Abdul Rehman Javed,Saif ur Rehman,Mohib Ullah Khan,Mamoun Alazab,Thippa Reddy G

DOI: https://doi.org/10.1109/tnse.2021.3059881

IF: 6.6

2021-04-01

IEEE Transactions on Network Science and Engineering

Abstract:Controller area network (CAN) is a communication protocol that provides reliable and productive transmission between in-vehicle nodes continuously. CAN bus protocol is broadly utilized standard channel to deliver sequential communications between electronic control units (ECUs) due to simple and reliable in-vehicle communication. Existing studies report how easily an attack can be performed on the CAN bus of in-vehicle due to weak security mechanisms that could lead to system malfunctions. Hence the security of communications inside a vehicle is a latent problem. In this paper, we propose a novel approach named CANintelliIDS, for vehicle intrusion attack detection on the CAN bus. CANintelliIDS is based on a combination of convolutional neural network (CNN) and attention-based gated recurrent unit (GRU) model to detect single intrusion attacks as well as mixed intrusion attacks on a CAN bus. The proposed CANintelliIDS model is evaluated extensively and it achieved a performance gain of 10.79% on test intrusion attacks over existing approaches.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Maloy Kumar Devnath

2023-09-24

Abstract:The Controller Area Network (CAN) bus serves as a standard protocol for facilitating communication among various electronic control units (ECUs) within contemporary vehicles. However, it has been demonstrated that the CAN bus is susceptible to remote attacks, which pose risks to the vehicle's safety and functionality. To tackle this concern, researchers have introduced intrusion detection systems (IDSs) to identify and thwart such attacks. In this paper, we present an innovative approach to intruder detection within the CAN bus, leveraging Graph Convolutional Network (GCN) techniques as introduced by Zhang, Tong, Xu, and Maciejewski in 2019. By harnessing the capabilities of deep learning, we aim to enhance attack detection accuracy while minimizing the requirement for manual feature engineering. Our experimental findings substantiate that the proposed GCN-based method surpasses existing IDSs in terms of accuracy, precision, and recall. Additionally, our approach demonstrates efficacy in detecting mixed attacks, which are more challenging to identify than single attacks. Furthermore, it reduces the necessity for extensive feature engineering and is particularly well-suited for real-time detection systems. To the best of our knowledge, this represents the pioneering application of GCN to CAN data for intrusion detection. Our proposed approach holds significant potential in fortifying the security and safety of modern vehicles, safeguarding against attacks and preventing them from undermining vehicle functionality.

Cryptography and Security

Asma Alfardus,Danda B. Rawat

DOI: https://doi.org/10.1109/uemcon53757.2021.9666745

2021-12-01

Abstract:The advent of automotive industry has an increasing market demand pertaining to installation of intelligent transportation facilities in modern vehicles. Now more comfortable and safer travelling experience is one best trait of these vehicles. Moreover, it has opened new gates to advancement in automotive sector. Modern vehicles are connected to advance systems and technologies using various communication protocols. Amongst numerous communication protocols, one widely used protocol is the controller area network (CAN) bus which serves as a central medium for in-vehicle communications. However, the communication in these vehicles may impose greater threats and may ultimately compromise the security by breaching the system. Various attacks on CAN bus may compromise the confidentiality, integrity and availability of vehicular data through intrusions which may endanger the physical safety of vehicle and passengers. In this paper, a novel machine learning based approach is used to devise an Intrusion Detection System for the CAN bus network. The proposed system is scalable and adaptable to a diverse set of emerging attacks on autonomous vehicles. Results witnessed the accuracy of 100% of our proposed system in detecting and safeguarding threats against multiple impersonation and denial of service attacks as well as 99% accuracy of fuzzy attacks.

Shuhan Wu,Siyong Li,Wei Sun

DOI: https://doi.org/10.1109/auteee60196.2023.10408040

2023-01-01

Abstract:With the popularity of intelligent vehicles, there are numerous concerns regarding the security of the in-vehicle networks (IVNs). Controller Area Network (CAN) is one of the primary networks utilized in vehicles due to its high reliability and low cost. However, the absence of security mechanisms makes it vulnerable to cyber attacks. Once the attacker successfully gains access to the target CAN bus through the physical or wireless interface, various types of injection attacks can be conducted. To detect malicious attack on communication of the CAN bus, an efficient intrusion detection system (IDS) is required. Since the data of the CAN bus is typically in the form of time series, recurrent neural network (RNN) based methods have been proven effective for in-vehicle intrusion detection. In this paper, we proposed a novel approach named ConvIDS. The method is based on CAN image transforming and Convolutional Long Short-Term Memory Network (ConvLSTM). The experiments on real vehicle datasets demonstrate that the proposed model outperforms traditional neural network based methods in aspects of all metrics.

