Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: A data-driven approach to in-vehicle intrusion detection

Michael R. Moore, Robert A. Bridges, Frank L. Combs, Michael S. Starr, Stacy J. Prowell

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

88 Scopus citations

Abstract

Modern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become common, and vehicle-to-vehicle / vehicle-to-infrastructure technology is in the near future, the attack surface for vehicles grows, exposing control networks to potentially life-critical attacks. This paper addresses the need for securing the controller area network (CAN) bus by detecting anomalous traffic patterns via unusual refresh rates of certain commands. While previous works have identified signal frequency as an important feature for CAN bus intrusion detection, this paper provides the first such algorithm with experiments using three attacks in five (total) scenarios. Our data-driven anomaly detection algorithm requires only five seconds of training time (on normal data) and achieves true positive / false discovery rates of 0.9998/0.00298, respectively (micro-averaged across the five experimental tests).

Original languageEnglish
Title of host publicationProceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450348553
DOIs
StatePublished - Apr 4 2017
Event12th Annual Cyber and Information Security Research Conference, CISRC 2017 - Oak Ridge, United States
Duration: Apr 4 2017Apr 6 2017

Publication series

NameACM International Conference Proceeding Series

Conference

Conference12th Annual Cyber and Information Security Research Conference, CISRC 2017
Country/TerritoryUnited States
CityOak Ridge
Period04/4/1704/6/17

Keywords

  • Anomaly detection
  • CAN bus
  • In-vehicle security
  • Signal injection

Fingerprint

Dive into the research topics of 'Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: A data-driven approach to in-vehicle intrusion detection'. Together they form a unique fingerprint.

Cite this