Abstract
With the rapid development of the Internet of Things (IoT) and the Internet of Vehicles (IoV) technologies, smart vehicles have replaced conventional ones by providing more advanced driving-related features. IoV systems typically consist of Intra-Vehicle Networks (IVNs) in which many Electronic Control units (ECUs) directly and indirectly communicate among them through the Controller Area Network (CAN) bus. However, the growth of such vehicles has also increased the number of network and physical attacks focused on exploiting security weaknesses affecting the CAN protocol. Such problems can also endanger the life of the driver and passengers of the vehicle, as well as that of pedestrians. Therefore, to face this security issue, we propose a novel anomaly detector capable of considering the vehicle-related state over time. To accomplish this, we combine different most famous algorithms to consider all possible relationships between CAN messages and arrange them as corresponding associative rules. The presented approach, also compared with the state-of-the-art solutions, can effectively detect different kinds of attacks (DoS, Fuzzy, GEAR and RPM) by only considering CAN messages collected during attack-free operating scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Dataset available at https://ocslab.hksecurity.net/Datasets/car-hacking-dataset.
References
Al-Jarrah, O.Y., Maple, C., Dianati, M., Oxtoby, D., Mouzakitis, A.: Intrusion detection systems for intra-vehicle networks: a review. IEEE Access 7, 21266–21289 (2019). https://doi.org/10.1109/ACCESS.2019.2894183
Bozdal, M., Samie, M., Aslam, S., Jennions, I.: Evaluation of can bus security challenges. Sensors 20(8) (2020). https://doi.org/10.3390/s20082364, https://www.mdpi.com/1424-8220/20/8/2364
Campanile, L., Iacono, M., Levis, A.H., Marulli, F., Mastroianni, M.: Privacy regulations, smart roads, blockchain, and liability insurance: putting technologies to work. IEEE Secur. Priv. 19(1), 34–43 (2021). https://doi.org/10.1109/MSEC.2020.3012059
Chonny: Apriori—association rule mining in-depth explanation and python implementation. https://urlis.net/f2yeu5zt. Accessed 02 Mar 2023
Christopher, A.: K-nearest neighbor. https://medium.com/swlh/k-nearest-neighbor-ca2593d7a3c4. Accessed 02 Mar 2023
Dürrwang, J., Braun, J., Rumez, M., Kriesten, R.: Security evaluation of an airbag-ECU by reusing threat modeling artefacts. In: 2017 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 37–43 (2017). https://doi.org/10.1109/CSCI.2017.7
D’Angelo, G., Castiglione, A., Palmieri, F.: A cluster-based multidimensional approach for detecting attacks on connected vehicles. IEEE Internet of Things J. 8(16), 12518–12527 (2021). https://doi.org/10.1109/JIOT.2020.3032935
EL Madani, S., Motahhir, S., EL Ghzizal, A.: Internet of vehicles: concept, process, security aspects and solutions. Multimedia Tools Appl. 81(12), 16563–16587 (2022). https://doi.org/10.1007/s11042-022-12386-1
Elmasry, W., Akbulut, A., Zaim, A.H.: Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput. Netw. 168, 107042 (2020). https://doi.org/10.1016/j.comnet.2019.107042, https://www.sciencedirect.com/science/article/pii/S138912861930800X
Fauzi, M.A., Hanuranto, A.T., Setianingsih, C.: Intrusion detection system using genetic algorithm and k-nn algorithm on dos attack. In: 2020 2nd International Conference on Cybernetics and Intelligent System (ICORIS), pp. 1–6 (2020). https://doi.org/10.1109/ICORIS50180.2020.9320822
Hossain, M.D., Inoue, H., Ochiai, H., Fall, D., Kadobayashi, Y.: LSTM-based intrusion detection system for in-vehicle can bus communications. IEEE Access 8, 185489–185502 (2020). https://doi.org/10.1109/ACCESS.2020.3029307
Khatri, N., Shrestha, R., Nam, S.Y.: Security issues with in-vehicle networks, and enhanced countermeasures based on blockchain. Electronics 10, 893 (2021)
Kherbache, M., Espes, D., Amroun, K.: An enhanced approach of the k-means clustering for anomaly-based intrusion detection systems. In: 2021 International Conference on Computing, Computational Modelling and Applications (ICCMA), pp. 78–83 (2021). https://doi.org/10.1109/ICCMA53594.2021.00021
Li, X., et al.: Can bus messages abnormal detection using improved SVDD in internet of vehicles. IEEE Internet of Things J. 9(5), 3359–3371 (2022). https://doi.org/10.1109/JIOT.2021.3098221