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Jingwen Wei,Ye Chen,Yingxu Lai,Yuhang Wang,Zhaoyi Zhang

DOI: https://doi.org/10.1109/lcomm.2022.3195486

IF: 3.5529

2022-11-12

IEEE Communications Letters

Abstract:A controller area network (CAN) bus that controls real-time communication and data transmission of electronic control units in vehicles lacks security mechanisms and is highly vulnerable to attacks. The detection effectiveness of existing In-Vehicle network intrusion detection systems (IDSs) is usually reliant on training samples of known attacks. Owing to the simple structure of the CAN bus protocol, attackers can easily create variants based on known attacks. In this study, we propose a CAN bus IDS based on a domain adversarial neural network, which can achieve high detection performance on unlearned variant attack data. In addition, we used feature fusion techniques to synthetically extract the features of the attack data to improve detection capability. The experimental results demonstrate that our proposed model has high performance and generalization ability in attack detection.

telecommunications

Hyun Min Song,Jiyoung Woo,Huy Kang Kim

DOI: https://doi.org/10.1016/j.vehcom.2019.100198

IF: 6.7

2020-01-01

Vehicular Communications

Abstract:<p>The implementation of electronics in modern vehicles has resulted in an increase in attacks targeting in-vehicle networks; thus, attack detection models have caught the attention of the automotive industry and its researchers. Vehicle network security is an urgent and significant problem because the malfunctioning of vehicles can directly affect human and road safety. The controller area network (CAN), which is used as a de facto standard for in-vehicle networks, does not have sufficient security features, such as message encryption and sender authentication, to protect the network from cyber-attacks. In this paper, we propose an intrusion detection system (IDS) based on a deep convolutional neural network (DCNN) to protect the CAN bus of the vehicle. The DCNN learns the network traffic patterns and detects malicious traffic without hand-designed features. We designed the DCNN model, which was optimized for the data traffic of the CAN bus, to achieve high detection performance while reducing the unnecessary complexity in the architecture of the Inception-ResNet model. We performed an experimental study using the datasets we built with a real vehicle to evaluate our detection system. The experimental results demonstrate that the proposed IDS has significantly low false negative rates and error rates when compared to the conventional machine-learning algorithms.</p>

telecommunications,transportation science & technology

Haoyu Ma,Jianqiu Cao,Bo Mi,Darong Huang,Yang Liu,Shaoqian Li

DOI: https://doi.org/10.1155/2022/5827056

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:With the rapid development of vehicular networking and intelligence, more interfaces are adopted by cars to interact with the external world. Accordingly, this also brings enormous security risks, which are potentially catastrophic due to communication loopholes. Since the Controller Area Network (CAN) is critical to the transmission of commands among vehicular components, it has become a prime target for hacker research and attack. Considering that the CAN bus is commonly used and its protocol is always flawed, how to efficiently detect the intrusions against it has become an evitable problem. In this paper, we presented an intrusion detection system that can be rapidly deployed inside the vehicle. Aiming at achieving the goal of real-time detection, we devised a feature extraction algorithm with low complexity and thoroughly exploited its advantages via a GRU-based lightweight neural network. The experiment was physically conducted on in-vehicle embedded devices using publicly available datasets. Experiment results illustrated that our intrusion detection system could be rapidly deployed with high classification and real-time performance. Moreover, we also discussed how an intrusion detection system could work with OTA services to improve the intelligence of vehicular operating systems and prevent potential attacks.

Muneeb Hassan Khan,Abdul Rehman Javed,Zafar Iqbal,Muhammad Asim,Ali Ismail Awad

DOI: https://doi.org/10.1016/j.cose.2024.103712

IF: 5.105

2024-01-17

Computers & Security

Abstract:The controller area network (CAN) protocol is a critical communication mechanism in vehicular systems. However, the widespread adoption of this protocol has introduced vulnerabilities to in-vehicle communication channels, making them susceptible to various security threats, including denial-of-service, fuzzy, and impersonation attacks. There is thus an urgent need to develop effective security measures to counter these threats. Unfortunately, existing approaches to attack detection suffer from shortcomings such as suboptimal accuracy and high false-positive rates. Herein, we propose a novel methodology to address these limitations, DivaCAN. DivaCAN leverages an ensemble of classifiers, including deep neural networks, the multi-layer perceptron, the light gradient-boosting machine, extra trees, random forest, and Bagging, along with k -nearest neighbors, for intrusion-attack recognition on the CAN bus. The DivaCAN model was thoroughly evaluated, and its exceptional performance, which surpasses that of the latest methodologies, was demonstrated. It was found to achieve a precision of 94.93%, a recall of 94.98%, and an F1 score of 94.97%. One notable aspect of this research is the emphasis on achieving a low false-positive rate, which is often overlooked by other methodologies. Additionally, the DivaCAN model was found to exhibit an acceptable execution time of 406 s, highlighting the importance of considering both accuracy and efficiency when evaluating the performance of classification models. This study thus significantly enhances the security of in-vehicle communication on the CAN protocol. DivaCAN is a robust and accurate intrusion-detection system that addresses the pressing need for effective security measures in vehicular systems.

