A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS Attacks
Pages 19 - 30
Abstract
Modern smart vehicles have a Controller Area Network (CAN) that supports intra-vehicle communication between intelligent Electronic Control Units (ECUs). The CAN is known to be vulnerable to various cyber attacks. In this paper, we propose a unified framework that can detect multiple types of cyber attacks (viz., Denial of Service, Fuzzy, Impersonation) affecting the CAN. Specifically, we construct a feature by observing the timing information of CAN packets exchanged over the CAN bus network over partitioned time windows to construct a low dimensional representation of the entire CAN network as a time series latent space. Then, we apply a two tier anomaly based intrusion detection model that keeps track of short term and long term memory of deviations in the initial time series latent space, to create a 'stateful latent space'. Then, we learn the boundaries of the benign stateful latent space that specify the attack detection criterion. To find hyper-parameters of our proposed model, we formulate a preference based multi-objective optimization problem that optimizes security objectives tailored for a network-wide time series anomaly based intrusion detector by balancing trade-offs between false alarm count, time to detection, and missed detection rate. We use real benign and attack datasets collected from a Kia Soul vehicle to validate our framework and show how our performance outperforms existing works.
References
[1]
M. Al-Saud, A. M. Eltamaly, M. A. Mohamed and A. Kavousi-Fard, ?An Intelligent Data-Driven Model to Secure Intravehicle Communications Based on Machine Learning",IEEE Transactions on Industrial Electronics, Vol. 67(6) pp. 5112--5119, 2019.
[2]
O. Avatefipour, A. S. Al-Sumaiti, A. M. El-Sherbeeny, E. M. Awwad, M. A. Elmeligy, M. A. Mohamed & H. Malik?An Intelligent Secured Framework for Cyberattack Detection in Electric Vehicles' CAN Bus Using Machine Learning", IEEE Access, Vol. 7, pp. 127580--127592, 2019.
[3]
S. Axelsson, "The base-rate fallacy and the difficulty of intrusion detection", ACM Trans. Inf. Syst. Secur. Vol. 3(3), pp. 186--205, Aug. 2000.
[4]
S. Bhattacharjee and S. K. Das, "Detection and Forensics against Stealthy Data Falsification in Smart Metering Infrastructure," IEEE Transactions on Dependable and Secure Computing, Vol. 18(1), pp. 356--371,2021.
[5]
S.Bhattacharjee, P. Madhavarapu, S. Silvestri, S.K. Das, ? Attack Context Embedded Data Driven Trust Diagnostics in Smart Metering Infrastructure", ACM Trans. on Privacy and Security, Jan 2021.
[6]
E. Burke, G. Kendall, "SEARCH METHODOLOGIES: Introductory Tutorials in Optimization and Decision Support Techniques", Springer, 2005.
[7]
K. T. Cho, & K. G. Shin,"Fingerprinting electronic control units for vehicle intrusion detection", USENIX Security Symposium,Vol. 40, pp. 911--27,2016.
[8]
T. Fiorese, & P. Montino, "Learning-based Intrusion Detection System for On-Board Vehicle Communication", ITASEC,pp. 180--192,2021.
[9]
S. Fröschle and A. Stühring, "Analyzing the capabilities of the CAN attacker" In Computer Security--ESORICS 2017: 22nd European Symposium on Research in Computer Security, pp. 464- 482, 2017.
[10]
S. Halder, M. Conti, and S. K. Das., "COIDS: A Clock Offset Based Intrusion Detection System for Controller Area Networks. Proceedings of the 21st International Conference on Distributed Computing and Networking. pp. 1--10,2020.
[11]
M. Han, B. Kwak, H. Kim, "Anomaly intrusion detection method for vehicular networks based on survival analysis", Vehicular Communications, Vol. 14, pp. 52--63, 2018.
[12]
M. L. Han, B. I. Kwak and H. K. Kim, "Event-Triggered Interval-Based Anomaly Detection and Attack Identification Methods for an In-Vehicle Network", IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 2941--2956, 2021.
[13]
Y. He, Z. Jia, M. Hu, C. Cui, Y. Cheng and Y. Yang, "The Hybrid Similar Neighborhood Robust Factorization Machine Model for Can Bus Intrusion Detection in the In-Vehicle Network", IEEE Transactions on Intelligent Transportation Systems, Vol. 23(9), pp. 16833--16841, 2021.
[14]
R. Hu, Z. Wu, Y. Xu & T. Lai, "Multi-attack and multi-classification intrusion detection for vehicle-mou.nted networks based on mosaic-coded convolutional neural network, Scientific Reports, Vol. 12(1), pp. 1--16.,2022.
