Detection of Message Injection Attacks onto the CAN Bus using Similarity of Successive Messages-Sequence Graphs

by   Mubark Jedh, et al.

The smart features of modern cars are enabled by a number of Electronic Control Units (ECUs) components that communicate through an in-vehicle network, known as Controller Area Network (CAN) bus. The fundamental challenge is the security of the communication link where an attacker can inject messages (e.g., increase the speed) that may impact the safety of the driver. Developing an effective defensive security solution depends on the knowledge of the identity of the ECUs, which is proprietary information. This paper proposes a message injection attack detection mechanism that is independent of the IDs of the ECUs, which is achieved by capturing the patterns in the message sequences. First, we represent the sequencing ofther messages in a given time-interval as a direct graph and compute the similarities of the successive graphs using the cosine similarity and Pearson correlation. Then, we apply threshold, change point detection, and Long Short-Term Memory (LSTM)-Recurrent NeuralNetwork (RNN) to detect and predict malicious message injections into the CAN bus. The evaluation of the methods using a dataset collected from a moving vehicle under malicious RPM and speed reading message injections show a detection accuracy of 98.45 the pace of detecting the change isfast for the case of injection of RPM reading messagesbut slow for the case of injection of speed readingsmessages.


page 6

page 8

page 13


An Entropy Analysis based Intrusion Detection System for Controller Area Network in Vehicles

Dozens of Electronic Control Units (ECUs) can be found on modern vehicle...

Anomaly Detection in Intra-Vehicle Networks

The progression of innovation and technology and ease of inter-connectiv...

An Adversarial Attack Defending System for Securing In-Vehicle Networks

In a modern vehicle, there are over seventy Electronics Control Units (E...

Towards a CAN IDS based on a neural-network data field predictor

Modern vehicles contain a few controller area networks (CANs), which all...

Electromagnetic Signal Injection Attacks on Differential Signaling

Differential signaling is a method of data transmission that uses two co...

Malicious Code Detection: Run Trace Output Analysis by LSTM

Malicious software threats and their detection have been gaining importa...

Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security

Third-party dongles for cars, e.g. from insurance companies, can extract...

Please sign up or login with your details

Forgot password? Click here to reset