A Real-time Anomaly-based Intrusion Detection System for Automotive Controller Area Networks

Abstract

The Controller Area Network (CAN) is the most pervasive in-vehiclenetwork technology in cars. However, since CAN was designed with no securityconcerns, solutions to mitigate cyber attacks on CAN networks have been pro-posed. Prior works have shown that detecting anomalies in the CAN networktraffic is a promising solution for increasing vehicle security. One of the mainchallenges in preventing a malicious CAN frame transmission is to be able todetect the anomaly before the end of the frame. This paper presents a real-timeanomaly-based Intrusion Detection System (IDS) capable of meeting this dead-line by using the Isolation Forest detection algorithm implemented in a hardwaredescription language. A true positive rate higher than 99% is achieved in testscenarios. The system requires less than 1μs to evaluate a frame’s payload, thusbeing able to detect the anomaly before the end of the frame.