computer science, information systems

Sk. Tanzir Mehedi,Adnan Anwar,Ziaur Rahman,Kawsar Ahmed

DOI: https://doi.org/10.3390/s21144736

IF: 3.9

2021-07-11

Sensors

Abstract:The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Amit Taneja,Gulshan Kumar

DOI: https://doi.org/10.1007/s00500-024-10313-0

IF: 3.732

2024-11-29

Soft Computing

Abstract:Modern vehicles rely on electronic control units (ECUs) communicating through the controller area network (CAN) bus protocol. However, increased connectivity through Wi-Fi, Bluetooth, and onboard diagnostics (OBD) ports has heightened cybersecurity risks due to the CAN bus protocol's inherent security vulnerabilities. Addressing this challenge requires an in-vehicle intrusion detection system (IDS) with high accuracy and minimal false alarms. Existing IDSs for in-vehicle networks often fall short due to inadequate extraction of network traffic features' dependencies in a time-series context.To overcome this limitation, this study presents ACL-IDS, a hybrid intrusion detection system for in-vehicle network traffic. Leveraging deep learning techniques like CNN, LSTM, and attention mechanisms, ACL-IDS effectively captures short-term and long-term dependencies within network traffic, enhancing intrusion detection accuracy. Extensive experiments on a real benchmark dataset demonstrate ACL-IDS's superior performance compared to individual, ensemble, and state-of-the-art methods. With detection accuracy reaching up to 99%, ACL-IDS emerges as a robust solution for analyzing and detecting intrusions in in-vehicle network traffic.

computer science, artificial intelligence, interdisciplinary applications

Zhangwei Yu,Yan Liu,Guoqi Xie,Renfa Li,Siming Liu,Laurence T. Yang

DOI: https://doi.org/10.1109/tii.2022.3202539

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Intelligent connected vehicle is rapidly growing with the 5-G technology; the diversity of functional interfaces has significantly expanded the avenues of attack, making automotive controller area network (CAN) more vulnerable to cyberthreats. Automotive CAN network attacks are a direct threat to traffic safety, and in this study, we explore the use of intrusion detection techniques for mitigating cyberattacks. However, most automotive CAN network intrusion detection technologies are not capable of defending against sophisticated attacks, making it extremely challenging for detecting intrusions in practice. In this article, we propose a novel time interval conditional entropy method for detecting intrusions in automotive CAN networks. The time interval conditional entropy intrusion detection method is not susceptible to interference and is capable of detecting a variety of attacks. In our experiments, the conditional entropy values of regular communication messages are collected and utilized to distinguish and detect the attacks. The time interval conditional entropy detection method is implemented and evaluated in our controller area net-work bus (CAN-BUS) network platform. The experiments show that our method has higher detection accuracy and is easier to deploy compared to existing automotive CAN network intrusion detection methods.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Junchao Xiao,Hao Wu,Xiangxue Li,Yuan Linghu

DOI: https://doi.org/10.1007/978-3-030-38961-1_40

2020-01-01

Abstract:A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

Riadul Islam,Rafi Ud Daula Refat,Sai Manikanta Yerram,Hafiz Malik

DOI: https://doi.org/10.1109/tits.2020.3025685

IF: 8.5

2022-03-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The controller area network (CAN) is the most widely used intra-vehicular communication network in the automotive industry. Because of its simplicity in design, it lacks most of the requirements needed for a security-proven communication protocol. However, a safe and secured environment is imperative for autonomous as well as connected vehicles. Therefore CAN security is considered one of the important topics in the automotive research community. In this article, we propose a four-stage intrusion detection system that uses the chi-squared method and can detect any kind of strong and weak cyber attacks in a CAN. This work is the first-ever graph-based defense system proposed for the CAN. Our experimental results show that we have a very low 5.26% misclassification for denial of service (DoS) attack, 10% misclassification for fuzzy attack, 4.76% misclassification for replay attack, and no misclassification for spoofing attack. In addition, the proposed methodology exhibits up to 13.73% better accuracy compared to existing ID sequence-based methods.

engineering, electrical & electronic,transportation science & technology, civil

Jing Ning,Jiadai Wang,Jiajia Liu,Nei Kato

DOI: https://doi.org/10.1109/LCOMM.2019.2937097

IF: 3.5529

2019-01-01

IEEE Communications Letters

Abstract:As the most wide-spread in-vehicle data bus protocol, CAN (Controller Area Network) has attracted more and more attention due to its lack of security protection mechanism. A variety of attacks against CAN bus have emerged, posing serious threat to vehicle safety. Accordingly, some methods have been proposed to detect CAN bus attacks, however, they have certain shortcomings such as additional compu...

