Inter-Message Correlation for Intrusion Detection in Controller Area Networks

Abstract

Electronic Control Units (ECUs) exchange data via in-vehicle network protocols such as the Controller Area Network (CAN) protocol. These protocols do not encrypt data or authenticate messages since they were designed for an isolated network. Many studies have developed Intrusion Detection Systems (IDSs) that fingerprint each ECU to secure the CAN protocol. These IDSs, however, cannot detect an attack in which an adversary spoofs sensor measurements or control signals in a message without changing the transmitter of that message. In order to detect such attacks, we develop a motion-based IDS (MIDS) that exploits the correlation between messages that convey the same information of a vehicles movement, such as vehicle speed. We also introduce a new metric to quantify the effectiveness of MIDS. We evaluate MIDS using CAN data from two real vehicles by demonstrating that MIDS can detect the attacks on the CAN bus or ECUs.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2019
Accession Number
AD1106881

Entities

People

  • Linda Bushnell
  • Radha Poovendran
  • Sang U. Sagong

Organizations

  • University of Washington

Tags

Communities of Interest

  • Cyber
  • Sensors

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Communication Systems
  • Computers
  • Data Links
  • Detection
  • Detectors
  • Gaussian Distributions
  • Identification
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Measurement
  • Operating Systems
  • Physical Properties
  • Probability
  • Transmitters
  • Vehicles
  • Wireless Communications

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Materials Science.
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • Microelectronics
  • Microelectronics - Microelectromechanical Systems