TY - GEN
T1 - Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection
AU - Tyree, Zachariah
AU - Bridges, Robert A.
AU - Combs, Frank L.
AU - Moore, Michael R.
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors-one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.
AB - Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors-one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.
UR - http://www.scopus.com/inward/record.url?scp=85064908286&partnerID=8YFLogxK
U2 - 10.1109/VTCFall.2018.8690644
DO - 10.1109/VTCFall.2018.8690644
M3 - Conference contribution
AN - SCOPUS:85064908286
T3 - IEEE Vehicular Technology Conference
BT - 2018 IEEE 88th Vehicular Technology Conference, VTC-Fall 2018 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 88th IEEE Vehicular Technology Conference, VTC-Fall 2018
Y2 - 27 August 2018 through 30 August 2018
ER -