Practical Approaches for Detecting DoS Attacks on CAN Network
Published April 3, 2018 by SAE International in United States
Downloadable datasets for this paper availableAnnotation of this paper is available
Some of the recent studies reveal that it is possible to access the in-vehicle networks and inject malicious messages to alter the behavior of the vehicle. Researchers have shown that, it is possible to hack a car’s communication network and remotely take control of brake, steering, power window systems, etc. Hence, it becomes inevitable to implement schemes that detect anomalies and prevent attacks on Controller Area Network (CAN). Our work explores the complete anomaly detection process for CAN. We cover the techniques followed, available tools and challenges at every stage. Beginning with what makes CAN protocol vulnerable, we discuss case studies about attacks on CAN with major focus on Denial of Service (DoS) attack. We analyze the pattern of normal CAN messages obtained from real vehicle, along with patterns of simulated attack data using different methods/tools. The work in this paper presents a statistical data analysis based machine learning algorithm with two approaches “time-based” and “message-based” to detect DoS attack on CAN bus. Comparative analysis of observations and accuracy results are highlighted. The average accuracy obtained for “time-based” approach is 81% while that for “message-based” is 80%.
CitationKalyanasundaram, P., Kareti, V., Sambranikar, M., SS, N. et al., "Practical Approaches for Detecting DoS Attacks on CAN Network," SAE Technical Paper 2018-01-0019, 2018, https://doi.org/10.4271/2018-01-0019.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
- Johansson, K.H., Törngren, M., and Nielsen, L., “Vehicle Applications of Controller Area Network,” . In: Handbook of Networked and Embedded Control Systems. (2005), 741-765.
- Tobias, H., Stefan, K., and Jana, D., “Security Threats to Automotive CAN Networks-Practical Examples and Selected Short-Term Countermeasures,” in M.D.Harrison, S.Mark-Alexander, editors, Computer Safety, Reliability, and Security, Proceedings of the 27th international conference SAFECOMP 2008, Newcastle, UK, September 2008, vol. 5219. Springer LNCS, 2008, 235-48.
- Koscher, K., Czeskis, A., Roesner, F., Patel, S. et al., “Experimental Security Analysis of a Modern Automobile,” in 2010 IEEE Symposium on Security and Privacy.
- Miller, C. and Valasek, C., “Remote Exploitation of an Unaltered Passenger Vehicle,” Black Hat USA 2015, 2015.
- Miller, C. and Valasek, C., “Adventures in Automotive Networks and Control Units,” DEF CON 21:260-264, 2013.
- Jafarnejad, S., Codeca, L., Bronzi, W., Frank, R. et al., “A Car Hacking Experiment: When Connectivity Meets Vulnerability,” in Globecom Workshops (GC Wkshps), 2015 IEEE. IEEE, 2015, 1-6.
- Hoppe, T., Kiltz, S., and Dittmann, J., “Applying Intrusion Detection to Automotive it-Early Insights and Remaining Challenges,” Journal of Information Assurance and Security (JIAS) 4(6):226-235, 2009.
- Sonalker, A. and Sherman, D., “Temporal Anomaly Detection on Automotive Networks,” U.S. Patent Application 14/857,098, filed September 17, 2015.
- Harris, B., Sonalker, A., and Mayhew, K., “Anomaly Detection for Vehicular Networks for Intrusion and Malfunction Detection,” U.S. Patent Application 14/857,016, filed September 17, 2015.
- Lim, K.L.A., “Method and System for Anomaly Detection Using a Collective Set of Unsupervised Machine-Learning Algorithms,” U.S. Patent Application 11/449,533, filed June 8, 2006.
- Rohde, K.W., Chugg, J.P., Wade, A.N., Reed, O.R. et al., “Apparatuses and Methods for Security in Broadcast Serial Buses,” U.S. Patent Application 14/965,341, filed December 10, 2015.
- Moeller, D.S., Pashby, R.W., Obrien, D.J., Merritt, J.M. et al., “Electronic Control Unit with Vehicle Intrusion Detection,” U.S. Patent Application 14/278,160, filed May 15, 2014.
- Studnia, I., Nicomette, V., Alata, E., Deswarte, Y. et al., “Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks,” in 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W). IEEE, 2013, 1-12.
- Herrewege, V., Anthony, D.S., and Verbauwhede, I., “CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN Bus,” in ECRYPT Workshop on Lightweight Cryptography, Vol. 2011, 2011.
- Florez-Larrahondo, G., Liu, Z., Dandass, Y.S., Bridges, S.M., and Vaughn, R., “Integrating Intelligent Anomaly Detection Agents into Distributed Monitoring Systems,” Journal of Information Assurance and Security 1(1):59-77, 2006.
- Freescale Semiconductor, Inc., “Bosch Controller Area Network (CAN) Version 2.0,” Protocol Standard.