Vehicle communication technology has been steadily progressing alongside the convergence of the in-vehicle network (IVN) and wireless communication technology. The communication with various external networks further reinforces the connectivity between the inside and outside of a vehicle. However, this bears risks of malicious packet attacks on computer-assisted mechanical mechanisms that are capable of hijacking the vehicle's functions. The present study proposes a method to detect and identify abnormalities in vehicular networks based on the periodic event-triggered interval of the controller area network (CAN) messages. To this end, we first define four attack scenarios and then extract normal and abnormal driving data corresponding to these scenarios. Next, we analyze the CAN ID's event-triggered interval and measure statistical moments depending on the defined time-window. Finally, we conduct extensive evaluations of the proposed methods' performance by considering different attack scenarios and three types of machine learning models. The results demonstrate that the proposed method can effectively detect an abnormality in the IVN, with up to 99% accuracy. Our results suggest that when tree-based machine learning models are used as the classifier, the proposed method of attack identification can achieve more than 94% accuracy.
|Number of pages||16|
|Journal||IEEE Transactions on Information Forensics and Security|
|Publication status||Published - 2021|
Bibliographical noteFunding Information:
Manuscript received June 11, 2020; revised October 11, 2020 and February 8, 2021; accepted March 13, 2021. Date of publication March 26, 2021; date of current version April 19, 2021. This work was supported by the Institute for Information and Communications Technology Promotion (Development of Security Primitives for Unmanned Vehicles) under Grant 2020-0-00374. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Xiaodong Lin. (Mee Lan Han and Byung Il Kwak contributed equally to this work.) (Corresponding author: Huy Kang Kim.) The authors are with the School of Cybersecurity, Korea University, Seoul 02841, Republic of Korea (e-mail: email@example.com; kwacka12@ korea.ac.kr; firstname.lastname@example.org). Digital Object Identifier 10.1109/TIFS.2021.3069171
© 2005-2012 IEEE.
- Anomaly detection
- attack identification
- controller area network
- event-triggered interval
- in-vehicle network
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications