short-paper

Open access

In-vehicle detection of targeted CAN bus attacks

Authors:

Andreas DominikAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 32, Pages 1 - 7

https://doi.org/10.1145/3465481.3465755

Published: 17 August 2021 Publication History

All formats PDF

Abstract

Most vehicles use the controller area network bus for communication between their components. Attackers who have already penetrated the in-vehicle network often utilize this bus in order to take control of safety-relevant components of the vehicle. Such targeted attack scenarios are often hard to detect by network intrusion detection systems because the specific payload is usually not contained within their training data sets. In this work, we describe an intrusion detection system that uses decision trees that have been modelled through genetic programming. We evaluate the advantages and disadvantages of this approach compared to artificial neural networks and rule-based approaches. For this, we model and simulate specific targeted attacks as well as several types of intrusions described in the literature. The results show that the genetic programming approach is well suited to identify intrusions with respect to complex relationships between sensor values which we consider important for the classification of specific targeted attacks. However, the system is less efficient for the classification of other types of attacks which are better identified by the alternative methods in our evaluation. Further research could thus consider hybrid approaches.

References

[1]

Omar Y Al-Jarrah, Carsten Maple, Mehrdad Dianati, David Oxtoby, and Alex Mouzakitis. 2019. Intrusion Detection Systems for Intra-Vehicle Networks: A Review. IEEE Access 7(2019), 21266–21289.

[2]

Leo Breiman. 2001. Random Forests. Machine Learning 45, 1 (01 Oct 2001), 5–32. https://doi.org/10.1023/A:1010933404324

Digital Library

[3]

Susan M Bridges, Rayford B Vaughn, 2000. Fuzzy data mining and genetic algorithms applied to intrusion detection. In Proceedings of 12th Annual Canadian Information Technology Security Symposium. 109–122.

[4]

Yannick Chevalier, Roland Rieke, Florian Fenzl, Andrey Chechulin, and Igor V. Kotenko. 2020. ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection. In Intelligent Distributed Computing XIII(Studies in Computational Intelligence, Vol. 868), Igor V. Kotenko, Costin Badica, Vasily Desnitsky, Didier El Baz, and Mirjana Ivanovic (Eds.). Springer, Cham, 495–504. https://doi.org/10.1007/978-3-030-32258-8_58

[5]

M Crosbie and E Spafford. 1995. Applying Genetic Algorithms to Intrusion Detection. In Proceedings of the AAAI.

[6]

Marco Di Natale, Haibo Zeng, Paolo Giusto, and Arkadeb Ghosal. 2012. Understanding and using the controller area network communication protocol: theory and practice. Springer Science & Business Media.

[7]

ENISA. 2016. Cyber Security and Resilience of smart cars. Technical Report. ENISA. https://doi.org/10.2824/87614

[8]

Bob Fisch and Jeroen Meijer. 2016–. CanZE: Take a closer look at your ZOE. https://github.com/fesch/CanZE

[9]

Félix-Antoine Fortin, François-Michel De Rainville, Marc-André Gardner, Marc Parizeau, and Christian Gagné. 2012. DEAP: Evolutionary Algorithms Made Easy. Journal of Machine Learning Research 13 (jul 2012), 2171–2175.

Digital Library

[10]

Sébastien Gay, Laurent Sartran, and Jean-Philippe Vasseur. 2019. Specializing unsupervised anomaly detection systems using genetic programming. (26 Feb 2019)., US Patent 10,218,729.

[11]

Anup Goyal and Chetan Kumar. 2008. GA-NIDS: a genetic algorithm based network intrusion detection system. Northwestern university(2008).

[12]

Hacking and Countermeasure Research Lab (HCRL). 2018. Car-Hacking Dataset for the intrusion detection. http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset. [Online; accessed 28-Jun-2018].

[13]

Pohlheim Hartmut. 2004. Evolutionary Algorithms: Overview, Methods and Operators. GEATbx version 3(2004).

[14]

Tobias Islinger, Yasuhiro Mori, Jennifer Neumüller, Martin Prisching, and Robert Schmidt. 2017. Autosar SecOC for CAN FD. https://can-newsletter.org/engineering/engineering-miscellaneous/170306_autosar-secoc-for-can-fd_denso

[15]

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, 2010. Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy. IEEE, 447–462.

Digital Library

[16]

John R Koza. 1997. Genetic programming. (1997).

