Related papers: Time-Based CAN Intrusion Detection Benchmark

Time-Based CAN Intrusion Detection Benchmark

URL: http://arxiv.org/abs/2101.05781v1
Date: Thu, 14 Jan 2021 18:33:19 GMT
Title: Time-Based CAN Intrusion Detection Benchmark
Authors: Deborah H. Blevins (1), Pablo Moriano (2), Robert A. Bridges (2), Miki E. Verma (2), Michael D. Iannacone (2), Samuel C Hollifield (2) ((1) University of Kentucky, (2) Oak Ridge National Laboratory)
Abstract summary: Vehicle control systems are vulnerable to message injection attacks. Time-based intrusion detection systems (IDSs) have been proposed to detect these messages. We benchmark four time-based IDSs against the newly published ROAD dataset. We also develop an after-market plug-in detector using lightweight hardware.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Modern vehicles are complex cyber-physical systems made of hundreds of electronic control units (ECUs) that communicate over controller area networks (CANs). This inherited complexity has expanded the CAN attack surface which is vulnerable to message injection attacks. These injections change the overall timing characteristics of messages on the bus, and thus, to detect these malicious messages, time-based intrusion detection systems (IDSs) have been proposed. However, time-based IDSs are usually trained and tested on low-fidelity datasets with unrealistic, labeled attacks. This makes difficult the task of evaluating, comparing, and validating IDSs. Here we detail and benchmark four time-based IDSs against the newly published ROAD dataset, the first open CAN IDS dataset with real (non-simulated) stealthy attacks with physically verified effects. We found that methods that perform hypothesis testing by explicitly estimating message timing distributions have lower performance than methods that seek anomalies in a distribution-related statistic. In particular, these "distribution-agnostic" based methods outperform "distribution-based" methods by at least 55% in area under the precision-recall curve (AUC-PR). Our results expand the body of knowledge of CAN time-based IDSs by providing details of these methods and reporting their results when tested on datasets with real advanced attacks. Finally, we develop an after-market plug-in detector using lightweight hardware, which can be used to deploy the best performing IDS method on nearly any vehicle.

Related papers

Real-Time Zero-Day Intrusion Detection System for Automotive Controller Area Network on FPGAs [13.581341206178525]
This paper presents an unsupervised-learning-based convolutional autoencoder architecture for detecting zero-day attacks. We quantise the model using Vitis-AI tools from AMD/Xilinx targeting a resource-constrained Zynq Ultrascale platform. The proposed model successfully achieves equal or higher classification accuracy (> 99.5%) on unseen DoS, fuzzing, and spoofing attacks.
arXiv Detail & Related papers (2024-01-19T14:36:01Z)
DALA: A Distribution-Aware LoRA-Based Adversarial Attack against Language Models [64.79319733514266]
Adversarial attacks can introduce subtle perturbations to input data. Recent attack methods can achieve a relatively high attack success rate (ASR) We propose a Distribution-Aware LoRA-based Adversarial Attack (DALA) method.
arXiv Detail & Related papers (2023-11-14T23:43:47Z)
Reconstruction-based LSTM-Autoencoder for Anomaly-based DDoS Attack Detection over Multivariate Time-Series Data [6.642599588462097]
A Distributed Denial-of-service (DDoS) attack is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by sending a flood of traffic to overwhelm the target or its surrounding infrastructure. Traditional statistical and shallow machine learning techniques can detect superficial anomalies based on shallow data and feature selection, however, these approaches cannot detect unseen DDoS attacks. We propose a reconstruction-based anomaly detection model named LSTM-Autoencoder (LSTM-AE) which combines two deep learning-based models for detecting DDoS attack anomalies.
arXiv Detail & Related papers (2023-04-21T03:56:03Z)
CANShield: Signal-based Intrusion Detection for Controller Area Networks [29.03951113836835]
We propose CANShield, a signal-based intrusion detection framework for the CAN bus. CanShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level; a data analyzer module consisting of multiple deep autoencoder networks, each analyzing the time-series data from a different temporal perspective; and an attack detection module that uses an ensemble method to make the final decision.
arXiv Detail & Related papers (2022-05-03T04:52:44Z)
TFDPM: Attack detection for cyber-physical systems with diffusion probabilistic models [10.389972581904999]
We propose TFDPM, a general framework for attack detection tasks in CPSs. It simultaneously extracts temporal pattern and feature pattern given the historical data. The noise scheduling network increases the detection speed by three times.
arXiv Detail & Related papers (2021-12-20T13:13:29Z)
DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly detection in air transportation [68.8204255655161]
We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE) It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase. Results show that the DAE achieves better results in both accuracy and speed of detection.
arXiv Detail & Related papers (2021-09-08T14:07:55Z)
DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows [52.31831255787147]
We introduce a novel technique, DAAIN, to detect out-of-distribution (OOD) inputs and adversarial attacks (AA) Our approach monitors the inner workings of a neural network and learns a density estimator of the activation distribution. Our model can be trained on a single GPU making it compute efficient and deployable without requiring specialized accelerators.
arXiv Detail & Related papers (2021-05-30T22:07:13Z)
A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset [1.6494191187996927]
Controller Area Networks (CANs) lack basic security properties and are easily exploitable. producing vehicular CAN data with a variety of intrusions is out of reach for most researchers. We present the first comprehensive guide to the existing open CAN intrusion datasets.
arXiv Detail & Related papers (2020-12-29T04:18:54Z)
Unsupervised Domain Adaptation for Speech Recognition via Uncertainty Driven Self-Training [55.824641135682725]
Domain adaptation experiments using WSJ as a source domain and TED-LIUM 3 as well as SWITCHBOARD show that up to 80% of the performance of a system trained on ground-truth data can be recovered.
arXiv Detail & Related papers (2020-11-26T18:51:26Z)
Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
arXiv Detail & Related papers (2020-08-05T19:29:35Z)
Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical Edge Computing [65.78881372074983]
IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay. We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems. We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-04-15T06:13:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.