Flooding attack mitigator for in-vehicle CAN using fault confinement in CAN protocol

Sung Bum Park, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


For driver convenience and safety, a number of electronic control units (ECUs) have been installed on modern vehicles. To support communications among ECUs, the controller area network (CAN) is commonly used as in-vehicle network for several decades. However, the CAN protocol lacks security mechanisms, which means that it can be damaged by a number of cyber attacks. In particular, message flooding is one type of DoS attack known to be the easiest to perform because it continuously broadcasts a large number of CAN messages to the in-vehicle CAN without any CAN traffic analysis. To handle message flooding on the in-vehicle CAN, several countermeasures including intrusion detection and prevention have been studied, but unfortunately, these solutions could produce false positive detection rates or cause the communication failures of benign ECUs. In this paper, we introduce a message flooding attack mitigation method for the first time that does not accidentally cause the communication failures of benign ECUs. The proposed method can mitigate flooding attack attempts by using the fault confinement rule that is defined in the CAN protocol. Since the proposed method does not violate the rules of the CAN standard during mitigating, no system modifications are required. Experimental results show that the proposed mitigator guarantees a transmission rate up to 79.22% of normal messages that were not sent due to a flooding attack.

Original languageEnglish
Article number103091
JournalComputers and Security
Publication statusPublished - 2023 Mar

Bibliographical note

Publisher Copyright:
© 2023


  • Controller area network
  • Flooding attack
  • In-vehicle CAN security

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Flooding attack mitigator for in-vehicle CAN using fault confinement in CAN protocol'. Together they form a unique fingerprint.

Cite this