[17]

Wei Lu and Issa Traore. 2004. Detecting new forms of network intrusion using genetic programming. Computational intelligence 20, 3 (2004), 475–494.

[18]

Parry Gowher Majeed and Santosh Kumar. 2014. Genetic algorithms in intrusion detection systems: A survey. International Journal of Innovation and Applied Studies 5, 3(2014), 233.

[19]

Mirco Marchetti and Dario Stabili. 2017. Anomaly detection of CAN bus messages through analysis of ID sequences. In 2017 IEEE Intelligent Vehicles Symposium (IV). IEEE, 1577–1583.

Digital Library

[20]

Moti Markovitz and Avishai Wool. 2017. Field classification, modeling and anomaly detection in unknown CAN bus networks. Vehicular Communications 9 (2017), 43–52.

[21]

Brad L Miller, David E Goldberg, 1995. Genetic algorithms, tournament selection, and the effects of noise. Complex systems 9, 3 (1995), 193–212.

[22]

Charlie Miller and Chris Valasek. 2013. Adventures in automotive networks and control units. Def Con 21(2013), 260–264.

[23]

Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015(2015), 91.

[24]

David J Montana. 1995. Strongly typed genetic programming. Evolutionary computation 3, 2 (1995), 199–230.

[25]

Controller Area Network. 1991. Specification—Version 2.0. Bosch GmbH (1991).

[26]

Sen Nie, Ling Liu, and Yuefeng Du. 2017. Free-fall: hacking tesla from wireless to CAN bus. Briefing, Black Hat USA(2017), 1–16.

[27]

Riccardo Poli, Mathew Salvaris, and Caterina Cinel. 2011. Evolution of a brain-computer interface mouse via genetic programming. In European Conference on Genetic Programming. Springer, 203–214.

[28]

T. Rosenstatter, C. Sandberg, and T. Olovsson. 2019. Extending AUTOSAR’s Counter-Based Solution for Freshness of Authenticated Messages in Vehicles. In 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC). 1–109.

[29]

Eunbi Seo, Hyun Min Song, and Huy Kang Kim. 2018. Gids: Gan based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST). IEEE, 1–6.

[30]

R. Sommer and V. Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy. IEEE, 305–316. https://doi.org/10.1109/SP.2010.25

Digital Library

[31]

Hyun Min Song, Jiyoung Woo, and Huy Kang Kim. 2020. In-vehicle network intrusion detection using deep convolutional neural network. Vehicular Communications 21 (2020), 100198.

Digital Library

[32]

Ivan Studnia, Vincent Nicomette, Eric Alata, Yves Deswarte, Mohamed Kaâniche, and Youssef Laarouchi. 2013. Security of embedded automotive networks: state of the art and a research proposal. In SAFECOMP 2013 - Workshop CARS of the 32nd International Conference on Computer Safety, Reliability and Security, Matthieu ROY (Ed.).

[33]

Adrian Taylor. 2017. Anomaly-based detection of malicious activity in in-vehicle networks. Ph.D. Dissertation. Université d’Ottawa/University of Ottawa.

[34]

Adrian Taylor, Sylvain Leblanc, and Nathalie Japkowicz. 2018. Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework. IEEE Intelligent Systems 33, 2 (2018), 54–62.

Digital Library

[35]

Miki E Verma, Michael D Iannacone, Robert A Bridges, Samuel C Hollifield, Bill Kay, and Frank L Combs. 2020. ROAD: The Real ORNL Automotive Dynamometer Controller Area Network Intrusion Detection Dataset (with a comprehensive CAN IDS dataset survey & guide). arXiv preprint arXiv:2012.14600(2020).

[36]

Daniel Zelle, Roland Rieke, Christian Plappert, Christoph Krauß, Dmitry Levshun, and Andrey Chechulin. 2020. SEPAD–Security Evaluation Platform for Autonomous Driving. In 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). IEEE, 413–420. https://doi.org/10.1109/PDP50117.2020.00070

