ErrIDS: An Enhanced Cumulative Timing Error-Based Automotive Intrusion Detection System

Seyoung Lee, Wonsuk Choi, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Contemporary vehicles have undergone numerous transformations to become fully computerized machines. This computerizing process is intended to provide safety and convenience for drivers; however, there have been many studies demonstrating how to remotely maneuver a vehicle by compromising its in-vehicle electronic control units (ECU). As a countermeasure, automotive intrusion detection systems (IDSs) have also been extensively explored as potential remedies. The clock-based IDS was one of the most promising methods for an automotive IDS, but researchers have recently determined it to be insufficient, as adversaries can emulate the clock skew. In this paper, we propose a novel automotive IDS that leverages the residuals - which have traditionally been considered an error that should be removed from analysis - of average and actual timestamp intervals of two consecutive controller area network (CAN) messages. Thus, we present a rationale as to why large residuals occur in a real in-vehicle CAN network. Our method analyzes transmission periodicity so closely that any minuscule change can be detected in the event of an intrusion. We show that our method detects a vehicle intrusion with a low false-alarm rate, and that it can detect a new sophisticated attack which emulates the clock skew of an original transmission. To the best of our knowledge, this is the first approach analyzing transmission time to detect the frequency masquerading attack with clock skew emulation. Finally, our method enables the sharing of parameters determined in a vehicle with other like models, which is meaningful for manufacturers in terms of scalability.

Original languageEnglish
Pages (from-to)12406-12421
Number of pages16
JournalIEEE Transactions on Intelligent Transportation Systems
Issue number11
Publication statusPublished - 2023 Nov 1

Bibliographical note

Publisher Copyright:
© 2000-2011 IEEE.


  • Intrusion detection system (IDS)
  • controller area network (CAN)
  • security

ASJC Scopus subject areas

  • Mechanical Engineering
  • Automotive Engineering
  • Computer Science Applications


Dive into the research topics of 'ErrIDS: An Enhanced Cumulative Timing Error-Based Automotive Intrusion Detection System'. Together they form a unique fingerprint.

Cite this