Search for: All records

{"Abstract":["Modern commercial vehicles are required by law to be equipped with\n Electronic Logging Devices (ELDs) in an effort to make it easier to track,\n manage, and share records of duty status (RODS) data. Research has shown\n that integration of third-party ELDs into commercial trucks can introduce\n a significant cybersecurity risk. This includes the ability of nefarious\n actors to modify firmware on ELDs to gain the ability to arbitrarily write\n messages to the Controller Area Network (CAN) within the vehicle.\n Additionally, a proof-of-concept self-propagating truck-to-truck worm has\n been demonstrated.  This dataset was collected during controlled\n testing on a Kenworth T270 Class 6 truck with a commercially available\n ELD, during which the firmware on the ELD was replaced remotely over a\n Wi-Fi connection from an adjacently driving passenger vehicle. The\n compromised ELD then gained the ability to perform arbitrary CAN message\n writes of the attacker’s choice. The dataset contains CAN traffic in the\n `candump` format collected using the Linux `socketcan` tool. \n After taking control of the ELD, the attacker writes Torque Speed control\n messages onto the CAN network, impersonating the Transmission Control\n Module (TCM). These messages command the Engine Control Module (ECM) to\n request 0% torque output, effectively disabling the driver’s control of\n the accelerator and forcing the truck to idle."],"TechnicalInfo":["## Attack data for electronic logging device vulnerability for medium and\n heavy duty vehicles ## Dataset Overview This dataset contains Controller\n Area Network (CAN) logs captured using `candump` from the **SocketCAN**\n framework during a remote drive-by attack on an electronic logging device\n (ELD). The attack is detailed as a public advisory through CISA at:\n [https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01](https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01). The logs are in a traditional `.log` format, preserving raw CAN messages, timestamps, and metadata. This dataset is intended for research, forensic analysis, anomaly detection, and reverse engineering of vehicular communication networks. ## File Format Each `.log` file follows the standard `candump` output format: ``` (1623847291.123456) can0 0CF00400 [8] FF FF FF FF FF FF FF FF ``` ### Explanation: * **Timestamps** (`(1623847291.123456)`) – Epoch time with microsecond precision. * **CAN Interface** (`can0`) – The name of the CAN bus interface used for capturing. * **CAN ID** (`0CF00400`) – The hexadecimal identifier of the CAN frame. * **DLC** (`[8]`) – Data Length Code, indicating the number of bytes in the data field. * **Data** (`FF FF FF FF FF FF FF FF`) – The payload transmitted in the CAN message. ## Dataset Contents * `Wireless_Pedal_Jam.log` – Raw CAN logs collected on a specific date. ## Capture Environment * **Hardware Used**: SocketCAN * **Software Used**: `candump` from the `can-utils` package on Linux. * **Vehicle/System**: 2014 Kenworth T270 * **Bus Type**: J1939 ## Usage To analyze the dataset, you can use the following tools: * **`candump`** (for live monitoring) * **`canplayer`** (to replay logs) * **`can-utils`** (`cansniffer`, `canbusload`, `canlogserver`, etc.) * **Python with `python-can`** (for programmatic parsing) * **Wireshark** (for visualization) ### Example Commands #### Replaying the Log File ``` canplayer -I dataset_YYYYMMDD.log ``` #### Filtering Messages by CAN ID: ``` cat dataset_YYYYMMDD.log | grep "0CF00400" ``` #### Converting Logs to CSV **Using Python:** ``` import pandas as pd log_file = "dataset_YYYYMMDD.log" data = [] with open(log_file, "r") as f: for line in f: parts = line.strip().split() if len(parts) >= 5: timestamp = parts[0].strip("()") interface = parts[1] can_id = parts[2] dlc = parts[3].strip("[]") data_bytes = " ".join(parts[4:]) data.append([timestamp, interface, can_id, dlc, data_bytes]) df = pd.DataFrame(data, columns=["Timestamp", "Interface", "CAN_ID", "DLC", "Data"]) df.to_csv("dataset.csv", index=False) ```"]}