A Hybrid Anomaly Detection System for Electronic Control Units Featuring Replicator Neural Networks

  • Marc WeberEmail author
  • Felix Pistorius
  • Eric Sax
  • Jonas Maas
  • Bastian Zimmer
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 887)


Due to the steadily increasing connectivity combined with the trend towards autonomous driving, cyber security is essential for future vehicles. The implementation of an intrusion detection system (IDS) can be one building block in a security architecture. Since the electric and electronic (E/E) subsystem of a vehicle is fairly static, the usage of anomaly detection mechanisms within an IDS is promising. This paper introduces a hybrid anomaly detection system for embedded electronic control units (ECU), which combines the advantages of an efficient specification-based system with the advanced detection measures provided by machine learning. The system is presented for - but not limited to - the detection of anomalies in automotive Controller Area Network (CAN) communication. The second part of this paper focuses on the machine learning aspect of the proposed system. The usage of Replicator Neural Networks (RNN) to detect anomalies in the time series of CAN signals is investigated in more detail. After introducing the working principle of RNNs, the application of this algorithm on time series data is presented. Finally, first evaluation results of a prototypical implementation are discussed.


Intrusion detection system Anomaly detection Machine learning Automotive Controller Area Network Time series 


  1. 1.
    Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. In: Black Hat USA, vol. 2014 (2014)Google Scholar
  2. 2.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. In: Black Hat USA, vol. 2015 (2015)Google Scholar
  3. 3.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  4. 4.
    Onishi, H.: Paradigm change of vehicle cyber security. In: Czosseck, C. (ed.) 4th International Conference on Cyber Conflict (CYCON). IEEE, Piscataway (2012)Google Scholar
  5. 5.
    AUTO-ISAC: Automotive Cybersecurity Best Practices: Executive Summary. In: AUTO-ISAC, 2016th edn. (2016)Google Scholar
  6. 6.
    Brown, D.A., Cooper, G., Gilvarry, I., Grawrock, D., Rajan, A., Tatourian, A., Venugopalan, R., Vishik, C., Wheeler, D., Zhao, M., Clare, D., Fry, S., Handschuh, H., Patil, H., Poulin, C., Wasicek, A., Wood, R.: Automotive security best practices: recommendations for security and privacy in the era of the next-generation car. In: White Paper, McAfee Inc. (2015)Google Scholar
  7. 7.
    van Roermund, T., Birnie, A.: A multi-layer vehicle security framework. In: Whitepaper, May 2016 ed. NXP B.V. (2016)Google Scholar
  8. 8.
    Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive can networks–practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96(1), 11–25 (2011)CrossRefGoogle Scholar
  9. 9.
    Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., Laarouchi, Y.: Security of embedded automotive networks: state of the art and a research proposal. In: Roy, M. (ed.) SAFECOMP 2013 - Workshop CARS (2nd Workshop on Critical Automotive Applications: Robustness & Safety) of the 32nd International Conference on Computer Safety, Reliability and Security, France, Toulouse (2013)Google Scholar
  10. 10.
    Hawkins, D.M.: Identification of Outliers, Monographs on Applied Probability and Statistics. Springer, Dordrecht (1980)CrossRefGoogle Scholar
  11. 11.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)CrossRefGoogle Scholar
  12. 12.
    Theissler, A.: Anomaly detection in recordings from in-vehicle networks. In: Proceedings of Big Data Applications and Principles, Madrid (2014)Google Scholar
  13. 13.
    Hawkins, S., He, H., Williams, G., Baxter, R.: Outlier detection using replicator neural networks. In: Kambayashi, Y., Arikawa, M., Winiwarter, W. (eds.) Data Warehousing and Knowledge Discovery, Lecture Notes in Computer Science. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Schölkopf, B., Williamson, R., Smola, A., Shawe-Taylor, J., Platt, J.: Support vector method for novelty detection. In: Advances in Neural Information Processing Systems, vol. 12, pp. 582–588. MIT Press, Cambridge (2000)Google Scholar
  15. 15.
    Theissler, A.: Detecting known and unknown faults in automotive systems using ensemble-based anomaly detection. Knowl.-Based Syst. 123, 163–173 (2017)CrossRefGoogle Scholar
  16. 16.
    Williams, G., Baxter, R., He, H., Hawkins, S., Gu, L.: A comparative study of rnn for outlier detection in data mining. In: Kumar, V. (ed.) Proceedings/2002 IEEE International Conference on Data Mining, ICDM 2002, pp. 709–712. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  17. 17.
    Minsky, M.L., Papert, S.A.: Perceptrons: An Introduction to Computational Geometry, 2nd edn. The MIT Press, Cambridge (1972)zbMATHGoogle Scholar
  18. 18.
    Dau, H.A., Ciesielski, V., Song, A.: Anomaly detection using replicator neural networks trained on examples of one class. In: Dick, G. (ed.) Simulated Evolution and Learning, Lecture Notes in Computer Science, vol. 8886, pp. 311–322. Springer, Cham (2014)Google Scholar
  19. 19.
    Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning internal representations by error propagation. In: Rumelhart, D.E., McClelland, J.L. (eds.) Parallel Distributed Processing, A Bradford Book, pp. 318–362. MIT Press, Cambridge (1986)Google Scholar
  20. 20.
    Fernández-Redondo, M., Hernández-Espinosa, C.: Weight initialization methods for multilayer feedforward. In: Verleysen, M. (ed.) Proceedings/9th European Symposium on Artificial Neural Networks, ESANN 2001, pp. 119–124. D-Facto, Brussels (2001)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Marc Weber
    • 1
    Email author
  • Felix Pistorius
    • 1
  • Eric Sax
    • 1
  • Jonas Maas
    • 2
  • Bastian Zimmer
    • 2
  1. 1.Institute for Information Processing Technologies, Karlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.Vector Informatik GmbHStuttgartGermany

Personalised recommendations