Cited By

Verma MBridges RIannacone MHollifield SMoriano PHespeler SKay BCombs F(2024)A comprehensive guide to CAN IDS data and introduction of the ROAD datasetPLOS ONE10.1371/journal.pone.029687919:1(e0296879)Online publication date: 22-Jan-2024
https://doi.org/10.1371/journal.pone.0296879
Rasheed ABaza MBadr MAlshahrani HChoo K(2024)Efficient Crypto Engine for Authenticated Encryption, Data Traceability, and Replay Attack Detection Over CAN Bus NetworkIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.331254511:1(1008-1025)Online publication date: Jan-2024
https://doi.org/10.1109/TNSE.2023.3312545
Almehdhar MAlbaseer AKhan MAbdallah MMenouar HAl-Kuwari SAl-Fuqaha A(2024)Deep Learning in the Fast Lane: A Survey on Advanced Intrusion Detection Systems for Intelligent Vehicle NetworksIEEE Open Journal of Vehicular Technology10.1109/OJVT.2024.34222535(869-906)Online publication date: 2024
https://doi.org/10.1109/OJVT.2024.3422253
Show More Cited By

Index Terms

In-vehicle detection of targeted CAN bus attacks
1. Computing methodologies
  1. Artificial intelligence
2. Social and professional topics
  1. Computing / technology policy

Index terms have been assigned to the content through auto-classification.

Recommendations

A novel framework for detection and prevention of denial of service attacks on autonomous vehicles using fuzzy logic
Abstract
Every year, millions of people lose their lives due to road accidents, and countless others suffer from severe injuries. Moreover, these accidents cause economic losses worldwide. Primary reasons for these accidents include over speeding, ...
DoS Attacks Intelligent Detection using Neural Networks

The potential damage to computer networks keeps increasing due to a growing reliance on the Internet and more extensive connectivity. Intrusion detection systems (IDSs) have become an essential component of computer security to detect attacks that occur ...
Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,957
Total Downloads

Downloads (Last 12 months)487
Downloads (Last 6 weeks)64

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Verma MBridges RIannacone MHollifield SMoriano PHespeler SKay BCombs F(2024)A comprehensive guide to CAN IDS data and introduction of the ROAD datasetPLOS ONE10.1371/journal.pone.029687919:1(e0296879)Online publication date: 22-Jan-2024
https://doi.org/10.1371/journal.pone.0296879
Rasheed ABaza MBadr MAlshahrani HChoo K(2024)Efficient Crypto Engine for Authenticated Encryption, Data Traceability, and Replay Attack Detection Over CAN Bus NetworkIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.331254511:1(1008-1025)Online publication date: Jan-2024
https://doi.org/10.1109/TNSE.2023.3312545
Almehdhar MAlbaseer AKhan MAbdallah MMenouar HAl-Kuwari SAl-Fuqaha A(2024)Deep Learning in the Fast Lane: A Survey on Advanced Intrusion Detection Systems for Intelligent Vehicle NetworksIEEE Open Journal of Vehicular Technology10.1109/OJVT.2024.34222535(869-906)Online publication date: 2024
https://doi.org/10.1109/OJVT.2024.3422253
Wang SZheng BLiu ZFan ZLiu YDai Y(2024)A Lightweight Intrusion Detection System for Vehicular Networks Based on an Improved ViT ModelIEEE Access10.1109/ACCESS.2024.344549812(118842-118856)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3445498
Ahmad HGulzar MAziz SHabib SAhmed I(2024)AI-based anomaly identification techniques for vehicles communication protocol systems: Comprehensive investigation, research opportunities and challengesInternet of Things10.1016/j.iot.2024.10124527(101245)Online publication date: Oct-2024
https://doi.org/10.1016/j.iot.2024.101245
Rajapaksha SKalutarage HAl-Kadri MPetrovski AMadzudzo GCheah M(2023)AI-Based Intrusion Detection Systems for In-Vehicle Networks: A SurveyACM Computing Surveys10.1145/357095455:11(1-40)Online publication date: 9-Feb-2023
https://dl.acm.org/doi/10.1145/3570954
Gail FRieke RFenzl F(2023)RulEth: Genetic Programming-Driven Derivation of Security Rules for Automotive EthernetMachine Learning and Knowledge Discovery in Databases: Applied Data Science and Demo Track10.1007/978-3-031-43430-3_12(192-209)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-43430-3_12
Karopoulos GKambourakis GChatzoglou EHernández-Ramos JKouliaridis V(2022)Demystifying In-Vehicle Intrusion Detection Systems: A Survey of Surveys and a Meta-TaxonomyElectronics10.3390/electronics1107107211:7(1072)Online publication date: 29-Mar-2022
https://doi.org/10.3390/electronics11071072

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents