Related papers: CANShield: Signal-based Intrusion Detection for Controller Area Networks

CANShield: Signal-based Intrusion Detection for Controller Area Networks

URL: http://arxiv.org/abs/2205.01306v1
Date: Tue, 3 May 2022 04:52:44 GMT
Title: CANShield: Signal-based Intrusion Detection for Controller Area Networks
Authors: Md Hasan Shahriar, Yang Xiao, Pablo Moriano, Wenjing Lou, and Y. Thomas Hou
Abstract summary: We propose CANShield, a signal-based intrusion detection framework for the CAN bus. CanShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level; a data analyzer module consisting of multiple deep autoencoder networks, each analyzing the time-series data from a different temporal perspective; and an attack detection module that uses an ensemble method to make the final decision.
Score: 29.03951113836835
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Modern vehicles rely on a fleet of electronic control units (ECUs) connected through controller area network (CAN) buses for critical vehicular control. However, with the expansion of advanced connectivity features in automobiles and the elevated risks of internal system exposure, the CAN bus is increasingly prone to intrusions and injection attacks. The ordinary injection attacks disrupt the typical timing properties of the CAN data stream, and the rule-based intrusion detection systems (IDS) can easily detect them. However, advanced attackers can inject false data to the time series sensory data (signal), while looking innocuous by the pattern/frequency of the CAN messages. Such attacks can bypass the rule-based IDS or any anomaly-based IDS built on binary payload data. To make the vehicles robust against such intelligent attacks, we propose CANShield, a signal-based intrusion detection framework for the CAN bus. CANShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level and makes them suitable for a deep learning model; a data analyzer module consisting of multiple deep autoencoder (AE) networks, each analyzing the time-series data from a different temporal perspective; and finally an attack detection module that uses an ensemble method to make the final decision. Evaluation results on two high-fidelity signal-based CAN attack datasets show the high accuracy and responsiveness of CANShield in detecting wide-range of advanced intrusion attacks.

Related papers

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN [13.581341206178525]
Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors. In this paper, we present a case for custom-quantised literature (CQMLP) as a multi-class classification model. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages with a very high accuracy of 99.9%.
arXiv Detail & Related papers (2024-01-19T21:11:02Z)
Real-Time Zero-Day Intrusion Detection System for Automotive Controller Area Network on FPGAs [13.581341206178525]
This paper presents an unsupervised-learning-based convolutional autoencoder architecture for detecting zero-day attacks. We quantise the model using Vitis-AI tools from AMD/Xilinx targeting a resource-constrained Zynq Ultrascale platform. The proposed model successfully achieves equal or higher classification accuracy (> 99.5%) on unseen DoS, fuzzing, and spoofing attacks.
arXiv Detail & Related papers (2024-01-19T14:36:01Z)
Physical-Layer Semantic-Aware Network for Zero-Shot Wireless Sensing [74.12670841657038]
Device-free wireless sensing has recently attracted significant interest due to its potential to support a wide range of immersive human-machine interactive applications. Data heterogeneity in wireless signals and data privacy regulation of distributed sensing have been considered as the major challenges that hinder the wide applications of wireless sensing in large area networking systems. We propose a novel zero-shot wireless sensing solution that allows models constructed in one or a limited number of locations to be directly transferred to other locations without any labeled data.
arXiv Detail & Related papers (2023-12-08T13:50:30Z)
X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network [6.68111081144141]
X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase.
arXiv Detail & Related papers (2023-03-22T03:11:02Z)
Reinforcement Learning based Cyberattack Model for Adaptive Traffic Signal Controller in Connected Transportation Systems [61.39400591328625]
In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time. This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes. One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network. An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
arXiv Detail & Related papers (2022-10-31T20:12:17Z)
Time-to-Green predictions for fully-actuated signal control systems with supervised learning [56.66331540599836]
This paper proposes a time series prediction framework using aggregated traffic signal and loop detector data. We utilize state-of-the-art machine learning models to predict future signal phases' duration. Results based on an empirical data set from a fully-actuated signal control system in Zurich, Switzerland, show that machine learning models outperform conventional prediction methods.
arXiv Detail & Related papers (2022-08-24T07:50:43Z)
DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly detection in air transportation [68.8204255655161]
We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE) It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase. Results show that the DAE achieves better results in both accuracy and speed of detection.
arXiv Detail & Related papers (2021-09-08T14:07:55Z)
CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
We propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
arXiv Detail & Related papers (2021-06-15T06:12:33Z)
Time-Based CAN Intrusion Detection Benchmark [0.0]
Vehicle control systems are vulnerable to message injection attacks. Time-based intrusion detection systems (IDSs) have been proposed to detect these messages. We benchmark four time-based IDSs against the newly published ROAD dataset. We also develop an after-market plug-in detector using lightweight hardware.
arXiv Detail & Related papers (2021-01-14T18:33:19Z)
A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset [1.6494191187996927]
Controller Area Networks (CANs) lack basic security properties and are easily exploitable. producing vehicular CAN data with a variety of intrusions is out of reach for most researchers. We present the first comprehensive guide to the existing open CAN intrusion datasets.
arXiv Detail & Related papers (2020-12-29T04:18:54Z)
Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.