Top

Published in:

2021 | OriginalPaper | Chapter

Intrusion Detection and CAN Vehicle Networks

Authors : Ashraf Saber, Fabio Di Troia, Mark Stamp

Published in: Digital Forensic Investigation of Internet of Things (IoT) Devices

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this chapter, we consider intrusion detection systems (IDS) in the context of an automotive controller area network (CAN), which is also known as the CAN bus. We provide a discussion of various IDS topics, including masquerade detection, and we include a selective survey of previous research involving IDS in a CAN network. We also discuss background topics and relevant practical issues, such as data collection on the CAN bus. Finally, we present experimental results where we have applied a variety of machine learning techniques to CAN data. We use both real and simulated data, and we conduct experiments to determine the status of a vehicle from its network packets, as well as to detect masquerading behavior on a CAN network.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Drone Forensics: The Impact and Challenges

next chapter Cloud Computing Security: Hardware-Based Attacks and Countermeasures

A beginner’s guide to Word2Vec and neural word embeddings. https://skymind.ai/wiki/word2vec, 2018

Bertacchini M, Benitez C (2007) NCD based masquerader detection using enriched command lines. In: Proceedings of the IV Congreso Iberoamericano de Seguridad Informatica, CIBSI 07, pp 329–338

Bertacchini M, Fierens PI (2007) Preliminary results on masquerader detection using compression based similarity metrics. Electron J SADIO 7(1):31–42MATH

Bertacchini M, Fierens PI (2009) A survey on masquerader detection approaches. In: Proceedings of the IV Congreso Iberoamericano de Seguridad Informatica, CIBSI 09, 2009. http://www.criptored.upm.es/cibsi/cibsi2009/docs/Papers/CIBSI-Dia2-Sesion5(2).pdf

Chen L, Aritsugi M (2006) An SVM-based masquerade detection method with online update using co-occurrence matrix. In: Proceedings of the third international conference on detection of intrusions and malware & vulnerability assessment, DIMVA’06. Springer, Berlin, Heidelberg, pp 37–53

Chen L, Dong G (2006) Masquerader detection using OCLEP: one-class classification using length statistics of emerging patterns. In: Proceedings of the seventh international conference on web-age information management workshops, WAIM ’06, p 5

Coull SE, Szymanski BK (2008) Sequence alignment for masquerade detection. Comput Stat Data Anal 52(8):4116–4131. https://www.cs.rpi.edu/˜szymansk/theses/coull.ms.05.pdf

Cristianini N, Shawe-Taylor J (2000) An introduction to support vector machines: and other kernel-based learning methods. Cambridge University Press, New York, NY, USACrossRef

Dash SK, Reddy KS, Pujari AK (2011) Adaptive naïve Bayes method for masquerade detection. Secur Commun Netw 4(4):410–417

10.

Evans S, Eiland E, Markham S, Impson J, Laczo A (2007) MDL compress for intrusion detection: signature inference and masquerade attack. In: Proceedings of 2007 IEEE military communications conference, MILCOM 2007, pp 1–7

11.

Feng W, Zhang Q, Hu G, Huang X (2014) Mining network data for intrusion detection through combining SVMs with ant colony networks. Futur Gener Comput Syst 37:127–140CrossRef

12.

Geng D, Odaka T, Kuroiwa J, Ogura H (22011) An n-gram and STF-IDF model for masquerade detection in a UNIX environment. J Comput Virol 7(2):133–142. https://link.springer.com/article/10.1007/s11416-010-0143-3

13.

Jakobsen T (1995) A fast method for the cryptanalysis of substitution ciphers. Cryptologia 19:265–274CrossRef

14.

Javaid AY, Niyaz Q, Sun W, Alam M (2015) A deep learning approach for network intrusion detection system. ICST Trans Secur Saf 3:1–6

15.

Kim H-S, Cha S-D (2005) Empirical evaluation of SVM-based masquerade detection using unix commands. Comput Secur 24(2):160–168CrossRef

16.

Latendresse M (2005) Masquerade detection via customized grammars. In: Proceedings of second international conference on intrusion and malware detection and vulnerability assessment, DIMVA 2005, Vienna, Austria, July 2005. Springer

17.

Lee H, Choi K, Chung K, Kim J, Yim K (2015) Fuzzing can packets into automobiles. In: International conference on advanced information networking and applications workshops, AINAW 2015, pp 817–821

18.

Li Z, Li Z, Liu B (2006) Masquerade detection system based on correlation Eigen matrix and support vector machine. In: Proceedings 2006 international conference on computational intelligence and security, ICCIAS 2006, pp 625–628

19.