Hyungchul Im,Donghyeon Lee,Seongsoo Lee

DOI: https://doi.org/10.3390/s24092807

IF: 3.9

2024-04-29

Sensors

Abstract:The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Imran Ahmed,Gwanggil Jeon,Awais Ahmad

DOI: https://doi.org/10.1109/mce.2021.3139170

2021-01-01

IEEE Consumer Electronics Magazine

Abstract:The growth of the Internet of Things (IoT) has resulted in several revolutionary applications, such as smart cities, cyber-physical systems, and the Internet of vehicles (IoV). Within the IoV infrastructure, vehicles are comprised of various electronic intelligent sensors or devices used to obtain data and communicate the necessary information with their surroundings. One of the major concerns about the implementation of these sensors or devices is data vulnerability; thus, it is necessary to present a solution that provides security, trust, and privacy to communicating entities and to secure vehicle data from malicious entities. In modern vehicles, the controller area network (CAN) is a fundamental scheme for controlling the interaction among different in-vehicle network sensors. However, not enough security features are present that support data encryption, authorization, and authentication mechanisms to secure the network from cyber or malicious intrusions such as denial of service and fuzzy attacks. An intrusion detection system is presented in this work based on the deep learning architecture to protect the CAN bus in vehicles. The VGG architecture is used and trained for different network intrusion patterns in order to detect malicious attacks. The experiments are performed using the CAN-intrusion-dataset. The experimental findings demonstrate that the presented deep learning system significantly reduces the false positive rate (FPR) compared to the conventional machine learning techniques. The overall accuracy of the system is 96 with FPR of 0.6.

telecommunications,engineering, electrical & electronic,computer science, hardware & architecture

Theyazn H H Aldhyani,Hasan Alkahtani

DOI: https://doi.org/10.3390/s22010360

2022-01-04

Abstract:Rapid technological development has changed drastically the automotive industry. Network communication has improved, helping the vehicles transition from completely machine- to software-controlled technologies. The autonomous vehicle network is controlled by the controller area network (CAN) bus protocol. Nevertheless, the autonomous vehicle network still has issues and weaknesses concerning cybersecurity due to the complexity of data and traffic behaviors that benefit the unauthorized intrusion to a CAN bus and several types of attacks. Therefore, developing systems to rapidly detect message attacks in CAN is one of the biggest challenges. This study presents a high-performance system with an artificial intelligence approach that protects the vehicle network from cyber threats. The system secures the autonomous vehicle from intrusions by using deep learning approaches. The proposed security system was verified by using a real automatic vehicle network dataset, including spoofing, flood, replaying attacks, and benign packets. Preprocessing was applied to convert the categorical data into numerical. This dataset was processed by using the convolution neural network (CNN) and a hybrid network combining CNN and long short-term memory (CNN-LSTM) models to identify attack messages. The results revealed that the model achieved high performance, as evaluated by the metrics of precision, recall, F1 score, and accuracy. The proposed system achieved high accuracy (97.30%). Along with the empirical demonstration, the proposed system enhanced the detection and classification accuracy compared with the existing systems and was proven to have superior performance for real-time CAN bus security.

Markus Hanselmann,Thilo Strauss,Katharina Dormann,Holger Ulmer

DOI: https://doi.org/10.1109/access.2020.2982544

IF: 3.9

2020-01-01

IEEE Access

Abstract:We propose a neural network architecture for detecting intrusions on the controller area network (CAN). The latter is the standard communication method between the electronic control units (ECUs) of automobiles. However, CAN lacks security mechanisms and it has recently been shown that it can be attacked remotely. Hence, it is desirable to monitor CAN traffic to detect intrusions. In order to find both, known and unknown intrusion scenarios, we consider a novel unsupervised learning approach which we call CANet. To our knowledge, this is the first deep learning based intrusion detection system (IDS) that naturally handles the data structure of the high dimensional CAN bus, where different message types are sent at different times. Our method is evaluated on real and synthetic CAN data. A comparison with previous machine learning based methods shows that CANet outperforms them by a significant margin. For reproducibility of the method, our synthetic data is publicly available.