Integrating Adversary Models and Intrusion Detection Systems for In-vehicle Networks in CANoe

  • Camil JichiciEmail author
  • Bogdan Groza
  • Pal-Stefan Murvay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12001)


In-vehicle buses and the Controller Area Network (CAN) in particular have been shown to be vulnerable to adversarial actions. We embed adversary models and intrusion detection systems (IDS) inside a CANoe based application. Based on real-world CAN traces collected from several vehicles we build attack traces that are subject to intrusion detection algorithms. We also take benefit from existing machine-learning support in MATLAB that is ported via C++ code in CANoe in order to integrate intrusion detection functionality. A unified framework for attacks and intrusion detection has the benefit of providing a testbed for various intrusion detection algorithms. CANoe integration makes the use of these functionalities ready for realistic testing as CANoe is an industry-standard tool in the automotive domain.


CAN bus Vehicle security Intrusion detection 



This work was supported by a grant of the Romanian Ministry of Research and Innovation, CNCS - UEFISCDI, project number PN-III-P1-1.1-PD-2016-1198, within PNCDI III.


  1. 1.
    Al-Jarrah, O.Y., Maple, C., Dianati, M., Oxtoby, D., Mouzakitis, A.: Intrusion detection systems for intra-vehicle networks: a review. IEEE Access 7, 21266–21289 (2019)CrossRefGoogle Scholar
  2. 2.
    Alshammari, A., Zohdy, M.A., Debnath, D., Corser, G.: Classification approach for intrusion detection in vehicle systems. Wirel. Eng. Technol. 9(4), 79–94 (2018) CrossRefGoogle Scholar
  3. 3.
    Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, vol. 4, pp. 447–462, San Francisco (2011)Google Scholar
  4. 4.
    Cho, K.-T., Shin, K.G.: Error handling of in-vehicle networks makes them vulnerable. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1044–1055. ACM (2016)Google Scholar
  5. 5.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Everett, C.E., McCoy, D.: \(\{\)OCTANE\(\}\) (open car testbed and network experiments): bringing cyber-physical security research to researchers and students. Presented as Part of the 6th Workshop on Cyber Security Experimentation and Test (2013)Google Scholar
  7. 7.
    Groza, B., Murvay, P.-S.: Efficient intrusion detection with bloom filtering in controller area networks. IEEE Trans. Inf. Forensics Secur. 14(4), 1037–1051 (2019)CrossRefGoogle Scholar
  8. 8.
    Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks-practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96(1), 11–25 (2011)CrossRefGoogle Scholar
  9. 9.
    Kang, M.-J., Kang, J.-W.: Intrusion detection system using deep neural network for in-vehicle network security. PloS One 11(6), e0155781 (2016)CrossRefGoogle Scholar
  10. 10.
    Kleberger, P., Olovsson, T., Jonsson, E.: Security aspects of the in-vehicle network in the connected car. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 528–533. IEEE (2011)Google Scholar
  11. 11.
    Lee, H., Jeong, S.H., Kim, H.K.: OTIDS: a novel intrusion detection system for in-vehicle network by using remote frame. In: 2017 Privacy, Security and Trust (PST) (2017)Google Scholar
  12. 12.
    Marchetti, M., Stabili, D., Guido, A., Colajanni, M.: Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: Research and Technologies for Society and Industry Leveraging a Better Tomorrow (RTSI), pp. 1–6. IEEE (2016)Google Scholar
  13. 13.
    Miller, C., Valasek, C.: Adventures in automotive networks and control units. Def. Con. 21, 260–264 (2013)Google Scholar
  14. 14.
    Murvay, P.-S., Groza, B.: DoS attacks on controller area networks by fault injections from the software layer. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, ARES 2017, pp. 71:1–71:10 (2017)Google Scholar
  15. 15.
    Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115. IEEE (2011)Google Scholar
  16. 16.
    Narayanan, S.N., Mittal, S., Joshi, A.: OBD\_SecureAlert: an anomaly detection system for vehicles. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6. IEEE (2016)Google Scholar
  17. 17.
    Nilsson, D.K., Larson, U.E., Picasso, F., Jonsson, E.: A first simulation of attacks in the automotive network communications protocol FlexRay. In: Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems, CISIS 2008, pp. 84–91. Springer (2009).
  18. 18.
    Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2014)Google Scholar
  19. 19.
    Stabili, D., Marchetti, M., Colajanni, M.: Detecting attacks to internal vehicle networks through Hamming distance. In: 2017 AEIT International Annual Conference, pp. 1–6. IEEE (2017)Google Scholar
  20. 20.
    Su, M.-Y.: Real-time anomaly detection systems for denial-of-service attacks by weighted k-nearest-neighbor classifiers. Expert Syst. Appl. 38(4), 3492–3498 (2011)CrossRefGoogle Scholar
  21. 21.
    Tian, D., et al.: An intrusion detection system based on machine learning for CAN-bus. In: Chen, Y., Duong, T.Q. (eds.) INISCOM 2017. LNICST, vol. 221, pp. 285–294. Springer, Cham (2018). Scholar
  22. 22.
    Vector: CAPL DLL Description (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Camil Jichici
    • 1
    Email author
  • Bogdan Groza
    • 1
  • Pal-Stefan Murvay
    • 1
  1. 1.Faculty of Automatics and ComputersPolitehnica University of TimisoaraTimişoaraRomania

Personalised recommendations