Comparative Study of Machine Learning Methods for In-Vehicle Intrusion Detection

  • Ivo Berger
  • Roland RiekeEmail author
  • Maxim Kolomeets
  • Andrey Chechulin
  • Igor Kotenko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11387)


An increasing amount of cyber-physical systems within modern cars, such as sensors, actuators, and their electronic control units are connected by in-vehicle networks and these in turn are connected to the evolving Internet of vehicles in order to provide “smart” features such as automatic driving assistance. The controller area network bus is commonly used to exchange data between different components of the vehicle, including safety critical systems as well as infotainment. As every connected controller broadcasts its data on this bus it is very susceptible to intrusion attacks which are enabled by the high interconnectivity and can be executed remotely using the Internet connection. This paper aims to evaluate relatively simple machine learning methods as well as deep learning methods and develop adaptations to the automotive domain in order to determine the validity of the observed data stream and identify potential security threats.


Machine learning Automotive security Internet of vehicles Predictive security analysis System behavior analysis Security monitoring Intrusion detection Controller area network security 



This research is partially supported by the German Federal Ministry of Education and Research in the context of the project secUnity (ID 16KIS0398) and by the Government of Russian Federation (Grant 08-08), by the budget (project No. AAAA-A16-116033110102-5).


  1. 1.
    Abadi, M., Agarwal, A., Barham, P., et al.: TensorFlow: large-scale machine learning on heterogeneous distributed systems. In: 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, pp. 265–284 (2016)Google Scholar
  2. 2.
    Brownlee, J.: How to convert a time series to a supervised learning problem in Python. (2018). Accessed 28 June 2018
  3. 3.
    Cho, K., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, 10–12 August 2016, Austin, TX, USA, pp. 911–927. USENIX Association (2016)Google Scholar
  4. 4.
    Chockalingam, V., Larson, I., Lin, D., Nofzinger, S.: Detecting attacks on the CAN protocol with machine learning (2016)Google Scholar
  5. 5.
    Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: Voltageids: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114–2129 (2018)CrossRefGoogle Scholar
  6. 6.
    Chollet, F., et al.: Keras. (2015)
  7. 7.
    Hacking and Countermeasure Research Lab (HCRL): Car-hacking dataset for the intrusion detection. (2018). Accessed 28 June 2018
  8. 8.
    Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96, 11–25 (2011)CrossRefGoogle Scholar
  9. 9.
    Hunter, J.D.: Matplotlib: a 2D graphics environment. Comput. Sci. Eng. 9(3), 99–104 (2007)CrossRefGoogle Scholar
  10. 10.
    ICS-CERT: Advisory (ICSA-17-208-01)., July 2017. Accessed 17 Sept 2018
  11. 11.
    Kang, M.J., Kang, J.W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring) (2016)Google Scholar
  12. 12.
    Kolomeets, M., Chechulin, A., Kotenko, I.: Visual analysis of CAN bus traffic injection using radial bar charts. In: Proceedings of the 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS-2018, Saint-Petersburg, Russia, pp. 841–846. IEEE (2018)Google Scholar
  13. 13.
    Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: 2008 IEEE on Intelligent Vehicles Symposium, pp. 220–225, June 2008Google Scholar
  14. 14.
    Levi, M., Allouche, Y., Kontorovich, A.: Advanced analytics for connected cars cyber security. CoRR abs/1711.01939 (2017)Google Scholar
  15. 15.
    Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of ID sequences. In: 2017 IEEE Intelligent Vehicles Symposium (IV), pp. 1577–1583, June 2017Google Scholar
  16. 16.
    McKinney, W.: Data structures for statistical computing in Python. In: Proceedings of the 9th Python in Science Conference 1697900(Scipy), pp. 51–56 (2010)Google Scholar
  17. 17.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, IOActive Labs, August 2015Google Scholar
  18. 18.
    Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115, June 2011Google Scholar
  19. 19.
    Narayanan, S.N., Mittal, S., Joshi, A.: OBD SecureAlert: an anomaly detection system for vehicles. In: IEEE Workshop on Smart Service Systems, SmartSys 2016, May 2016Google Scholar
  20. 20.
    Oliphant, T.E.: Guide to NumPy. Methods 1, 378 (2010)Google Scholar
  21. 21.
    Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2012)MathSciNetzbMATHGoogle Scholar
  22. 22.
    Rieke, R., Seidemann, M., Talla, E.K., Zelle, D., Seeger, B.: Behavior analysis for safety and security in automotive systems. In: 2017 25nd Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 381–385. IEEE Computer Society, March 2017Google Scholar
  23. 23.
    Song, H., Kim, H., Kim, H.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, pp. 63–68. IEEE Computer Society, March 2016Google Scholar
  24. 24.
    Studnia, I., Alata, E., Nicomette, V., Kaâniche, M., Laarouchi, Y.: A language-based intrusion detection approach for automotive embedded networks. In: The 21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015, November 2014Google Scholar
  25. 25.
    Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., Laarouchi, Y.: Security of embedded automotive networks: state of the art and a research proposal. In: ROY, M. (ed.) SAFECOMP 2013 - Workshop CARS of the 32nd International Conference on Computer Safety, Reliability and Security, September 2013Google Scholar
  26. 26.
    Taylor, A., Leblanc, S.P., Japkowicz, N.: Probing the limits of anomaly detectors for automobiles with a cyber attack framework. IEEE Intell. Syst. PP(99), 1 (2018)Google Scholar
  27. 27.
    Theissler, A.: Anomaly detection in recordings from in-vehicle networks. In: Proceedings of Big Data Applications and Principles First International Workshop, BIGDAP 2014, 11–12 September 2014, Madrid, Spain (2014)Google Scholar
  28. 28.
    Waskom, M., Meyer, K., Hobson, P., Halchenko, Y., et al.: Seaborn: v0.5.0, November 2014Google Scholar
  29. 29.
    Wei, Z., Yang, Y., Rehana, Y., Wu, Y., Weng, J., Deng, R.H.: IoVShield: an efficient vehicular intrusion detection system for self-driving (short paper). In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 638–647. Springer, Cham (2017). Scholar
  30. 30.
    Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars (July), pp. 1–13 (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.TU DarmstadtDarmstadtGermany
  2. 2.Fraunhofer Institute SITDarmstadtGermany
  3. 3.ITMO UniversitySt. PetersburgRussia
  4. 4.SPIIRASSt. PetersburgRussia

Personalised recommendations