OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame

Hyunsung Lee; Seong Hoon Jeong; Huy Kang Kim

doi:10.1109/PST.2017.00017

OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame

Hyunsung Lee, Seong Hoon Jeong, Huy Kang Kim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

167 Citations (Scopus)

Abstract

Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

Original language	English
Title of host publication	Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	57-66
Number of pages	10
ISBN (Electronic)	9781538624876
DOIs	https://doi.org/10.1109/PST.2017.00017
Publication status	Published - 2018 Sept 28
Event	15th Annual Conference on Privacy, Security and Trust, PST 2017 - Calgary, Canada Duration: 2017 Aug 27 → 2017 Aug 29

Publication series

Name	Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017

Other

Other	15th Annual Conference on Privacy, Security and Trust, PST 2017
Country/Territory	Canada
City	Calgary
Period	17/8/27 → 17/8/29

ASJC Scopus subject areas

Information Systems and Management
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/PST.2017.00017

Cite this

Lee, H., Jeong, S. H., & Kim, H. K. (2018). OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017 (pp. 57-66). [8476919] (Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2017.00017

OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. / Lee, Hyunsung; Jeong, Seong Hoon; Kim, Huy Kang.
Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. p. 57-66 8476919 (Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, H, Jeong, SH & Kim, HK 2018, OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. in Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017., 8476919, Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017, Institute of Electrical and Electronics Engineers Inc., pp. 57-66, 15th Annual Conference on Privacy, Security and Trust, PST 2017, Calgary, Canada, 17/8/27. https://doi.org/10.1109/PST.2017.00017

Lee H, Jeong SH, Kim HK. OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 57-66. 8476919. (Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017). doi: 10.1109/PST.2017.00017

Lee, Hyunsung ; Jeong, Seong Hoon ; Kim, Huy Kang. / OTIDS : A novel intrusion detection system for in-vehicle network by using remote frame. Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 57-66 (Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017).

@inproceedings{caf1ddf65fc1426b89dfb66e8f1954d8,

title = "OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame",

abstract = "Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.",

author = "Hyunsung Lee and Jeong, {Seong Hoon} and Kim, {Huy Kang}",

note = "Funding Information: This work was supported by Samsung Research Funding Center of Samsung Electronics under Project Number SRFC-TB1403-00.; 15th Annual Conference on Privacy, Security and Trust, PST 2017 ; Conference date: 27-08-2017 Through 29-08-2017",

year = "2018",

month = sep,

day = "28",

doi = "10.1109/PST.2017.00017",

language = "English",

series = "Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "57--66",

booktitle = "Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017",

}

TY - GEN

T1 - OTIDS

T2 - 15th Annual Conference on Privacy, Security and Trust, PST 2017

AU - Lee, Hyunsung

AU - Jeong, Seong Hoon

AU - Kim, Huy Kang

N1 - Funding Information: This work was supported by Samsung Research Funding Center of Samsung Electronics under Project Number SRFC-TB1403-00.

PY - 2018/9/28

Y1 - 2018/9/28

N2 - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

AB - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

UR - http://www.scopus.com/inward/record.url?scp=85055875328&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055875328&partnerID=8YFLogxK

U2 - 10.1109/PST.2017.00017

DO - 10.1109/PST.2017.00017

M3 - Conference contribution

AN - SCOPUS:85055875328

T3 - Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017

SP - 57

EP - 66

BT - Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 27 August 2017 through 29 August 2017

ER -

OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this