TitleSAIDuCANT: Specification-based Automotive Intrusion Detection using Controller Area Network (CAN) Timing
Publication TypeJournal Articles
AuthorsOlufowobi, H., C. Young, J. Zambreno, and G. Bloom
JournalIEEE Transactions on Vehicular Technology
Date PublishedFebruary

The proliferation of embedded devices in modern vehicles has opened the traditionally-closed vehicular system to the risk of cybersecurity attacks through physical and remote access to the in-vehicle network such as the controller area network (CAN). The CAN bus does not implement a security protocol that can protect the vehicle against the increasing cyber and physical attacks. To address this risk, we introduce a novel algorithm to extract the real-time model parameters of the CAN bus and develop SAIDuCANT, a specification-based intrusion detection system (IDS) using anomaly-based supervised learning with the real-time model as input.We evaluate the effectiveness of SAIDuCANT with real CAN logs collected from two passenger cars and on an open source CAN dataset collected from real-world scenarios. Experimental results show that SAIDuCANT can effectively detect data injection attacks with low false positive rates and outperforms other detection approaches using the timing features of CAN messages.

Paper attachments: