sampath; Kalutarage, Harsha; Al-Kadri, M. Omar; Madzudzo, Garikayi; Petrovski, Andrei V.
Authors
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Associate Professor
M. Omar Al-Kadri
Garikayi Madzudzo
Andrei V. Petrovski
Contributors
T. Jan?�rkov�
Editor
G. Visky
Editor
I. Winther
Editor
Abstract
The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat to information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles, including military vehicles, passenger cars and commercial vehicles, and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency.
Citation
RAJAPAKSHA, S., KALUTARAGE, H., AL-KADRI, M.O., MADZUDZO, G. and PETROVSKI, A.V. 2022. Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security. In Jančárková, T., Visky, G. and Winther, I. (eds.). Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving, 31 May - 3 June 2022, Tallinn, Estonia. Tallinn: CCDCOE, pages 309-330. Hosted on IEEE Xplore [online]. Available from: https://doi.org/10.23919/CyCon55549.2022.9811048
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving |
| Start Date | May 31, 2022 |
| End Date | Jun 3, 2022 |
| Acceptance Date | Oct 21, 2021 |
| Online Publication Date | Jun 3, 2022 |
| Publication Date | Jul 4, 2022 |
| Deposit Date | Jul 8, 2022 |
| Publicly Available Date | Jul 8, 2022 |
| Publisher | CCDCOE Nato Cooperative Cyber Defence Centre of Excellence |
| Peer Reviewed | Peer Reviewed |
| Pages | 309-330 |
| Series ISSN | 2325-5366 |
| Book Title | Proceedings of 14th International conference on Cyber conflict 2022 (CyCon 2022): keep moving |
| ISBN | 9789916978900 |
| DOI | https://doi.org/10.23919/CyCon55549.2022.9811048 |
| Keywords | Controller area network; Anomaly detection; Vehicle networks; CAN bus |
| Public URL | https://rgu-repository.worktribe.com/output/1706298 |
Files
RAJAPAKSHA 2022 Keep the moving vehicle secure (AAM)
(1.1 Mb)
PDF
Copyright Statement
No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence (publications@ccdcoe.org). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, provided that copies bear this notice and a full citation on the first page as follows:
RAJAPAKSHA, S., KALUTARAGE, H., AL-KADRI, M.O., MADZUDZO, G. and PETROVSKI, A.V., Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security. 2022 14th International Conference on Cyber Conflict: Keep Moving. T. Jančárková, G. Visky, I. Winther (Eds.) 2022 © CCDCOE Publication.
You might also like
Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system.
(2023)
Journal Article
AI-based intrusion detection systems for in-vehicle networks: a survey.
(2023)
Journal Article
AI-powered vulnerability detection for secure source code development.
(2023)
Presentation / Conference Contribution
MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis.
(2024)
Presentation / Conference Contribution
Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis.
(2024)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search