Inter-message correlation for intrusion detection in controller area networks
- Electronic Control Units (ECUs) exchange data via in-vehicle network protocols such as the Controller Area Network (CAN) protocol. These protocols do not encrypt data or authenticate messages since they were designed for an isolated network. Many studies have developed Intrusion Detection Systems (IDSs) that fingerprint each ECU to secure the CAN protocol. These IDSs, however, cannot detect an attack in which an adversary spoofs sensor measurements or control signals in a message without changing the transmitter of that message. In order to detect such attacks, we develop a motion-based IDS (MIDS) that exploits the correlation between messages that convey the same information of a vehicle’s movement, such as vehicle speed. We also introduce a new metric to quantify the effectiveness of MIDS. We evaluate MIDS using CAN data from two real vehicles by demonstrating that MIDS can detect the attacks on the CAN bus or ECUs.
Author: | Sang Uk SagongORCiDGND, Radha PoovendranORCiDGND, Linda BushnellORCiDGND |
---|---|
URN: | urn:nbn:de:hbz:294-66770 |
DOI: | https://doi.org/10.13154/294-6677 |
Parent Title (English): | 17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung) |
Document Type: | Part of a Book |
Language: | English |
Date of Publication (online): | 2019/10/31 |
Date of first Publication: | 2019/10/31 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | Controller Area Network; Correlation; Intrusion Detection System; Message Data |
First Page: | 215 |
Last Page: | 229 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
Konferenz-/Sammelbände: | 17th escar Europe : embedded security in cars |
Licence (German): | Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |