CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus
- URL: http://arxiv.org/abs/2507.14739v1
- Date: Sat, 19 Jul 2025 20:09:52 GMT
- Title: CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus
- Authors: Franco Oberti, Stefano Di Carlo, Alessandro Savino,
- Abstract summary: This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
- Score: 45.24207460381396
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: The Controller Area Network (CAN) protocol, essential for automotive embedded systems, lacks inherent security features, making it vulnerable to cyber threats, especially with the rise of autonomous vehicles. Traditional security measures offer limited protection, such as payload encryption and message authentication. This paper presents a novel Intrusion Detection System (IDS) designed for the CAN environment, utilizing Hardware Performance Counters (HPCs) to detect anomalies indicative of cyber attacks. A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks, which trigger distinct HPC responses. Key HPC features are optimized through data extraction and correlation analysis to enhance classification efficiency. Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
Related papers
- CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z) - An Anomaly Detection System Based on Generative Classifiers for Controller Area Network [7.537220883022467]
Modern vehicles are susceptible to various types of attacks, enabling attackers to gain control and compromise safety-critical systems.<n>Several Intrusion Detection Systems (IDSs) have been proposed in the literature to detect such cyber-attacks on vehicles.<n>This paper introduces a novel generative classifier-based IDS for anomaly detection in automotive networks.
arXiv Detail & Related papers (2024-12-28T19:59:33Z) - SISSA: Real-time Monitoring of Hardware Functional Safety and
Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security.
Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication.
Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Deep Learning-based Embedded Intrusion Detection System for Automotive
CAN [12.084121187559864]
Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective.
We propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator.
Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates.
arXiv Detail & Related papers (2024-01-19T13:13:38Z) - GCNIDS: Graph Convolutional Network-Based Intrusion Detection System for CAN Bus [0.0]
We present an innovative approach to intruder detection within the CAN bus, leveraging Graph Convolutional Network (GCN) techniques.
Our experimental findings substantiate that the proposed GCN-based method surpasses existing IDSs in terms of accuracy, precision, and recall.
Our proposed approach holds significant potential in fortifying the security and safety of modern vehicles.
arXiv Detail & Related papers (2023-09-18T21:42:09Z) - X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network [6.68111081144141]
X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database.
X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase.
arXiv Detail & Related papers (2023-03-22T03:11:02Z) - Reinforcement Learning based Cyberattack Model for Adaptive Traffic
Signal Controller in Connected Transportation Systems [61.39400591328625]
In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time.
This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes.
One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network.
An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
arXiv Detail & Related papers (2022-10-31T20:12:17Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.