Malhotra P, Vig L, Shroff G, Agarwal P (2015) Long short term memory networks for anomaly detection in time series. In: Proceedings of 23rd European symposium on artificial neural networks, ESANN 2015

20.

Marchetti M, Stabili D (2017) Anomaly detection of CAN bus messages through analysis of ID sequences. In: IEEE intelligent vehicles symposium, IV 2017, pp 1577–1583

21.

Marchetti M, Stabili D, Guido A, Colajanni M (2016) Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: 2nd international forum on research and technologies for society and industry, RTSI 2016. IEEE, pp 1–6

22.

Maxion RA, Townsend TN (2002) Masquerade detection using truncated command lines. In: Proceedings of the 2002 international conference on dependable systems and networks, DSN 2002. IEEE Computer Society, pp 219–228

23.

Maxion RA, Townsend TN (2004) Masquerade detection augmented with error analysis. IEEE Trans Reliab 53(1):124–147CrossRef

24.

Mex-Perera C, Posadas R, Nolazco JA, Monroy R, Soberanes A, Trejo LA (2006) An improved non-negative matrix factorization method for masquerade detection. In: Proceedings of the 1st Mexican international conference on informatics security, MCIS 2006

25.

Miller C, Valasek C (2015) Remote exploitation of an unaltered passenger vehicle. https://www.ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf. Presented at DEFCON 23, Las Vegas, Nevada, August 6–9

26.

Miller C, Valasek C (2018) Car hacking. http://illmatics.com/carhacking.html

27.

Miller C, Valasek C (2018) Car hacking: for poories. http://illmatics.com/car_hacking_poories.pdf

28.

Müter M, Asaj N (2011) Entropy-based anomaly detection for in-vehicle networks. In: IEEE intelligent vehicles symposium, IV 2011, pp 1110–1115

29.

Nanduri A, Sherry L (2016) Anomaly detection in aircraft data using recurrent neural networks (RNN). In: Proceedings of 2016 integrated communications navigation and surveillance, ICNS 2016, pp 5C2-1–5C2-8

30.

Nie S, Liu L, Du Y (2017) Free-fall: hacking Tesla from wireless to CAN bus. https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf

31.

Nilsson DK, Larson UE, Picasso F, Jonsson E (2009) A first simulation of attacks in the automotive network communications protocol FlexRay. In: Corchado E, Zunino R, Gastaldo P, Herrero A (eds) Proceedings of the international workshop on computational intelligence in security for information systems, CISIS ’08, pp 84–91

32.

Oka M, Oyama Y, Abe H, Kato K (2004) Anomaly detection using layered networks based on Eigen co-occurrence matrix. In: Proceedings of RAID 2004. LNCS, vol 3224. Springer, pp 223–237

33.

Okamoto T, Ishida Y (2007) Framework of an immunity-based anomaly detection system for user behavior. In: Apolloni B, Howlett RJ, Jain L (eds) Knowledge-based intelligent information and engineering systems. Springer, pp 821–829

34.

Posadas R, Mex-Perera JC, Monroy R, Nolazco-Flores JA (2006) Hybrid method for detecting masqueraders using session folding and hidden Markov models. In: MICAI. Lecture notes in computer science, vol 4293. Springer, pp 622–631

35.

Premaratne U, Nait-Abdallah A, Samarabandu J, Sidhu T (2010) A formal model for masquerade detection software based upon natural mimicry. In: Proceedings of the 2010 5th international conference on information and automation for sustainability, ICIAfS 2010, pp 14–19

36.

Rajbahadur GK, Malton AJ, Walenstein A, Hassan AE (2018) A survey of anomaly detection for connected vehicle cyber security and safety. In: 2018 IEEE intelligent vehicles symposium, IV 2018, pp 421–426

37.

Reilly M, Stillman M (1998) Open infrastructure for scalable intrusion detection. In: 1998 IEEE information technology conference, information environment for the future, pp 129–133

38.

SANS Institute (2000) Host vs. network-based intrusion detection systems. https://cyber-defense.sans.org/resources/papers/gsec/host-vs-network-based-intrusion-detection-systems-102574

39.

Schonlau M, Theus M (2000) Detecting masquerades in intrusion detection based on unpopular commands. Inf Process Lett 76(1–2):33–38CrossRef

40.

Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821CrossRef

41.

Smith C (2016) Bus protocols. In: The car hacker’s handbook: a guide for the penetration tester. No Starch Press, San Francisco, CA, pp 15–35

42.

