TY - GEN
T1 - Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm
AU - Odeski, Ilia
AU - Segal, Michael
N1 - Publisher Copyright:
© 2021, Springer Nature Singapore Pte Ltd.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.
AB - With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.
KW - Anomaly detection
KW - CAN bus
KW - Pattern matching
UR - http://www.scopus.com/inward/record.url?scp=85102503341&partnerID=8YFLogxK
U2 - 10.1007/978-981-16-0422-5_13
DO - 10.1007/978-981-16-0422-5_13
M3 - Conference contribution
AN - SCOPUS:85102503341
SN - 9789811604218
T3 - Communications in Computer and Information Science
SP - 180
EP - 196
BT - Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers
A2 - Thampi, Sabu M.
A2 - Wang, Guojun
A2 - Rawat, Danda B.
A2 - Ko, Ryan
A2 - Fan, Chun-I
PB - Springer Science and Business Media Deutschland GmbH
T2 - 8th International Symposium on Security in Computing and Communications, SSCC 2020
Y2 - 14 October 2020 through 17 October 2020
ER -