Abstract
With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. USENIX Security Symposium 4, 447–462 (2011)
Kyong-Tak, C., Kang, G.S.: Fingerprinting electronic control units for vehicle intrusion detection. In: 25th USENIX Security Symposium, pp. 911–927 (2016)
Han, M.L., Lee, J., Kang, A.R., Kang, S., Park, J.K., Kim, H.K.: A statistical-based anomaly detection method for connected cars in internet of things environment. In: International Conference on Internet of Vehicles, pp. 89–97 (2015)
Kang, M.J., Kang, J.W.: Intrusion detection system using deep neural network for in-vehicle network security, PloS One, vol. 11, no. 6 (2016)
Kuwahara, T., et al.: Supervised and unsupervised intrusion detection based on can message frequencies for in-vehicle network. J. Inf. Process. 26, 306–313 (2018)
Koscher, K., et al.: Experimental security analysis of a modern automobile, In: IEE SSP, pp. 447–462 (2010)
Koyama, T., Shibahara, T., Hasegawa, K., Okano, Y., Tanaka, M., Oshima, Y.: Anomaly detection for mixed transmission can messages using quantized intervals and absolute difference of payloads. In: Workshop on Automotive Cybersecurity, pp. 19–24 (2019)
Song, H.M., Woo, J., Kim, H.K.: In-vehicle network intrusion detection using deep convolutional neural network. Vehicular Commun. 21, 100–198 (2020)
Lee, H., Jeong, S.H., Kim, H.K.: OTIDS: a novel intrusion detection system for in-vehicle network by using remote frame, In: PST, p. 5709 (2017)
Levi, M., Allouche, Y., Kontorovich, A.: Advanced analytics for connected car cybersecurity, In: IEEE 87th Vehicular Technology Conference (VTC Spring), pp. 1–7 (2018)
Gao, L., Li, F., Xu, X., Liu, Y.: Intrusion detection system using SOEKS and deep learning for in-vehicle security. Cluster Comput. 22(6), 14721–14729 (2018). https://doi.org/10.1007/s10586-018-2385-7
Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of ID sequences. In: IEEE Intelligent Vehicles Symposium (IV), pp. 1577–1583 (2017)
Tomlinson, A., Bryans, J., Shaikh, S.A., Kalutarage, H.K.: Detection of automotive CAN cyber-attacks by identifying packet timing anomalies in time windows. In: 48th Annual IEEE/IFIP DSN-W, pp. 231–238 (2018)
Mateless, R., Segal, M.: Approximate string matching for DNS anomaly detection, In: SPACS, pp. 490–504 (2019)
Hanselmann, M., Strauss, T., Dormann, K., Ulmer, H.: CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data. IEEE Access 8, 58194–58205 (2020)
Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Black Hat USA, p. 94 (2014)
Seo, E., Song, H.M., Kim, H.K.: GIDS: GAN based intrusion detection system for in-vehicle network, In: PST, pp. 1–6 (2018)
Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, In: ICOIN, pp. 63–68 (2016)
Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus, In: WCICSS, pp. 45–49 (2015)
Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks, In: IEEE DSAA, pp. 130–139 (2016)
Zhang, L., Shi, L., Kaja, N., Ma, D.: A two-stage deep learning approach for can intrusion detection. In: Proceedings Ground Vehicle System Engineering Technology Symposium (GVSETS), p. 11 (2018)
Wang, C., Zhao, Z., Gong, L., Zhu, L., Liu, Z., Cheng, X.: A distributed anomaly detection system for in-vehicle network using HTM. IEEE Access 6, 9091–9098 (2018)
Wang, Q., Lu, Z., Qu, G.: An entropy analysis based intrusion detection system for controller area network in vehicles, In: 31st IEEE SOCC, pp. 90–95 (2018)
Han, M.L., Kwak, B.I., Kim, H.K.: Anomaly intrusion detection method for vehicular networks based on survival analysis. Vehicular commun. 14, 52–63 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Odeski, I., Segal, M. (2021). Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. In: Thampi, S.M., Wang, G., Rawat, D.B., Ko, R., Fan, CI. (eds) Security in Computing and Communications. SSCC 2020. Communications in Computer and Information Science, vol 1364. Springer, Singapore. https://doi.org/10.1007/978-981-16-0422-5_13
Download citation
DOI: https://doi.org/10.1007/978-981-16-0422-5_13
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-0421-8
Online ISBN: 978-981-16-0422-5
eBook Packages: Computer ScienceComputer Science (R0)