Smith C (2016) The car hacker’s handbook: a guide for the penetration tester, 1st edn. No Starch Press, San Francisco, CA, USACrossRef

43.

Stamp M (2004) A revealing introduction to hidden Markov models. https://www.cs.sjsu.edu/˜stamp/RUA/HMM.pdf

44.

Stamp M (2011) Information security: principles and practice, 2nd edn. Wiley

45.

Stamp M (2017) Introduction to machine learning with applications in information security. Chapman and Hall/CRC, Boca RatonCrossRef

46.

Studnia I, Alata E, Nicomette V, Kaâniche M, Laarouchi Y (2014) A language-based intrusion detection approach for automotive embedded networks. In: Proceedings of the 21st IEEE Pacific Rim international symposium on dependable computing, PRDC 2015, Zhangjiajie, China

47.

Taylor A, Japkowicz N, Leblanc S (2015) Frequency-based anomaly detection for the automotive CAN bus. In: Proceedings of 2015 world congress on industrial control systems security, WCICSS 2015, pp 45–49

48.

Taylor A, Leblanc S, Japkowicz N (2016) Anomaly detection in automobile control network data with long short-term memory networks. In: 2016 IEEE international conference on data science and advanced analytics, DSAA 2016. IEEE, pp 130–139

49.

Tomlinson A, Bryans J, Shaikh SA, Kalutarage HK (2018) Detection of automotive CAN cyber-attacks by identifying packet timing anomalies in time windows. In: 48th annual IEEE/IFIP international conference on dependable systems and networks workshops, DSN-W 2018, pp 231–238

50.

Toyama T, Yoshida T, Oguma H, Matsumoto T (2018) Pasta: portable automotive security testbed with adaptability. https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-Toyama-PASTA-Portable-Automotive-Security-Testbed-with-Adaptability[1].pdf. Presented at BlackHat Europe

51.

Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36:11994–12000CrossRef

52.

Wagner RA, Fischer MJ (1974) The string-to-string correction problem. J ACM 21(1):168–173MathSciNetCrossRef

53.

Wan MD, Wu H, Kuo Y, Marshall J, Huang SS (2008) Detecting masqueraders using high frequency commands as signatures. In: Proceedings of 22nd international conference on advanced information networking and applications, AINA, pp 596–601

54.

Wang C, Zhao Z, Gong L, Zhu L, Liu Z, Cheng X (2018) A distributed anomaly detection system for in-vehicle network using HTM. IEEE Access 6:9091–9098CrossRef

55.

Wang K, Stolfo SJ (2003) One-class training for masquerade detection. In: 3rd IEEE conference data mining workshop on data mining for computer security, DMCS 2003

56.

Wang W, Guan X, Zhang X (2004) Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization. In: 43rd IEEE conference on decision and control. CDC 2004, vol 1, pp 99–104

57.

Wasicek AR, Pesé MD, Weimerskirch A, Burakova Y, Singh K (2017) Context-aware intrusion detection system for autonomous cars. https://web.eecs.umich.edu/˜mpese/papers/Escar17_CAID_Paper.pdf

58.

Wu H-C, Huang S-HS (2008) User behavior analysis in masquerade detection using principal component analysis. In: Proceedings 8th international conference on intelligent systems design and applications, pp 201–206

59.

Wu H-C, Huang S-HS (2009) Masquerade detection using command prediction and association rules mining. In: proceedings of the 2009 international conference on advanced information networking and applications, AINA ’09, pp 552–559

60.

Ye N, Zhang Y, Borror CM (2004) Robustness of the Markov-chain model for cyber-attack detection. IEEE Trans Reliab 53(1):116–123CrossRef

61.

Yung KH (2003) Using feedback to improve masquerade detection. In: Zhou J, Yung M, Han Y (eds) Applied cryptography and network security, ACNS 2003. Springer, pp 48–62

62.

Yung KH (2004) Using self-consistent Naïve-Bayes to detect masquerades. In: Dai H, Srikant R, Zhang C (eds) Advances in knowledge discovery and data mining, PAKDD 2004, pp 329–340. Springer

63.

zombieCraig. https://github.com/zombieCraig/ICSim

Title: Intrusion Detection and CAN Vehicle Networks
Authors: Ashraf Saber
Fabio Di Troia
Mark Stamp
Publisher: Springer International Publishing
Book: Digital Forensic Investigation of Internet of Things (IoT) Devices
Print ISBN: 978-3-030-60424-0

Electronic ISBN: 978-3-030-60425-7

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-60425-7_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner