CAN-ADF: The controller area network attack detection framework

Shahroz Tariq, Sangyup Lee, Huy Kang Kim, Simon S. Woo

Research output: Contribution to journalArticlepeer-review

40 Citations (Scopus)

Abstract

In recent years, there has been significant interest in developing autonomous vehicles such as self-driving cars. In-vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is widely used as the de facto standard to provide serial communications between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed due to the lack of defense mechanisms in the CAN bus. In this work, we propose CAN Bus Message Attack Detection Framework (CAN-ADF) - a comprehensive anomaly generation, detection, and evaluation system for a CAN bus. In CAN-ADF, not only various anomalies and attack characteristics can be configured but also different detection methods, and visualization frameworks are provided to effectively detect those attacks and anomalies. For the detector, we employ both a rule-based approach crafted from dynamic network traffic characteristics and Recurrent Neural Networks (RNN). For evaluation, we use 7,875,791 in-vehicle CAN packets collected from real cars, KIA Soul and Hyundai Sonata. Our detection algorithm achieves accurate intrusion detection performance, with an average accuracy of 99.45% on CAN datasets, outperforming prior approach. Furthermore, we developed a visualization tool to validate the detection of anomalies by CAN-ADF and to find new patterns in the dataset.

Original languageEnglish
Article number101857
JournalComputers and Security
Volume94
DOIs
Publication statusPublished - 2020 Jul

Bibliographical note

Funding Information:
We thank KISA and KIISC for the release of CAN dataset. We also thank anonymous reviewers for their helpful feedback on drafts of this paper. This Research was supported by Energy Cloud R&D Program through the National Research Foundation (NRF) of Korea Funded by the Ministry of Science, ICT (No. 2019M3F2A1072217) and was supported by the National Research Foundation of Korea (NRF) grant funded bythe Korea government (MSIT) (No. 2017R1C1B5076474 and No. 2020R1C1C1006004).

Funding Information:
We thank KISA and KIISC for the release of CAN dataset. We also thank anonymous reviewers for their helpful feedback on drafts of this paper. This Research was supported by Energy Cloud R&D Program through the National Research Foundation (NRF) of Korea Funded by the Ministry of Science, ICT (No. 2019M3F2A1072217) and was supported by the National Research Foundation of Korea (NRF) grant funded bythe Korea government (MSIT) (No. 2017R1C1B5076474 and No. 2020R1C1C1006004).

Publisher Copyright:
© 2020 Elsevier Ltd

Keywords

  • Controller area network
  • In-Vehicle network
  • Intrusion detection
  • Recurrent neural network
  • Security and privacy

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'CAN-ADF: The controller area network attack detection framework'. Together they form a unique fingerprint.

Cite this