Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm

Ilia Odeski, Michael Segal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.

Original languageAmerican English
Title of host publicationSecurity in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers
EditorsSabu M. Thampi, Guojun Wang, Danda B. Rawat, Ryan Ko, Chun-I Fan
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages17
ISBN (Print)9789811604218
StatePublished - 1 Jan 2021
Event8th International Symposium on Security in Computing and Communications, SSCC 2020 - Chennai, India
Duration: 14 Oct 202017 Oct 2020

Publication series

NameCommunications in Computer and Information Science


Conference8th International Symposium on Security in Computing and Communications, SSCC 2020


  • Anomaly detection
  • CAN bus
  • Pattern matching

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • General Mathematics


Dive into the research topics of 'Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm'. Together they form a unique fingerprint.

Cite this