PDF
(1651KB)
Abstract
Recently, vehicles have experienced a rise in networking and informatization, leading to increased security concerns. As the most widely used automotive bus network, the Controller Area Network (CAN) bus is vulnerable to attacks, as security was not considered in its original design. This paper proposes SIDuBzip2, a traffic anomaly detection method for the CAN bus based on the bzip2 compression algorithm. The proposed method utilizes the pseudo-periodic characteristics of CAN bus traffic, constructing time series of CAN IDs and calculating the similarity between adjacent time series to identify abnormal traffic. The method consists of three parts: the conversion of CAN ID values to characters, the calculation of similarity based on bzip2 compression, and the optimal solution of model parameters. The experimental results demonstrate that the proposed SIDuBzip2 method effectively detects various attacks, including Denial of Service, replay, basic injection, mixed injection, and suppression attacks. In addition, existing CAN bus traffic anomaly detection methods are compared with the proposed method in terms of performance and delay, demonstrating the feasibility of the proposed method.
Keywords
Automotive safety
/
CAN bus
/
Anomaly detection
Cite this article
Download citation ▾
Chao Wang, Xueqiao Xu, Ke Xiao, Yunhua He, Guangcan Yang.
Traffic anomaly detection algorithm for CAN bus using similarity analysis.
High-Confidence Computing, 2024, 4(3): 100207 DOI:10.1016/j.hcc.2024.100207
Declaration of competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
| [1] |
A.R. Javed, S. Ur Rehman, M.U. Khan, M. Alazab, T. Reddy, CANintelliIDS: Detecting in-vehicle intrusion attacks on a controller area network using CNN and attention-based GRU, IEEE Trans. Netw. Sci. Eng. 8 (2) (2021) 1456-1466.
|
| [2] |
Z. Xiong, H. Xu, W. Li, Z. Cai, Multi-source adversarial sample attack on autonomous vehicles, IEEE Trans. Veh. Technol. 70 (3) (2021) 2822-2835.
|
| [3] |
C. Hu, Z. Liu, R. Li, P. Hu, T. Xiang, M. Han, Smart contract assisted privacy-preserving data aggregation and management scheme for smart grid, IEEE Trans. Dependable Secure Comput. (2023).
|
| [4] |
C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle, Black Hat USA 2015 (S 91) (2015) 1-91.
|
| [5] |
S.R. Pokhrel, Software defined internet of vehicles for automation and orchestration, IEEE Trans. Intell. Transp. Syst. 22 (6) (2021) 3890-3899.
|
| [6] |
Z. Pu, M. Zhu, W. Li, Z. Cui, X. Guo, Y. Wang, Monitoring public transit ridership flow by passively sensing Wi-Fi and Bluetooth mobile devices, IEEE Internet Things J. 8 (1) (2020) 474-486.
|
| [7] |
C. Ruan, C. Hu, R. Zhao, Z. Liu, H. Huang, J. Yu, A policy-hiding attribute-based access control scheme in decentralized trust management, IEEE Internet Things J. (2023).
|
| [8] |
S. Woo, H.J. Jo, D.H. Lee, A practical wireless attack on the connected car and security protocol for in-vehicle CAN, IEEE Trans. Intell. Transp. Syst. 16 (2) (2014) 993-1006.
|
| [9] |
B.I. Kwak, M.L. Han, H.K. Kim, Cosine similarity based anomaly detection methodology for the CAN bus, Expert Syst. Appl. 166 (2021) 114066.
|
| [10] |
M. Marchetti, D. Stabili, Anomaly detection of CAN bus messages through analysis of ID sequences, in: 2017 IEEE Intelligent Vehicles Symposium, IV, IEEE, 2017, pp. 1577-1583.
|
| [11] |
H. Sun, M. Sun, J. Weng, Z. Liu, Analysis of ID sequences similarity using DTW in intrusion detection for CAN bus, IEEE Trans. Veh. Technol. 71 (10) (2022) 10426-10441.
|
| [12] |
M.-J. Kang, J.-W. Kang, Intrusion detection system using deep neural network for in-vehicle network security, PLoS One 11 (6) (2016) e0155781.
|
| [13] |
A. Taylor, S. Leblanc, N. Japkowicz, Anomaly detection in automobile control network data with long short-term memory networks, in: 2016 IEEE International Conference on Data Science and Advanced Analytics, DSAA, IEEE, 2016, pp. 130-139.
|
| [14] |
J. de Hoog, T. Bogaerts, W. Casteels, S. Mercelis, P. Hellinckx, Online reverse engineering of CAN data, Internet Things 11 (2020) 100232.
|
| [15] |
M. Marchetti, D. Stabili, READ: Reverse engineering of automotive data frames, IEEE Trans. Inf. Forensics Secur. 14 (4) (2018) 1083-1097.
|
| [16] |
H. Sun, M. Chen, J. Weng, Z. Liu, G. Geng, Anomaly detection for invehicle network using CNN-LSTM with attention mechanism, IEEE Trans. Veh. Technol. 70 (10) (2021) 10880-10893.
|
| [17] |
W. Choi, S. Lee, K. Joo, H.J. Jo, D.H. Lee, An enhanced method for reverse engineering CAN data payload, IEEE Trans. Veh. Technol. 70 (4) (2021) 3371-3381.
|
| [18] |
W. Wu, Y. Huang, R. Kurachi, G. Zeng, G. Xie, R. Li, K. Li, Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks, IEEE Access 6 (2018) 45233-45245.
|
| [19] |
Z. Cai, X. Zheng, J. Yu, A differential-private framework for urban traffic flows estimation via taxi companies, IEEE Trans. Ind. Inform. 15 (12) (2019) 6492-6499.
|
| [20] |
C. Wang, S. Wang, X. Cheng, Y. He, K. Xiao, S. Fan, A privacy and efficiency-oriented data sharing mechanism for iots, IEEE Trans. Big Data 9 (1) (2022) 174-185.
|
| [21] |
E. Seo, H.M. Song, H.K. Kim, GIDS: GAN based intrusion detection system for in-vehicle network, in: 2018 16th Annual Conference on Privacy, Security and Trust, PST, IEEE, 2018, pp. 1-6.
|
| [22] |
H. Olufowobi, U. Ezeobi, E. Muhati, G. Robinson, C. Young, J. Zambreno, G. Bloom, Anomaly detection approach using adaptive cumulative sum algorithm for controller area network, in:Proceedings of the ACM Workshop on Automotive Cybersecurity, 2019, pp. 25-30.
|
| [23] |
R.U.D. Refat, A.A. Elkhail, A. Hafeez, H. Malik, Detecting CAN bus intrusion by applying machine learning method to graph based features, in:Intelligent Systems and Applications: Proceedings of the 2021 Intelligent Systems Conference, Vol. 3, IntelliSys, Springer, 2022, pp. 730-748.
|
| [24] |
H.M. Song, H.K. Kim, Self-supervised anomaly detection for in-vehicle network using noised pseudo normal data, IEEE Trans. Veh. Technol. 70 (2) (2021) 1098-1108.
|
