Jingwen Wei,Ye Chen,Yingxu Lai,Yuhang Wang,Zhaoyi Zhang

DOI: https://doi.org/10.1109/lcomm.2022.3195486

IF: 3.5529

2022-11-12

IEEE Communications Letters

Abstract:A controller area network (CAN) bus that controls real-time communication and data transmission of electronic control units in vehicles lacks security mechanisms and is highly vulnerable to attacks. The detection effectiveness of existing In-Vehicle network intrusion detection systems (IDSs) is usually reliant on training samples of known attacks. Owing to the simple structure of the CAN bus protocol, attackers can easily create variants based on known attacks. In this study, we propose a CAN bus IDS based on a domain adversarial neural network, which can achieve high detection performance on unlearned variant attack data. In addition, we used feature fusion techniques to synthetically extract the features of the attack data to improve detection capability. The experimental results demonstrate that our proposed model has high performance and generalization ability in attack detection.

telecommunications

lei xue,yangyang liu,tianqi li,kaifa zhao,jianfeng li,le yu,xiapu luo,yajin zhou,guofei gu

2022-01-01

Abstract:Modern vehicles are equipped with many ECUs (Electronic Control Unit) that are connected to the IVN (In-Vehicle Network) for controlling the vehicles. Meanwhile, various interfaces of vehicles, such as OBD-II port, T-Box, sensors, and telematics, implement the interaction between the IVN and external environment. Although rich value-added functionalities can be provided through these interfaces, such as diagnostics and OTA (Over The Air) updates, the adversary may also inject malicious data into IVN, thus causing severe safety issues. Even worse, existing defense approaches mainly focus on detecting the injection attacks launched from IVN, such as malicious/compromised ECUs, by analyzing CAN frames, and cannot defend against the higher layer MIAs (Message Injection Attacks) that can cause abnormal vehicle dynamics. In this paper, we propose a new state-aware abnormal message injection attack defense approach, named SAID. It detects the abnormal data to be injected into IVN by considering the data semantics and the vehicle dynamics and prevents the MIAs launched from devices connected to the vehicles, such as the compromised diagnostic tools and T-boxes. We develop a prototype of SAID for defending against MIAs and evaluate it using both real road data and simulation data. The experimental results show that SAID can defend against more than 99% of the network and service layer attack traffic and all state layer MIAs, effectively enforcing the safety of vehicles.

Seonghoon Jeong,Sangho Lee,Hwejae Lee,Huy Kang Kim

DOI: https://doi.org/10.1109/TVT.2023.3327275

2024-03-14

Abstract:Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Cryptography and Security,Signal Processing

Yijie Xun,Zhouyan Deng,Jiajia Liu,Yilin Zhao

DOI: https://doi.org/10.1109/tvt.2023.3236820

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:Intelligent connected vehicles (ICVs) integrate advanced equipment and communication network technologies to realize information exchange and sharing between vehicles and people, roads, clouds, etc., bringing great convenience to people's lives. However, the interconnection of intelligent equipment and vehicles also brings many vulnerable interfaces, threatening the security of in-vehicle networks, e.g., controller area network (CAN) bus. For protecting the security of CAN bus, some researchers propose a data encryption and decryption protocol-based method. Note that due to the resource constraints of computing and bandwidth and the requirements for low-delay data transmission, the research on protocol-based data encryption and decryption method is progressing slowly. For this reason, more researchers study vehicle intrusion detection systems (IDSs) based on side channel analysis. It does not occupy the bandwidth of CAN bus, and detects intrusion by analyzing the physical characteristics of CAN bus. Nevertheless, most of the existing work either cannot locate the source electronic control unit (ECU) of the malicious data frames, or cannot detect malicious data frames from ECUs and external nodes simultaneously, which greatly limits their practical application value. Therefore, we propose a novel IDS based on vehicle voltage signals. Specifically, we map multiple identifiers (IDs) sent for each ECU without developer documentation. In addition, we creatively design FeatureBagging-CNN combined model to detect malicious intrusion. When the external nodes or compromised ECUs send malicious data frames, the system can accurately detect them and locate their sender.

telecommunications,engineering, electrical & electronic,transportation science & technology

