TTIDS: Transmission-Resuming Time-Based Intrusion Detection System for Controller Area Network (CAN)

Seyoung Lee, Hyo Jin Jo, Aram Cho, Dong Hoon Lee, Wonsuk Choi

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)

Abstract

Modern vehicles are becoming complex cyber-physical systems equipped with numerous electronic control units (ECUs). Over the controller area network (CAN), these ECUs communicate with each other to share information related to vehicle status as well as commands to efficiently control the vehicle. However, the increasing complexity of modern vehicles has inadvertently expanded potential attack surfaces, making them vulnerable to cyber attacks. In light of this, researchers are currently working to demonstrate remote vehicle maneuvering by compromising ECUs, and as a countermeasure to such malicious manipulation, to study automotive intrusion detection systems (IDSs) as potential remedies. In general, CAN messages are transmitted periodically, and as such, many researchers have relied on frequency-based IDSs in their solutions proposals. However, an attacker can bypass this defense by suspending the communication of the target ECU from the network and injecting malicious messages with the same frequency as the suspended messages. As a result, an attacker is able to masquerade as the original transmission frequency. In this paper, we propose a Transmission-resuming Time-based IDS (TTIDS), which is designed to detect such attacks. TTIDS detects when an ECU periodically transmitting messages is suspended, and then it estimates when the suspended ECU resumes periodic transmission. With this projection, TTIDS detects malicious messages transmitted while the ECU is suspended. We conduct the evaluation of TTIDS on two real vehicles and present the results, which show the TTIDS is able to effectively detect an enhanced attack that bypasses existing frequency-based IDSs with a false positive rate of 0.213% and a false negative rate of 0.027%.

Original languageEnglish
Pages (from-to)52139-52153
Number of pages15
JournalIEEE Access
Volume10
DOIs
Publication statusPublished - 2022

Bibliographical note

Funding Information:
This work was supported by the Institute of Information and Communications Technology Planning and Evaluation (IITP) Grant through the Korean Government [Ministry of Science and ICT (MSIT)], AI-Based Cyber Attacks and Defense for Autonomous Vehicles, under Grant 2021-0-00111.

Publisher Copyright:
© 2013 IEEE.

Keywords

  • Automotive security
  • controller area network (CAN)
  • electronic control unit (ECU)
  • intrusion detection system (IDS)

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'TTIDS: Transmission-Resuming Time-Based Intrusion Detection System for Controller Area Network (CAN)'. Together they form a unique fingerprint.

Cite this