Abstract:The in-vehicle voltage-based intrusion detection system (VIDS) can recognize the identity of the ECUs and detect the physical layer attacks that cannot be detected by the content-based or frequency-based IDS. However, recent research in VIDS has discovered an overlapped voltage attack that can bypass the existing VIDS by generating overlapped voltage signals from two compromised ECUs to distort the fingerprint of the target ECU. The existing solutions need to change the communication protocol or network topology to mitigate the attack, which may involve additional development costs or scheduling mechanisms to coordinate the tasks. In this paper, motivated by not changing the network topology and protocols, we propose an improved VIDS that can efficiently detect the overlapped voltage attack of the in-vehicle CAN network. Before retraining the VIDS classifier model, we add the mechanism for detecting and filtering overlapped signals in the voltage samples by applying the Long Short-Term Memory (LSTM) autoencoder network to preserve the fingerprint characteristics of the benign waveform in the original samples. First, we establish an LSTM autoencoder model with benign voltages collected in a usual scenario and then apply the automatic thresholding approach to obtain the threshold to separate the overlapped and benign voltages. Next, we filter the overlapped voltages and extract the fingerprint features from the filtered voltage samples to predict the classification of the masquerade CAN packet during the attack. Finally, we evaluate the performance and attack success rate of the proposed VIDS on a CAN bus testbench. The results show that the proposed VIDS can effectively detect the overlapped voltage attack and identify the compromised ECU mimicking the distorted voltage fingerprints with an accuracy of 99.4%. The attack success rate of the proposed VIDS drops to 0 ∼ 18%, which is about 60 ∼ 95% for the existing VIDS.

Detecting CAN overlapped voltage attacks with an improved voltage-based in-vehicle intrusion detection system

Mitigating Vulnerabilities of Voltage-based Intrusion Detection Systems in Controller Area Networks

Side Channel Analysis: A Novel Intrusion Detection System Based on Vehicle Voltage Signals

SAID: State-aware Defense Against Injection Attacks on In-vehicle Network

A Lightweight Intrusion Detection System for Vehicular Networks Based on an Improved ViT Model

Practical IDS on In-vehicle Network Against Diversified Attack Models

Viden: Attacker Identification on In-Vehicle Networks

CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals

Intrusion Detection Method for In-Vehicle CAN Bus Based on Message and Time Transfer Matrix

Domain Adversarial Neural Network-Based Intrusion Detection System for In-Vehicle Network Variant Attacks

X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network

Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection

A Delay Based Plug-in-Monitor for Intrusion Detection in Controller Area Network.

Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks

Real-Time Zero-Day Intrusion Detection System for Automotive Controller Area Network on FPGAs

CANCloak: Deceiving Two ECUs with One Frame

Two-Point Voltage Fingerprinting: Increasing Detectability of ECU Masquerading Attacks

Multi-Attack Intrusion Detection for In-Vehicle CAN-FD Messages

CANival: A multimodal approach to intrusion detection on the vehicle CAN bus

Semi-supervised intrusion detection system for in-vehicle networks based on variational autoencoder and adversarial reinforcement learning