Data Relation Analysis Focusing on Plural Data Transition for Detecting Attacks on Vehicular Network

  • Jun YajimaEmail author
  • Takayuki Hasebe
  • Takao Okubo
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1036)


On the Controller Area Network (CAN), there are three types of messages, namely periodic messages, event based periodic messages, and non-periodic messages. On the attack detection, there are many high accuracy methods for the periodic messages. For the event based periodic messages and the non-periodic messages, detection methods utilizing the relation of plural data in some messages are effective. In such methods, the relations between plural data are investigated from some messages that were collected beforehand. And, obtained relation information is used as attributes of statistic detection. In this paper, a new attack detection method utilizing the number of occurrences of specific values and changes of values in messages is proposed. And the derivation algorithm that derives relation information efficiently is also proposed. By using the derivation algorithm, we found 582 relations for the detection method.


  1. 1.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat 2015 (2015)Google Scholar
  2. 2.
    ISO11898: Road vehicles – Controller area network (CAN) (2003)Google Scholar
  3. 3.
    Yajima, J., Abe, Y., Hasebe, T.: Proposal of anomaly detection method “cumulative sum detection” for in-vehicle networks. In: escar Asia 2018 (2018)Google Scholar
  4. 4.
    Otsuka, S., Ishigooka, T., Oishi, Y.: CAN Security: Cost-Effective Intrusion Detection for Real-Time Control Systems. SAE Technical Paper 2014-01-0340 (2014)Google Scholar
  5. 5.
    Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown CAN bus networks. In: escar Europe 2015 (2015)Google Scholar
  6. 6.
    Kishikawa, T., Maeda, M., Tsurumi, J., Haga, T., Takahashi, R., Sasaki, T., Anzai, J., Matsushima, H.: A generic CAN message field extraction method to construct anomaly detection systems for in-vehicle networks. In: 2017 Symposium on Cryptography and Information Security, SCIS 2017 (2017)Google Scholar
  7. 7.
    Hamada, Y., Yoshida, K., Adachi, N., Kamiguchi, S., Ueda, H., Miyashita, Y., Isoyama, Y., Hata, Y.: Intrusion detection for acyclic messages in in-vehicle network: a proposal. In: Computer Security Symposium 2018, CSS 2018 (2018)Google Scholar
  8. 8.
    Iehira, K., Kanamori, K., Inoue, H., Ishida, K.: Extraction of correlation between in-vehicle sensor information using pattern matching for automatic generation of anomaly detection rules. In: 2018 Symposium on Cryptography and Information Security, SCIS 2018 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Institute of Information SecurityYokohamaJapan
  2. 2.Fujitsu Laboratories Ltd.KawasakiJapan

Personalised recommendations