skip to main content


Title: A Framework for Consistent and Repeatable Controller Area Network IDS Evaluation
The landscape of automotive vehicle attack surfaces continues to grow, and vulnerabilities in the controller area network (CAN) expose vehicles to cyber-physical risks and attacks that can endanger the safety of passengers and pedestrians. Intrusion detection systems (IDS) for CAN have emerged as a key mitigation approach for these risks, but uniform methods to compare proposed IDS techniques are lacking. In this paper, we present a framework for comparative performance analysis of state-of-the-art IDSs for CAN bus to provide a consistent methodology to evaluate and assess proposed approaches. This framework relies on previously published datasets comprising message logs recorded from a real vehicle CAN bus coupled with traditional classifier performance metrics to reduce the discrepancies that arise when comparing IDS approaches from disparate sources.  more » « less
Award ID(s):
2046705 2001789
PAR ID:
10396686
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Fourth International Workshop on Automotive and Autonomous Vehicle Security
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Modern vehicle is considered as a system vulnerable to attacks because it is connected to the outside world via a wireless interface. Although, connectivity provides more convenience and features to the passengers, however, it also becomes a pathway for the attackers targeting in-vehicle networks. Research in vehicle security is getting attention as in-vehicle attacks can impact human life safety as modern vehicle is connected to the outside world. Controller area network (CAN) is used as a legacy protocol for in-vehicle communication, However, CAN suffers from vulnerabilities due to lack of authentication, as the information about sender is missing in CAN message. In this paper, a new CAN intrusion detection system (IDS) is proposed, the CAN messages are converted to temporal graphs and CAN intrusion is detected using machine learning algorithms. Seven graph-based properties are extracted and used as features for detecting intrusions utilizing two machine learning algorithms which are support vector machine (SVM) & k-nearest neighbors (KNN). The performance of the IDS was evaluated over three CAN bus attacks are denial of service (DoS), fuzzy & spoofing attacks on real vehicular CAN bus dataset. The experimental results showed that using graph-based features, an accuracy of 97.92% & 97.99% was achieved using SVM & KNN algorithms respectively, which is better than using traditional machine learning CAN bus features. 
    more » « less
  2. Exclusive bus lane strategy is widely adopted in many cities to improve bus operation effciency and reliability. With the development of connected vehicle technologies, the dynamic bus lane (DBL) strategy was proposed, with allowing general vehicles to share use of the bus lane to improve traffc effciency in general purpose lanes (GPLs). Previous studies have rarely considered the eco-driving strategy of connected and automated vehicles/buses (CAVs/CABs) in GPLs under the mixed traffc conditions, and how to ensure bus priority with DBL control. In this study, a novel DBL control strategy was developed under the partially connected vehicle environment. A trajectory planning method while considering the joint effects of bus stop and signal phase for CAB was adopted, an eco-driving strategy for CAVs in GPL was proposed using a trigonometry trajectory planning method. And a novel DBL control method was established by integrated trajectory planning for both the CAVs and CABs to ensure bus operation priority. Numerical experiments were conducted to evaluate performance of the proposed novel DBL control in terms of travel time and energy consumption of general vehicles at the different levels of CAV market penetration rates (MPRs). Results indicated that about 16%-42% energy savings can be achieved with MPR varying from 20% to 100%, and the travel time can be improved by about 4%-10%. Meanwhile, sensitivity analysis was conducted to quantify the impacts of key parameters, including vehicle target speeds, heterogeneous traffc fow, random arrival interval of cars, position of bus stop, traffc volume in GPL 
    more » « less
  3. Modern smart vehicles have a Controller Area Network (CAN) that supports intra-vehicle communication between intelligent Electronic Control Units (ECUs). The CAN is known to be vulnerable to various cyber attacks. In this paper, we propose a unified framework that can detect multiple types of cyber attacks (viz., Denial of Service, Fuzzy, Impersonation) affecting the CAN. Specifically, we construct a feature by observing the timing information of CAN packets exchanged over the CAN bus network over partitioned time windows to construct a low dimensional representation of the entire CAN network as a time series latent space. Then, we apply a two tier anomaly based intrusion detection model that keeps track of short term and long term memory of deviations in the initial time series latent space, to create a 'stateful latent space'. Then, we learn the boundaries of the benign stateful latent space that specify the attack detection criterion. To find hyper-parameters of our proposed model, we formulate a preference based multi-objective optimization problem that optimizes security objectives tailored for a network-wide time series anomaly based intrusion detector by balancing trade-offs between false alarm count, time to detection, and missed detection rate. We use real benign and attack datasets collected from a Kia Soul vehicle to validate our framework and show how our performance outperforms existing works. 
    more » « less
  4. Piskac, Ruzica ; Voronkov, Andrei (Ed.)
    Neural networks have become critical components of reactive systems in various do- mains within computer science. Despite their excellent performance, using neural networks entails numerous risks that stem from our lack of ability to understand and reason about their behavior. Due to these risks, various formal methods have been proposed for verify- ing neural networks; but unfortunately, these typically struggle with scalability barriers. Recent attempts have demonstrated that abstraction-refinement approaches could play a significant role in mitigating these limitations; but these approaches can often produce net- works that are so abstract, that they become unsuitable for verification. To deal with this issue, we present CEGARETTE, a novel verification mechanism where both the system and the property are abstracted and refined simultaneously. We observe that this approach allows us to produce abstract networks which are both small and sufficiently accurate, allowing for quick verification times while avoiding a large number of refinement steps. For evaluation purposes, we implemented CEGARETTE as an extension to the recently proposed CEGAR-NN framework. Our results are highly promising, and demonstrate a significant improvement in performance over multiple benchmarks. 
    more » « less
  5. With the growing adoption of unmanned aerial vehicles (UAVs) across various domains, the security of their operations is paramount. UAVs, heavily dependent on GPS navigation, are at risk of jamming and spoofing cyberattacks, which can severely jeopardize their performance, safety, and mission integrity. Intrusion detection systems (IDSs) are typically employed as defense mechanisms, often leveraging traditional machine learning techniques. However, these IDSs are susceptible to adversarial attacks that exploit machine learning models by introducing input perturbations. In this work, we propose a novel IDS for UAVs to enhance resilience against such attacks using generative adversarial networks (GAN). We also comprehensively study several evasion-based adversarial attacks and utilize them to compare the performance of the proposed IDS with existing ones. The resilience is achieved by generating synthetic data based on the identified weak points in the IDS and incorporating these adversarial samples in the training process to regularize the learning. The evaluation results demonstrate that the proposed IDS is significantly robust against adversarial machine learning based attacks compared to the state-of-the-art IDSs while maintaining a low false positive rate. 
    more » « less