skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Towards a CAN IDS Based on a Neural Network Data Field Predictor

Conference ·
 [1]; ORCiD logo [2]; ORCiD logo [2]
  1. Pennsylvania State University
  2. ORNL
+ Show Author Affiliations

Modern vehicles contain a few controller area networks (CANs), which allow scores of on-board electronic control units (ECUs) to communicate messages critical to vehicle functions and driver safety. CAN provides a lightweight and reliable broadcast protocol but is bereft of security features. As evidenced by many recent research works, CAN exploits are possible both remotely and with direct access, fueling a growing CAN intrusion detection system (IDS) body of research. A challenge for pioneering vehicle-agnostic IDSs is that passenger vehicles' CAN message encodings are proprietary, defined and held secret by original equipment manufacturers (OEMs). Targeting detection of next-generation attacks, in which messages are sent from the expected ECU at the expected time but with malicious content, researchers are now seeking to leverage "CAN data models'', which predict future CAN messages and use prediction error to identify anomalous, hopefully malicious CAN messages. Yet, current works model CAN signals post-translation, i.e., after applying OEM-donated or reverse-engineered translations from raw data. We present initial IDS results testing deep neural networks used to predict CAN data at the bit level, targeting IDS capabilities that avoiding reverse engineering proprietary encodings. Our results suggest the method is promising for data with signals exhibiting dependence on previous or concurrent inputs.

Research Organization:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-00OR22725
OSTI ID:
1513385
Resource Relation:
Conference: ACM Workshop on Automotive Cybersecurity (AutoSec)in conjunction with ACM CODASPY 2019 - Dallas, Texas, United States of America - 3/27/2019 4:00:00 AM-
Country of Publication:
United States
Language:
English

References (10)

Long Short-Term Memory journal November 1997
Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security journal June 2016
ACTT: Automotive CAN Tokenization and Translation conference December 2018
Error Handling of In-vehicle Networks Makes Them Vulnerable conference October 2016
A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles journal March 2019
A structured approach to anomaly detection for in-vehicle networks conference August 2010
Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection conference August 2018
Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network conference January 2016
An intrusion detection method for securing in-vehicle CAN bus
  • Gmiden, Mabrouka; Gmiden, Mohamed Hedi; Trabelsi, Hafedh
  • 2016 17th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA) https://doi.org/10.1109/STA.2016.7952095
conference December 2016
Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection
  • Moore, Michael R.; Bridges, Robert A.; Combs, Frank L.
  • CISRC'17: Twelfth Annual Cyber and Information Security Research Conference, Proceedings of the 12th Annual Conference on Cyber and Information Security Research https://doi.org/10.1145/3064814.3064816
conference April 2017

Similar Records

Related Subjects