Lin, Y., Chen, C., Xiao, F., Avatefipour, O., Alsubhi, K., Yunianta, A.: An evolutionary deep learning anomaly detection framework for in-vehicle networks - can bus. IEEE Trans. Ind. Appl. p. 1 (2020). https://doi.org/10.1109/TIA.2020.3009906
Liu, J., Liang, B., Ji, W.: An anomaly detection approach based on hybrid differential evolution and k-means clustering in crowd intelligence. Int. J. Crowd Sci. 5(2), 129–142 (2021). https://doi.org/10.1108/IJCS-07-2020-0013
Lokman, S.-F., Othman, A.T., Abu-Bakar, M.-H.: Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP J. Wirel. Commun. Netw. 2019(1), 1–17 (2019). https://doi.org/10.1186/s13638-019-1484-3
Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown can bus networks. Veh. Commun. 9, 43–52 (2017). https://doi.org/10.1016/j.vehcom.2017.02.005, https://www.sciencedirect.com/science/article/pii/S2214209616300869
Moore, M.R., Bridges, R.A., Combs, F.L., Starr, M.S., Prowell, S.J.: Modeling inter-signal arrival times for accurate detection of can bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection. In: Proceedings of the 12th Annual Conference on Cyber and Information Security Research. CISRC 2017, Association for Computing Machinery, New York, NY, USA, pp. 1–4 (2017). https://doi.org/10.1145/3064814.3064816
Seo, E., Song, H.M., Kim, H.K.: GIDS: GAN based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–6 (2018). https://doi.org/10.1109/PST.2018.8514157
Shakya, S., Sigdel, S.: An approach to develop a hybrid algorithm based on support vector machine and Naive Bayes for anomaly detection. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 323–327 (2017). https://doi.org/10.1109/CCAA.2017.8229836
Song, H.M., Woo, J., Kim, H.K.: In-vehicle network intrusion detection using deep convolutional neural network. Veh. Commun. 21, 100198 (2020). https://doi.org/10.1016/j.vehcom.2019.100198, https://www.sciencedirect.com/science/article/pii/S2214209619302451
Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive can bus. In: 2015 World Congress on Industrial Control Systems Security (WCICSS), pp. 45–49 (2015). https://doi.org/10.1109/WCICSS.2015.7420322
Utami, M.P., Nurhayati, O.D., Warsito, B.: Hoax information detection system using Apriori algorithm and random forest algorithm in twitter. In: 2020 6th International Conference on Interactive Digital Media (ICIDM), pp. 1–5 (2020). https://doi.org/10.1109/ICIDM51048.2020.9339648
Xiao, J., Wu, H., Li, X.: Internet of Things meets vehicles: Sheltering in-vehicle network through lightweight machine learning. Symmetry 11(11) (2019). https://doi.org/10.3390/sym11111388, https://www.mdpi.com/2073-8994/11/11/1388
Yang, L., Moubayed, A., Shami, A.: MTH-IDS: a multitiered hybrid intrusion detection system for internet of vehicles. IEEE Internet of Things J. 9(1), 616–632 (2022). https://doi.org/10.1109/JIOT.2021.3084796
Yang, L., Shami, A., Stevens, G., de Rusett, S.: LCCDE: a decision-based ensemble framework for intrusion detection in the internet of vehicles. In: GLOBECOM 2022–2022 IEEE Global Communications Conference, pp. 3545–3550 (2022). https://doi.org/10.1109/GLOBECOM48099.2022.10001280
Zhu, K., Chen, Z., Peng, Y., Zhang, L.: Mobile edge assisted literal multi-dimensional anomaly detection of in-vehicle network using LSTM. IEEE Trans. Veh. Technol. 68(5), 4275–4284 (2019). https://doi.org/10.1109/TVT.2019.2907269
Acknowledgments
This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
Gianni D’Angelo
Supervision, Methodology, and Reviewing.
Massimo Ficco
Supervision, Methodology, and Reviewing.
Antonio Robustelli
Investigation, Conceptualization, and Writing.
Conflict of interest
The authors declare that they have no conflict of interest.
Availability of Data and Material
The used data is available on https://ocslab.hksecurity.net/Datasets/car-hacking-dataset.
Informed Consent
Informed consent was obtained from all individual participants included in the study.
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
D’Angelo, G., Ficco, M., Robustelli, A. (2023). An Association Rules-Based Approach for Anomaly Detection on CAN-bus. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2023 Workshops. ICCSA 2023. Lecture Notes in Computer Science, vol 14105. Springer, Cham. https://doi.org/10.1007/978-3-031-37108-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-37108-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37107-3
Online ISBN: 978-3-031-37108-0
eBook Packages: Computer ScienceComputer Science (R0)