Ajeet Kumar Dwivedi

DOI: https://doi.org/10.48550/arXiv.2205.03537

2022-05-07

Cryptography and Security

Abstract:The progression of innovation and technology and ease of inter-connectivity among networks has allowed us to evolve towards one of the promising areas, the Internet of Vehicles. Nowadays, modern vehicles are connected to a range of networks, including intra-vehicle networks and external networks. However, a primary challenge in the automotive industry is to make the vehicle safe and reliable; particularly with the loopholes in the existing traditional protocols, cyber-attacks on the vehicle network are rising drastically. Practically every vehicle uses the universal Controller Area Network (CAN) bus protocol for the communication between electronic control units to transmit key vehicle functionality and messages related to driver safety. The CAN bus system, although its critical significance, lacks the key feature of any protocol authentication and authorization. Resulting in compromises of CAN bus security leads to serious issues to both car and driver safety. This paper discusses the security issues of the CAN bus protocol and proposes an Intrusion Detection System (IDS) that detects known attacks on in-vehicle networks. Multiple Artificial Intelligence (AI) algorithms are employed to provide recognition of known potential cyber-attacks based on messages, timestamps, and data packets traveling through the CAN. The main objective of this paper is to accurately detect cyberattacks by considering time-series features and attack frequency. The majority of the evaluated AI algorithms, when considering attack frequency, correctly identify known attacks with remarkable accuracy of more than 99%. However, these models achieve approximately 92% to 97% accuracy when timestamps are not taken into account. Long Short Term Memory (LSTM), Xgboost, and SVC have proved to the well-performing classifiers.

Li Yang,Abdallah Moubayed,Abdallah Shami

DOI: https://doi.org/10.1109/JIOT.2021.3084796

2021-05-27

Abstract:Modern vehicles, including connected vehicles and autonomous vehicles, nowadays involve many electronic control units connected through intra-vehicle networks to implement various functionalities and perform actions. Modern vehicles are also connected to external networks through vehicle-to-everything technologies, enabling their communications with other vehicles, infrastructures, and smart devices. However, the improving functionality and connectivity of modern vehicles also increase their vulnerabilities to cyber-attacks targeting both intra-vehicle and external networks due to the large attack surfaces. To secure vehicular networks, many researchers have focused on developing intrusion detection systems (IDSs) that capitalize on machine learning methods to detect malicious cyber-attacks. In this paper, the vulnerabilities of intra-vehicle and external networks are discussed, and a multi-tiered hybrid IDS that incorporates a signature-based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks. Experimental results illustrate that the proposed system can detect various types of known attacks with 99.99% accuracy on the CAN-intrusion-dataset representing the intra-vehicle network data and 99.88% accuracy on the CICIDS2017 dataset illustrating the external vehicular network data. For the zero-day attack detection, the proposed system achieves high F1-scores of 0.963 and 0.800 on the above two datasets, respectively. The average processing time of each data packet on a vehicle-level machine is less than 0.6 ms, which shows the feasibility of implementing the proposed system in real-time vehicle systems. This emphasizes the effectiveness and efficiency of the proposed IDS.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

Hyungchul Im,Donghyeon Lee,Seongsoo Lee

DOI: https://doi.org/10.3390/s24092807

IF: 3.9

2024-04-29

Sensors

Abstract:The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hyun Min Song,Jiyoung Woo,Huy Kang Kim

DOI: https://doi.org/10.1016/j.vehcom.2019.100198

IF: 6.7

2020-01-01

Vehicular Communications

Abstract:<p>The implementation of electronics in modern vehicles has resulted in an increase in attacks targeting in-vehicle networks; thus, attack detection models have caught the attention of the automotive industry and its researchers. Vehicle network security is an urgent and significant problem because the malfunctioning of vehicles can directly affect human and road safety. The controller area network (CAN), which is used as a de facto standard for in-vehicle networks, does not have sufficient security features, such as message encryption and sender authentication, to protect the network from cyber-attacks. In this paper, we propose an intrusion detection system (IDS) based on a deep convolutional neural network (DCNN) to protect the CAN bus of the vehicle. The DCNN learns the network traffic patterns and detects malicious traffic without hand-designed features. We designed the DCNN model, which was optimized for the data traffic of the CAN bus, to achieve high detection performance while reducing the unnecessary complexity in the architecture of the Inception-ResNet model. We performed an experimental study using the datasets we built with a real vehicle to evaluate our detection system. The experimental results demonstrate that the proposed IDS has significantly low false negative rates and error rates when compared to the conventional machine-learning algorithms.</p>

