Abstract
Prior research has demonstrated that modern cars are vulnerable to cyber attacks. As such attacks may cause physical accidents, forensic investigations must be extended into the cyber domain. In order to support this, CAN traffic in vehicles must be logged continuously, stored efficiently, and analyzed later to detect signs of cyber attacks. Efficient storage of CAN logs requires compressing them. Usually, this compressed logs must be decompressed for analysis purposes, leading to waste of time due to the decompression operation itself and most importantly due to the fact that the analysis must be carried out on a much larger amount of decompressed data. In this paper, we propose an anomaly detection method that works on the compressed CAN log itself. For compression, we use a lossless semantic compression algorithm that we proposed earlier. This compression algorithm achieves a higher compression ratio than traditional syntactic compression methods do such as gzip. Besides this advantage, in this paper, we show that it also supports the detection of injection attacks without decompression. Moreover, with this approach we can detect attacks with low injection frequency that were not detected reliably in previous works.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Miller, C., Valasek, C.: Adventures in automotive networks and control units. Technical report, IOActive Labs Research, August 2013
Koscher, K., et al.: Experimental security analysis of a modern automobile, pp. 447–462 (2010)
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011. USENIX Association, Berkeley (2011)
Gazdag, A., Buttyan, L., Szalay, Z.: Efficient lossless compression of CAN traffic logs. In: 2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split (2017)
Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus. In: World Congress on Industrial Control Systems Security (WCICSS), London, pp. 45–49 (2015)
Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: 2016 International Conference on Information Networking (ICOIN), Kota Kinabalu, pp. 63–68 (2016)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA (2015)
Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), Montreal, QC, pp. 130–139 (2016)
Evenchick, E.: Hopping On the CAN Bus. Black Hat Asia (2015)
Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of ID sequences. In: IEEE Intelligent Vehicles Symposium (IV), Los Angeles, CA, pp. 1577–1583 (2017)
Narayanan, S.N., Mittal, S., Joshi, A.: OBD\(\_\)SecureAlert: an anomaly detection system for vehicles. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), St. Louis, MO (2016)
Acknowledgement
The work presented in this paper was partially supported from the grant GINOP-2.1.1-15. The project has been supported by the European Union, co-financed by the European Social Fund. EFOP-3.6.2-16-2017-00002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Gazdag, A., Neubrandt, D., Buttyán, L., Szalay, Z. (2019). Detection of Injection Attacks in Compressed CAN Traffic Logs. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds) Security and Safety Interplay of Intelligent Software Systems. CSITS ISSA 2018 2018. Lecture Notes in Computer Science(), vol 11552. Springer, Cham. https://doi.org/10.1007/978-3-030-16874-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-16874-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16873-5
Online ISBN: 978-3-030-16874-2
eBook Packages: Computer ScienceComputer Science (R0)