X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network
- URL: http://arxiv.org/abs/2303.12278v3
- Date: Thu, 14 Mar 2024 11:14:24 GMT
- Title: X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network
- Authors: Seonghoon Jeong, Sangho Lee, Hwejae Lee, Huy Kang Kim,
- Abstract summary: X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database.
X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase.
- Score: 6.68111081144141
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.
Related papers
- AI-Driven Intrusion Detection Systems (IDS) on the ROAD Dataset: A Comparative Analysis for Automotive Controller Area Network (CAN) [4.081467217340597]
The Controller Area Network (CAN) bus is a central system for managing in-vehicle communication between the electronic control units (ECUs)
CAN protocol poses security challenges due to inherent vulnerabilities, lacking encryption and authentication, which, combined with an expanding attack surface, necessitates robust security measures.
This paper considers the latest ROAD dataset, containing stealthy and sophisticated injections.
arXiv Detail & Related papers (2024-08-30T12:26:23Z) - Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data [57.22545280370174]
On Path Diagnostic - Intrusion & Inference (OPD-II) is a novel path inference attack leveraging a physical car model and a map matching algorithm.
We implement our attack on a set of four different cars and a total number of 41 tracks in different road and traffic scenarios.
arXiv Detail & Related papers (2024-06-30T04:21:46Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - GCNIDS: Graph Convolutional Network-Based Intrusion Detection System for CAN Bus [0.0]
We present an innovative approach to intruder detection within the CAN bus, leveraging Graph Convolutional Network (GCN) techniques.
Our experimental findings substantiate that the proposed GCN-based method surpasses existing IDSs in terms of accuracy, precision, and recall.
Our proposed approach holds significant potential in fortifying the security and safety of modern vehicles.
arXiv Detail & Related papers (2023-09-18T21:42:09Z) - When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures.
We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN.
Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
arXiv Detail & Related papers (2023-06-09T14:33:26Z) - Reinforcement Learning based Cyberattack Model for Adaptive Traffic
Signal Controller in Connected Transportation Systems [61.39400591328625]
In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time.
This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes.
One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network.
An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
arXiv Detail & Related papers (2022-10-31T20:12:17Z) - Federated Deep Learning Meets Autonomous Vehicle Perception: Design and
Verification [168.67190934250868]
Federated learning empowered connected autonomous vehicle (FLCAV) has been proposed.
FLCAV preserves privacy while reducing communication and annotation costs.
It is challenging to determine the network resources and road sensor poses for multi-stage training.
arXiv Detail & Related papers (2022-06-03T23:55:45Z) - Anomaly Detection in Intra-Vehicle Networks [0.0]
Modern vehicles are connected to a range of networks, including intra-vehicle networks and external networks.
With the loopholes in the existing traditional protocols, cyber-attacks on the vehicle network are rising drastically.
This paper discusses the security issues of the CAN bus protocol and proposes an Intrusion Detection System (IDS) that detects known attacks.
arXiv Detail & Related papers (2022-05-07T03:38:26Z) - CANShield: Signal-based Intrusion Detection for Controller Area Networks [29.03951113836835]
We propose CANShield, a signal-based intrusion detection framework for the CAN bus.
CanShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level; a data analyzer module consisting of multiple deep autoencoder networks, each analyzing the time-series data from a different temporal perspective; and an attack detection module that uses an ensemble method to make the final decision.
arXiv Detail & Related papers (2022-05-03T04:52:44Z) - CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an
In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
We propose a security hardening system for in-vehicle networks.
The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
arXiv Detail & Related papers (2021-06-15T06:12:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.