Application-Layer Anomaly Detection Leveraging Time-Series Physical Semantics in CAN-FD Vehicle Networks
-
Published:2024-01-16
Issue:2
Volume:13
Page:377
-
ISSN:2079-9292
-
Container-title:Electronics
-
language:en
-
Short-container-title:Electronics
Author:
Zhao Rui1, Luo Cheng2, Gao Fei13ORCID, Gao Zhenhai13, Li Longyi1, Zhang Dong4, Yang Wengang5
Affiliation:
1. College of Automotive Engineering, Jilin University, Changchun 130025, China 2. School of Automotive Studies, Tongji University, Shanghai 201804, China 3. State Key Laboratory of Automotive Simulation and Control, Jilin University, Changchun 130025, China 4. Department of Mechanical and Aerospace Engineering, Brunel University London, Uxbridge UB8 3PH, UK 5. Ji Hua Laboratory, Foshan 528251, China
Abstract
The Controller Area Network with Flexible Data-Rate (CAN-FD) bus is the predominant in-vehicle network protocol, responsible for transmitting crucial application semantic signals. Due to the absence of security measures, CAN-FD is vulnerable to numerous cyber threats, particularly those altering its authentic physical values. This paper introduces Physical Semantics-Enhanced Anomaly Detection (PSEAD) for CAN-FD networks. Our framework effectively extracts and standardizes the genuine physical meaning features present in the message data fields. The implementation involves a Long Short-Term Memory (LSTM) network augmented with a self-attention mechanism, thereby enabling the unsupervised capture of temporal information within high-dimensional data. Consequently, this approach fully exploits contextual information within the physical meaning features. In contrast to the non-physical semantics-aware whole frame combination detection method, our approach is more adept at harnessing the physical significance inherent in each segment of the message. This enhancement results in improved accuracy and interpretability of anomaly detection. Experimental results demonstrate that our method achieves a mere 0.64% misclassification rate for challenging-to-detect replay attacks and zero misclassifications for DoS, fuzzing, and spoofing attacks. The accuracy has been enhanced by over 4% in comparison to existing methods that rely on byte-level data field characterization at the data link layer.
Funder
National Natural Science Foundation of China
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference39 articles.
1. Lin, C.W., and Sangiovanni-Vincentelli, A. (2012, January 14–16). Cyber-security for the controller area network (CAN) communication protocol. Proceedings of the 2012 International Conference on Cyber Security, Alexandria, VA, USA. 2. Lee, H., Jeong, S.H., and Kim, H.K. (2017, January 28–30). OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust (PST), Calgary, AB, Canada. 3. Improving CAN bus security by assigning dynamic arbitration IDs;Islam;J. Transp. Secur.,2020 4. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., and Shacham, H. (2010, January 16–19). Experimental security analysis of a modern automobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA. 5. Hackers remotely kill a jeep on the highway—With me in it;Greenberg;Wired,2015
|
|