TY - GEN
T1 - OTIDS
T2 - 15th Annual Conference on Privacy, Security and Trust, PST 2017
AU - Lee, Hyunsung
AU - Jeong, Seong Hoon
AU - Kim, Huy Kang
N1 - Funding Information:
This work was supported by Samsung Research Funding Center of Samsung Electronics under Project Number SRFC-TB1403-00.
PY - 2018/9/28
Y1 - 2018/9/28
N2 - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.
AB - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.
UR - http://www.scopus.com/inward/record.url?scp=85055875328&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85055875328&partnerID=8YFLogxK
U2 - 10.1109/PST.2017.00017
DO - 10.1109/PST.2017.00017
M3 - Conference contribution
AN - SCOPUS:85055875328
T3 - Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017
SP - 57
EP - 66
BT - Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 August 2017 through 29 August 2017
ER -