telecommunications,transportation science & technology

Trieu-Phong Nguyen,Jeongho Cho,Daehee Kim

DOI: https://doi.org/10.1016/j.knosys.2024.112563

IF: 8.139

2024-10-02

Knowledge-Based Systems

Abstract:Despite the affordability, simplicity, and efficiency of controller area network (CAN) protocols, the security vulnerability remains a major challenge. Currently, a machine learning-based intrusion detection system (IDS) is considered an effective approach for improving security in CAN by identifying malicious attacks. However, earlier studies that relied on supervised learning methods required considerable amounts of labeled data. Data collection from vehicles is time-consuming and expensive. Furthermore, the obtained data exhibited a class imbalance, which presents further challenges in the analysis and model training. Thus, we propose a semi-supervised learning-based IDS that combines variational autoencoder (VAE) and adversarial reinforcement learning for the multi-class classification of both known and unknown attacks. The proposed system capitalizes on the diverse patterns inherent in unlabeled data, transforming this data space into one that is more conducive to classification. Concurrently, adversarial agents in the reinforcement learning algorithm interact competitively, progressively enhancing their ability to intelligently classify and select samples. To reduce the reliance on labeled data and effectively exploit them, we utilize a pseudo-labeling process for pre-training. Experimental results indicate that the proposed model achieves more effective classification while requiring less labeled data compared to other baseline models for known attacks. By inheriting the advantages of VAE, promising results demonstrate that the proposed system detects unknown attacks containing similar or completely different characteristics with high F1 scores exceeding 0.9 and 0.84, respectively. Finally, the proposed system was demonstrated to be a lightweight model for the expeditious detection of malevolent messages introduced into in-vehicle networks to ensure minimal latency.

computer science, artificial intelligence

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Shaoqiang Wang,Baosen Zheng,Zhaoyuan Liu,Ziyao Fan,Yubao Liu,Yinfei Dai

DOI: https://doi.org/10.1109/access.2024.3445498

IF: 3.9

2024-01-01

IEEE Access

Abstract:As the connectivity between Electronic Control Units (ECUs) and the external environment intensifies, the security and safeguarding of In-Vehicle Networks (IVNs) have become pressing issues. The Controller Area Network (CAN) bus, the most commonly employed vehicular network protocol, is particularly vulnerable due to its inherent lack of security measures, making it susceptible to various attacks. In this paper, we introduce a novel intrusion detection model for CAN networks, named IVN-ViT. The proposed IVN-ViT model utilizes an enhanced Vision Transformer architecture (Edge-ViT), incorporating self-supervised learning with Cutout data augmentation, Particle Swarm Optimization (PSO) for feature selection, and a fine-tuning strategy that merges Parameter Instance Discrimination (PID) with supervised loss. This not only enhances the model’s convergence speed and predictive accuracy but also meets the lightweight requirements of CAN networks. Experimental results on the "HCRL-car hacking" dataset and the "X-CANIDS" dataset demonstrate that our model achieves over 99% accuracy across all types of attacks. In a simulated vehicular environment, the detection latency for each message averages approximately 1.04ms, fully meeting the first-time requirements of CAN networks. The experiments validate that our proposed method significantly improves model accuracy while ensuring efficient operation within the limited computational resources available in vehicle systems.

Sk. Tanzir Mehedi,Adnan Anwar,Ziaur Rahman,Kawsar Ahmed

DOI: https://doi.org/10.3390/s21144736

IF: 3.9

2021-07-11

Sensors

Abstract:The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dheeraj Basavaraj,Shahab Tayeb

DOI: https://doi.org/10.3390/jsan11010006

2022-01-10

Journal of Sensor and Actuator Networks

Abstract:With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

Qian Wang,Zhaojun Lu,Gang Qu

DOI: https://doi.org/10.48550/arXiv.1808.04046

2018-08-13

Abstract:Dozens of Electronic Control Units (ECUs) can be found on modern vehicles for safety and driving assistance. These ECUs also introduce new security vulnerabilities as recent attacks have been reported by plugging the in-vehicle system or through wireless access. In this paper, we focus on the security of the Controller Area Network (CAN), which is a standard for communication among ECUs. CAN bus by design does not have sufficient security features to protect it from insider or outsider attacks. Intrusion detection system (IDS) is one of the most effective ways to enhance vehicle security on the insecure CAN bus protocol. We propose a new IDS based on the entropy of the identifier bits in CAN messages. The key observation is that all the known CAN message injection attacks need to alter the CAN ID bits and analyzing the entropy of such bits can be an effective way to detect those attacks. We collected real CAN messages from a vehicle (2016 Ford Fusion) and performed simulated message injection attacks. The experimental results showed that our entropy based IDS can successfully detect all the injection attacks without disrupting the communication on CAN.

Cryptography and Security

Asma Alfardus,Danda B. Rawat

DOI: https://doi.org/10.1109/uemcon53757.2021.9666745

2021-12-01

Abstract:The advent of automotive industry has an increasing market demand pertaining to installation of intelligent transportation facilities in modern vehicles. Now more comfortable and safer travelling experience is one best trait of these vehicles. Moreover, it has opened new gates to advancement in automotive sector. Modern vehicles are connected to advance systems and technologies using various communication protocols. Amongst numerous communication protocols, one widely used protocol is the controller area network (CAN) bus which serves as a central medium for in-vehicle communications. However, the communication in these vehicles may impose greater threats and may ultimately compromise the security by breaching the system. Various attacks on CAN bus may compromise the confidentiality, integrity and availability of vehicular data through intrusions which may endanger the physical safety of vehicle and passengers. In this paper, a novel machine learning based approach is used to devise an Intrusion Detection System for the CAN bus network. The proposed system is scalable and adaptable to a diverse set of emerging attacks on autonomous vehicles. Results witnessed the accuracy of 100% of our proposed system in detecting and safeguarding threats against multiple impersonation and denial of service attacks as well as 99% accuracy of fuzzy attacks.

