Examining the Use of Neural Networks for Intrusion Detection in Controller Area Networks

  • Camil JichiciEmail author
  • Bogdan Groza
  • Pal-Stefan Murvay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


In the light of the recently reported attacks, in-vehicle security has become a major concern. Intrusion detection systems, common in computer networks, have been recently proposed for the in-vehicle buses as well. In this work we examine the performance of neural networks in detecting intrusions on the CAN bus. For the experiments we use a CAN trace that is extracted from a CANoe simulation for the commercial vehicle bus J1939 as well as a publicly available CAN dataset. Our results show good performance in detecting both replay and injection attacks, the former being harder to detect to their obvious similarity with the regular CAN frames. Nonetheless we discuss possibilities for integrating such detection mechanisms on automotive-grade embedded devices. The experimental results show that embedding the neural-network based intrusion detection mechanism on automotive-grade controllers is quite challenging due to large memory requirements and computational time. This suggests that dedicated hardware may be required for deploying such solutions in real-world vehicles.


CAN bus Vehicle security Intrusion detection Neural networks 



This work was supported by a grant of Ministry of Research and Inovation, CNCS-UEFISCDI, project number PN-III-P1-1.1-TE-2016-1317, within PNCDI III (2018–2020).


  1. 1.
    Cho, K.-T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: 25th USENIX Security Symposium (2016)Google Scholar
  2. 2.
    Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ECUs using inimitable characteristics of signals in controller area networks. IEEE Trans. Veh. Technol. 67(6), 4757–4770 (2018)CrossRefGoogle Scholar
  3. 3.
    Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: VoltageIDS: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13, 2114–2129 (2018)CrossRefGoogle Scholar
  4. 4.
    Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012). Scholar
  5. 5.
    Groza, B., Murvay, S.: Efficient protocols for secure broadcast in controller area networks. IEEE Trans. Ind. Inform. 9(4), 2034–2042 (2013)CrossRefGoogle Scholar
  6. 6.
    Hartkopp, O., Reuber, C., Schilling, R.: MaCAN-message authenticated CAN. In: 10th International Conference on Embedded Security in Cars (ESCAR 2012) (2012)Google Scholar
  7. 7.
    Jain, S., Guajardo, J.: Physical layer group key agreement for automotive controller area networks. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 85–105. Springer, Heidelberg (2016). Scholar
  8. 8.
    Kang, M.-J., Kang, J.-W.: Intrusion detection system using deep neural network for in-vehicle network security. PloS One 11(6), e0155781 (2016)CrossRefGoogle Scholar
  9. 9.
    Kang, M.-J., Kang, J.-W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring), pp. 1–5. IEEE (2016)Google Scholar
  10. 10.
    Kurachi, R., Matsubara, Y., Takada, H., Adachi, N., Miyashita, Y., Horihata, S.: CaCAN - centralized authentication system in CAN (controller area network). In: 14th International Conference on Embedded Security in Cars (ESCAR 2014) (2014)Google Scholar
  11. 11.
    Lee, H., Jeong, S.H., Kim, H.K.: OTIDS: a novel intrusion detection system for in-vehicle network by using remote frame. In: Privacy, Security and Trust (PST) 2017 (2017)Google Scholar
  12. 12.
    Lin, C.-W., Zhu, Q., Sangiovanni-Vincentelli, A.: Security-aware modeling and efficient mapping for CAN-based real-time distributed automotive systems. IEEE Embed. Syst. Lett. 7(1), 11–14 (2015)CrossRefGoogle Scholar
  13. 13.
    Marchetti, M., Stabili, D., Guido, A., Colajanni, M.: Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: Research and Technologies for Society and Industry Leveraging a Better Tomorrow (RTSI), pp. 1–6. IEEE (2016)Google Scholar
  14. 14.
    Mueller, A., Lothspeich, T.: Plug-and-secure communication for CAN. CAN Newsl. 4, 10–14 (2015)Google Scholar
  15. 15.
    Murvay, P.-S., Groza, B.: Source identification using signal characteristics in controller area networks. IEEE Sig. Process. Lett. 21(4), 395–399 (2014)CrossRefGoogle Scholar
  16. 16.
    Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115. IEEE (2011)Google Scholar
  17. 17.
    Müter, M., Groll, A., Freiling, F.C.: A structured approach to anomaly detection for in-vehicle networks. In: 2010 Sixth International Conference on Information Assurance and Security (IAS), pp. 92–98. IEEE (2010)Google Scholar
  18. 18.
    Narayanan, S.N., Mittal, S., Joshi, A.: OBD\(\_\)SecureAlert: an anomaly detection system for vehicles. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6. IEEE (2016)Google Scholar
  19. 19.
    Radu, A.-I., Garcia, F.D.: LeiA: a lightweight authentication protocol for CAN. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 283–300. Springer, Cham (2016). Scholar
  20. 20.
    Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: 2016 International Conference on Information Networking (ICOIN), pp. 63–68. IEEE (2016)Google Scholar
  21. 21.
    Studnia, I., Alata, E., Nicomette, V., Kaâniche, M., Laarouchi, Y.: A language-based intrusion detection approach for automotive embedded networks. Int. J. Embed. Syst. 10(1), 1–12 (2018)CrossRefGoogle Scholar
  22. 22.
    Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 130–139. IEEE (2016)Google Scholar
  23. 23.
    Theissler, A.: Detecting known and unknown faults in automotive systems using ensemble-based anomaly detection. Knowl.-Based Syst. 123, 163–173 (2017)CrossRefGoogle Scholar
  24. 24.
    Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In: ECRYPT Workshop on Lightweight Cryptography, vol. 2011 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Camil Jichici
    • 1
    Email author
  • Bogdan Groza
    • 1
  • Pal-Stefan Murvay
    • 1
  1. 1.Faculty of Automatics and ComputersPolitehnica University of TimisoaraTimisoaraRomania

Personalised recommendations