Payload-Based Statistical Intrusion Detection for In-Vehicle Networks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11154)


Modern vehicles are equipped with Electronic Control Units (ECUs), and they communicate with each other over in-vehicle networks. However, since the Controller Area Network (CAN), a common communication protocol for ECUs, does not have a security mechanism, malicious attackers might take advantage of its vulnerability to inject a malicious message to cause unintended controls of the vehicle. In this paper, we study the applicability of statistical anomaly detection methods for identifying malicious CAN messages in in-vehicle networks. To incorporate various types of information included in a CAN message, we apply a rule-based field classification algorithm for extracting message features, and then obtain low dimensional embeddings of message features, and use the reconstruction error as a maliciousness score of a message. We collected CAN message data from a real vehicle, and confirmed the effectiveness of the methods in practical situations.


  1. 1.
    Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Proceedings of the 25th USENIX Security Symposium (USENIX), pp. 911–927 (2016)Google Scholar
  2. 2.
    Hamada, Y., Inoue, M., Horihata, S., Kamemura, A.: Intrusion detection by density estimation of reception cycle periods for in-vehicle networks: a proposal. In: Proceedings of the Embedded Security in Cars Conference (ESCAR) (2016)Google Scholar
  3. 3.
    Koscher, K., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 447–462 (2010)Google Scholar
  4. 4.
    Marchetti, M., Stabili, D., Guido, A., Colajanni, M.: Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. In: Proceedings of the 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a Better Tomorrow (RTSI), pp. 1–6 (2016)Google Scholar
  5. 5.
    Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown CAN bus networks. In: Proceedings of the Embedded Security in Cars Conference (ESCAR) (2015)Google Scholar
  6. 6.
    Miller, C., Valasek, C.: Adventures in automotive networks and control units (2013).
  7. 7.
    Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: Proceedings of the IEEE Intelligent Vehicles Symposium, pp. 1110–1115 (2011)Google Scholar
  8. 8.
    Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus. In: 2015 World Congress on Industrial Control Systems Security (WCICSS) (2015)Google Scholar
  9. 9.
    Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 130–139 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Kyoto UniversityKyotoJapan
  2. 2.Panasonic CorporationKadomaJapan

Personalised recommendations