Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection

Zachariah Tyree, Robert A. Bridges, Frank L. Combs, Michael R. Moore

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors-one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.

Original languageEnglish
Title of host publication2018 IEEE 88th Vehicular Technology Conference, VTC-Fall 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538663585
DOIs
StatePublished - Jul 2 2018
Event88th IEEE Vehicular Technology Conference, VTC-Fall 2018 - Chicago, United States
Duration: Aug 27 2018Aug 30 2018

Publication series

NameIEEE Vehicular Technology Conference
Volume2018-August
ISSN (Print)1550-2252

Conference

Conference88th IEEE Vehicular Technology Conference, VTC-Fall 2018
Country/TerritoryUnited States
CityChicago
Period08/27/1808/30/18

Funding

This manuscript has been authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725 with the US DOE. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan).

FundersFunder number
National Science Foundation Math Science
U. S. Department of Energy
Oak Ridge National Laboratory

    Fingerprint

    Dive into the research topics of 'Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection'. Together they form a unique fingerprint.

    Cite this