|Title||SAIDuCANT: Specification-based Automotive Intrusion Detection using Controller Area Network (CAN) Timing|
|Publication Type||Journal Articles|
|Authors||Olufowobi, H., C. Young, J. Zambreno, and G. Bloom|
|Journal||IEEE Transactions on Vehicular Technology|
The proliferation of embedded devices in modern vehicles has opened the traditionally-closed vehicular system to the risk of cybersecurity attacks through physical and remote access to the in-vehicle network such as the controller area network (CAN). The CAN bus does not implement a security protocol that can protect the vehicle against the increasing cyber and physical attacks. To address this risk, we introduce a novel algorithm to extract the real-time model parameters of the CAN bus and develop SAIDuCANT, a specification-based intrusion detection system (IDS) using anomaly-based supervised learning with the real-time model as input.We evaluate the effectiveness of SAIDuCANT with real CAN logs collected from two passenger cars and on an open source CAN dataset collected from real-world scenarios. Experimental results show that SAIDuCANT can effectively detect data injection attacks with low false positive rates and outperforms other detection approaches using the timing features of CAN messages.