Hyunjae Kang,Thanh Vo,Huy Kang Kim,Jin B. Hong

DOI: https://doi.org/10.1016/j.vehcom.2024.100845

IF: 6.7

2024-09-14

Vehicular Communications

Abstract:Vehicles of today are composed of over 100 electronic embedded devices known as Electronic Control Units (ECU), each of which controls a different component of the vehicle and communicates via the Controller Area Network (CAN) bus. However, unlike other network protocols, the CAN bus communication protocol lacks security features, which is a growing concern as more vehicles become connected to the Internet. To enable the detection of intrusions on the CAN bus, numerous intrusion detection systems (IDS) have been proposed. Although some are able to achieve high accuracy in detecting specific attacks, no IDS has been able to accurately detect all types of attacks against the CAN bus. To overcome the aforementioned issues, we propose a multimodal analysis framework named CANival , which consists of time interval-based and signal-based analyzers developed by designing a novel Time Interval Likelihood (TIL) model and optimizing an existing model CANet. Experimental results show that our multimodal IDS outperforms the base models and enhances the detection performance testing on two recent datasets, X-CANIDS Dataset and SynCAN, achieving average true positive rates of 0.960 and 0.912, and true negative rates of 0.997 and 0.996, respectively.

telecommunications,transportation science & technology

Yuhang Wang,Yingxu Lai,Ye Chen,Jingwen Wei,Zhaoyi Zhang

DOI: https://doi.org/10.1007/s00521-023-08233-5

2023-04-25

Neural Computing and Applications

Abstract:Controller area networks (CANs) are the de-facto standard for in-vehicle networks and enable real-time data communication between the electronic control units in a vehicle. However, owing to inadequate security mechanisms, CANs are vulnerable to cyberattacks. The sophistication of these attacks evolves constantly and new types of attacks emerge over time. Most existing intrusion detection systems (IDSs) can handle known attacks, but their ability to detect unknown attacks requires urgent improvements. Although IDSs can be updated via the Internet of Vehicles cloud to improve their detection performance, an unacceptable amount of time is required to collect enough labeled data and the updates are slow. Considering these problems, we propose a transfer learning-based self-learning IDS (TLSIDS) for CANs. The proposed TLSIDS uses a cascade detection approach that is capable of detecting both known and unknown attacks with high performance, and the self-learning function can solve the problem of slow updates, thus improving the speed and performance of the TLSIDS in detecting unknown attacks. The TLSIDS consists of four modules, namely the basic detection module (BDM), the advanced detection module (ADM), the unknown attacks classification module (UACM), and the self-learning module (SLM). The efficacy of the TLSIDS was evaluated using a public dataset provided by the Hacking and Countermeasure Research Lab (HCRL). The results revealed that our proposed TLSIDS has effectiveness and robustness in distinct scenarios.

computer science, artificial intelligence

Thien-Nu Hoang,Daehee Kim

DOI: https://doi.org/10.48550/arXiv.2204.01193

2022-04-04

Abstract:With the development of autonomous vehicle technology, the controller area network (CAN) bus has become the de facto standard for an in-vehicle communication system because of its simplicity and efficiency. However, without any encryption and authentication mechanisms, the in-vehicle network using the CAN protocol is susceptible to a wide range of attacks. Many studies, which are mostly based on machine learning, have proposed installing an intrusion detection system (IDS) for anomaly detection in the CAN bus system. Although machine learning methods have many advantages for IDS, previous models usually require a large amount of labeled data, which results in high time and labor costs. To handle this problem, we propose a novel semi-supervised learning-based convolutional adversarial autoencoder model in this paper. The proposed model combines two popular deep learning models: autoencoder and generative adversarial networks. First, the model is trained with unlabeled data to learn the manifolds of normal and attack patterns. Then, only a small number of labeled samples are used in supervised training. The proposed model can detect various kinds of message injection attacks, such as DoS, fuzzy, and spoofing, as well as unknown attacks. The experimental results show that the proposed model achieves the highest F1 score of 0.99 and a low error rate of 0.1\% with limited labeled data compared to other supervised methods. In addition, we show that the model can meet the real-time requirement by analyzing the model complexity in terms of the number of trainable parameters and inference time. This study successfully reduced the number of model parameters by five times and the inference time by eight times, compared to a state-of-the-art model.

Cryptography and Security

Zachariah Tyree,Robert A. Bridges,Frank L. Combs,Michael R. Moore

DOI: https://doi.org/10.48550/arXiv.1808.10840

2018-08-28

Abstract:Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors--one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.

Cryptography and Security