Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs

Shahroz Tariq; Sangyup Lee; Huy Kang Kim; Simon S. Woo

doi:10.1007/978-3-030-12085-6_4

Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs

Shahroz Tariq, Sangyup Lee, Huy Kang Kim, Simon S. Woo

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

In vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is used as the de facto standard to provide serial communication between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed on the CAN bus due to the lack of underlying security mechanism. In this work, we develop an intrusion detection algorithm to detect DoS, fuzzy, and replay attacks injected in a real vehicle. Our approach uses heuristics as well as Recurrent Neural Networks (RNNs) to detect attacks. We test our algorithm with in-vehicle data samples collected from KIA Soul. Our preliminary results show the high accuracy in detecting different types of attacks.

Original language	English
Title of host publication	Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers
Editors	Eva Marín Tordera, Apostolos P. Fournaris, Konstantinos Lampropoulos
Publisher	Springer Verlag
Pages	39-45
Number of pages	7
ISBN (Print)	9783030120849
DOIs	https://doi.org/10.1007/978-3-030-12085-6_4
Publication status	Published - 2019
Event	1st International Workshop on Information and Operational Technology Security Systems, IOSec 2018 - Heraklion, Greece Duration: 2018 Sept 13 → 2018 Sept 13

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11398 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	1st International Workshop on Information and Operational Technology Security Systems, IOSec 2018
Country/Territory	Greece
City	Heraklion
Period	18/9/13 → 18/9/13

Bibliographical note

Funding Information:
We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474).

Funding Information:
Acknowledgement. We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474).

Publisher Copyright:
© 2019, Springer Nature Switzerland AG.

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-12085-6_4

Cite this

Tariq, S., Lee, S., Kim, H. K., & Woo, S. S. (2019). Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs. In E. Marín Tordera, A. P. Fournaris, & K. Lampropoulos (Eds.), Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers (pp. 39-45). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11398 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-12085-6_4

Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs. / Tariq, Shahroz; Lee, Sangyup; Kim, Huy Kang et al.
Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers. ed. / Eva Marín Tordera; Apostolos P. Fournaris; Konstantinos Lampropoulos. Springer Verlag, 2019. p. 39-45 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11398 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Tariq, S, Lee, S, Kim, HK & Woo, SS 2019, Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs. in E Marín Tordera, AP Fournaris & K Lampropoulos (eds), Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11398 LNCS, Springer Verlag, pp. 39-45, 1st International Workshop on Information and Operational Technology Security Systems, IOSec 2018, Heraklion, Greece, 18/9/13. https://doi.org/10.1007/978-3-030-12085-6_4

Tariq S, Lee S, Kim HK, Woo SS. Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs. In Marín Tordera E, Fournaris AP, Lampropoulos K, editors, Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers. Springer Verlag. 2019. p. 39-45. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-12085-6_4

Tariq, Shahroz ; Lee, Sangyup ; Kim, Huy Kang et al. / Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs. Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers. editor / Eva Marín Tordera ; Apostolos P. Fournaris ; Konstantinos Lampropoulos. Springer Verlag, 2019. pp. 39-45 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b66423de589f4edeb5e8a93147fe58dc,

title = "Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs",

abstract = "In vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is used as the de facto standard to provide serial communication between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed on the CAN bus due to the lack of underlying security mechanism. In this work, we develop an intrusion detection algorithm to detect DoS, fuzzy, and replay attacks injected in a real vehicle. Our approach uses heuristics as well as Recurrent Neural Networks (RNNs) to detect attacks. We test our algorithm with in-vehicle data samples collected from KIA Soul. Our preliminary results show the high accuracy in detecting different types of attacks.",

author = "Shahroz Tariq and Sangyup Lee and Kim, {Huy Kang} and Woo, {Simon S.}",

note = "Funding Information: We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474). Funding Information: Acknowledgement. We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474). Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 1st International Workshop on Information and Operational Technology Security Systems, IOSec 2018 ; Conference date: 13-09-2018 Through 13-09-2018",

year = "2019",

doi = "10.1007/978-3-030-12085-6_4",

language = "English",

isbn = "9783030120849",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "39--45",

editor = "{Mar{\'i}n Tordera}, Eva and Fournaris, {Apostolos P.} and Konstantinos Lampropoulos",

booktitle = "Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers",

}

TY - GEN

T1 - Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs

AU - Tariq, Shahroz

AU - Lee, Sangyup

AU - Kim, Huy Kang

AU - Woo, Simon S.

N1 - Funding Information: We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474). Funding Information: Acknowledgement. We thank anonymous reviews for providing helpful feedback to improve this work. We also thank Korea Internet & Security Agency (KISA) and Korean Institute of Information Security & Cryptology (KIISC) for the release of CAN dataset. This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the “ICT Consilience Creative Program” (IITP-2015-R0346-15-1007) supervised by the IITP (Institute for Information & communications Technology Promotion) and Basic Science Research Program through the NRF of Korea (NRF-2017R1C1B5076474). Publisher Copyright: © 2019, Springer Nature Switzerland AG.

PY - 2019

Y1 - 2019

N2 - In vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is used as the de facto standard to provide serial communication between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed on the CAN bus due to the lack of underlying security mechanism. In this work, we develop an intrusion detection algorithm to detect DoS, fuzzy, and replay attacks injected in a real vehicle. Our approach uses heuristics as well as Recurrent Neural Networks (RNNs) to detect attacks. We test our algorithm with in-vehicle data samples collected from KIA Soul. Our preliminary results show the high accuracy in detecting different types of attacks.

AB - In vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is used as the de facto standard to provide serial communication between Electronic Control Units (ECUs). However, prior research reveals that several network-level attacks can be performed on the CAN bus due to the lack of underlying security mechanism. In this work, we develop an intrusion detection algorithm to detect DoS, fuzzy, and replay attacks injected in a real vehicle. Our approach uses heuristics as well as Recurrent Neural Networks (RNNs) to detect attacks. We test our algorithm with in-vehicle data samples collected from KIA Soul. Our preliminary results show the high accuracy in detecting different types of attacks.

UR - http://www.scopus.com/inward/record.url?scp=85061389818&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-12085-6_4

DO - 10.1007/978-3-030-12085-6_4

M3 - Conference contribution

AN - SCOPUS:85061389818

SN - 9783030120849

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 39

EP - 45

BT - Information and Operational Technology Security Systems - 1st International Workshop, IOSec 2018, CIPSEC Project, Revised Selected Papers

A2 - Marín Tordera, Eva

A2 - Fournaris, Apostolos P.

A2 - Lampropoulos, Konstantinos

PB - Springer Verlag

T2 - 1st International Workshop on Information and Operational Technology Security Systems, IOSec 2018

Y2 - 13 September 2018 through 13 September 2018

ER -

Detecting In-vehicle CAN Message Attacks Using Heuristics and RNNs

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this