[15]
H. Kimm & H. S. Ham, "Integrated fault tolerant system for automotive bus networks" 2010 Second International Conference on Computer Engineering and Applications.Vol. 1, pp. 486- 490,2010.
[16]
C. King, D. Klinedinst. "Vehicle Cybersecurity: The Jeep Hack and Beyond." Carnegie Mellon University, Software Engineering Institute's Insights, May 23, 2016.
[17]
T. Kuwahara, Y. Baba, H. Kashima, T. Kishikawa, J. Tsurumi, T. Haga, Y. Ujiie,T. Sasaki, & H. Matsushima, "Supervised and Unsupervised Intrusion Detection Based on CAN Message Frequencies for In-vehicle Network",Journal of Information Processing, Vol. 26, 2018.
[18]
H. Lee, S. H. Jeong and H. K. Kim, "OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame", 2017 15th Annual Conference on Privacy, Security and Trust (PST) pp. 57--5709, 2017.
[19]
H. Lee, S. H. Jeong and H. K. Kim, "CAN Dataset for intrusion detection (OTIDS). [Online]: http://ocslab.hksecurity.net/Dataset/CAN-intrusion-dataset", 2018.
[20]
C. W. Lin, and A. Sangiovanni-Vincentelli, "Cyber-security for the controller area network (CAN) communication protocol." 2012 International Conference on Cyber Security,pp. 1--7,IEEE,2012.
[21]
S. Longari, D. H. Nova Valcarcel, M. Zago, M. Carminati and S. Zanero, "CANnolo: An Anomaly Detection System Based on LSTM Autoencoders for Controller Area Network," IEEE Transactions on Network and Service Management, Vol. 18(2),pp. 1913--1924, 2021.
[22]
C. Miller & C. Valasek, "Adventures in automotive networks and control units". Def Con 21, pp. 15--31,2013.
[23]
C. Miller & C. Valasek, "Remote exploitation of an unaltered passenger vehicle", Black Hat USA 2015,(S 91), pp. 1--91,2015.
[24]
S. Rajapaksha, H. Kalutarage, M. Omar Al-Kadri, A. Petrovski, G. Madzudzo, and M. Cheah. 2023. "AI-Based Intrusion Detection Systems for In-Vehicle Networks: A Survey. ACM Comput. Surv. Vol. 55(11), 2023.
[25]
L. Ran, W. Junfeng, W. Haiying and L. Gechen, "Design method of CAN BUS network communication structure for electric vehicle" International Forum on Strategic Technology 2010, pp. 326--329,2010.
[26]
D. Tanaka, M. Yamada, H. Kashima, T. Kishikawa, T. Haga and T. Sasaki, "In-Vehicle Network Intrusion Detection and Explanation Using Density Ratio Estimation", 2019 IEEE Intelligent Transportation Systems Conference (ITSC), pp. 2238--2243, 2019.
[27]
D. Urbina, J. Giraldo, A. Cardenas, J. Valente, M. Faisal, N. Tippenhauer, J. Ruths, R. Candell, H. Sandberg, "Survey and New Directions for Physics-Based Attack Detection in Control Systems", NIST Grant/Contract Reports NIST GCR 16-010, 2016.
[28]
P. Wei, B. Wang, X. Dai, L. Li, & F. He, "A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder", Digital Communications and Networks, Vol.9(1), 14--21,2023.
Index Terms
- A Unified Time Series Analytics based Intrusion Detection Framework for CAN BUS Attacks
Recommendations
Mimicry attacks on host-based intrusion detection systems
CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityWe examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. ...
Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection
CISRC '17: Proceedings of the 12th Annual Conference on Cyber and Information Security ResearchModern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become ...
Deep learning for anomaly detection in multivariate time series: Approaches, applications, and challenges
AbstractAnomaly detection has recently been applied to various areas, and several techniques based on deep learning have been proposed for the analysis of multivariate time series. In this study, we classify the anomalies into three types, ...
Highlights- The methods for anomaly detection on multivariate time series are reviewed.
- The ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
429 pages
ISBN:9798400704215
DOI:10.1145/3626232
- General Chair:
- João P. Vilela,
- Program Chairs:
- Haya Schulmann,
- Ninghui Li
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CODASPY '24
Sponsor:
CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy
June 19 - 21, 2024
Porto, Portugal
Acceptance Rates
Overall Acceptance Rate 149 of 789 submissions, 19%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 242Total Downloads
- Downloads (Last 12 months)242
- Downloads (Last 6 weeks)29
Reflects downloads up to 26 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in