Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm

Ilia Odeski; Michael Segal

doi:https://doi.org/10.1007/978-981-16-0422-5_13

Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm

Ilia Odeski, Michael Segal

Ben-Gurion University of the Negev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.

Original language	American English
Title of host publication	Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers
Editors	Sabu M. Thampi, Guojun Wang, Danda B. Rawat, Ryan Ko, Chun-I Fan
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	180-196
Number of pages	17
ISBN (Print)	9789811604218
DOIs	https://doi.org/10.1007/978-981-16-0422-5_13
State	Published - 1 Jan 2021
Event	8th International Symposium on Security in Computing and Communications, SSCC 2020 - Chennai, India Duration: 14 Oct 2020 → 17 Oct 2020

Publication series

Name	Communications in Computer and Information Science
Volume	1364

Conference

Conference	8th International Symposium on Security in Computing and Communications, SSCC 2020
Country/Territory	India
City	Chennai
Period	14/10/20 → 17/10/20

Keywords

Anomaly detection
CAN bus
Pattern matching

All Science Journal Classification (ASJC) codes

General Computer Science
General Mathematics

Access to Document

https://doi.org/10.1007/978-981-16-0422-5_13

Cite this

Odeski, I., & Segal, M. (2021). Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. In S. M. Thampi, G. Wang, D. B. Rawat, R. Ko, & C-I. Fan (Eds.), Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers (pp. 180-196). (Communications in Computer and Information Science; Vol. 1364). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-16-0422-5_13

Odeski, Ilia ; Segal, Michael. / Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers. editor / Sabu M. Thampi ; Guojun Wang ; Danda B. Rawat ; Ryan Ko ; Chun-I Fan. Springer Science and Business Media Deutschland GmbH, 2021. pp. 180-196 (Communications in Computer and Information Science).

@inproceedings{9fc5a4a87f1b4b2bab181246dd1f2ef2,

title = "Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm",

abstract = "With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.",

keywords = "Anomaly detection, CAN bus, Pattern matching",

author = "Ilia Odeski and Michael Segal",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Singapore Pte Ltd.; 8th International Symposium on Security in Computing and Communications, SSCC 2020 ; Conference date: 14-10-2020 Through 17-10-2020",

year = "2021",

month = jan,

day = "1",

doi = "https://doi.org/10.1007/978-981-16-0422-5_13",

language = "American English",

isbn = "9789811604218",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "180--196",

editor = "Thampi, {Sabu M.} and Guojun Wang and Rawat, {Danda B.} and Ryan Ko and Chun-I Fan",

booktitle = "Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers",

address = "Germany",

}

Odeski, I & Segal, M 2021, Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. in SM Thampi, G Wang, DB Rawat, R Ko & C-I Fan (eds), Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers. Communications in Computer and Information Science, vol. 1364, Springer Science and Business Media Deutschland GmbH, pp. 180-196, 8th International Symposium on Security in Computing and Communications, SSCC 2020, Chennai, India, 14/10/20. https://doi.org/10.1007/978-981-16-0422-5_13

Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. / Odeski, Ilia; Segal, Michael.
Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers. ed. / Sabu M. Thampi; Guojun Wang; Danda B. Rawat; Ryan Ko; Chun-I Fan. Springer Science and Business Media Deutschland GmbH, 2021. p. 180-196 (Communications in Computer and Information Science; Vol. 1364).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm

AU - Odeski, Ilia

AU - Segal, Michael

PY - 2021/1/1

Y1 - 2021/1/1

N2 - With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.

AB - With recent advances of the automotive industry, advanced systems have been integrated at in-vehicle communication. However, with the change of perception to data sharing instead of standalone systems, the susceptibility to systemic vulnerability increases. The automotive intra-communication is based on the CAN (Connected Area Network) network protocol. Many types of research have analyzed the protocol's vulnerability to various types of cyber-attacks, and its implications on vehicle systems, with emphasis on safety systems. Research has found that the communication system is not immune to various types of attacks, thus providing access to crucial functions of the vehicle. This paper explores the design and implementation of intrusion detection method in intra-vehicle communication, which aims to identify malicious CAN messages. Based on the historical traffic rate, the algorithm uses a KMP approximate string-matching. Through theoretical analysis and experiments carried out on a real CAN dataset with different attack scenarios, we received very high performance during high and medium intensity attacks. To the best of our knowledge, this work is the first study that applies the KMP approximate pattern matching to IDS for the in-vehicle network security.

KW - Anomaly detection

KW - CAN bus

KW - Pattern matching

UR - http://www.scopus.com/inward/record.url?scp=85102503341&partnerID=8YFLogxK

U2 - https://doi.org/10.1007/978-981-16-0422-5_13

DO - https://doi.org/10.1007/978-981-16-0422-5_13

M3 - Conference contribution

SN - 9789811604218

T3 - Communications in Computer and Information Science

SP - 180

EP - 196

BT - Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers

A2 - Thampi, Sabu M.

A2 - Wang, Guojun

A2 - Rawat, Danda B.

A2 - Ko, Ryan

A2 - Fan, Chun-I

PB - Springer Science and Business Media Deutschland GmbH

T2 - 8th International Symposium on Security in Computing and Communications, SSCC 2020

Y2 - 14 October 2020 through 17 October 2020

ER -

Odeski I, Segal M. Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm. In Thampi SM, Wang G, Rawat DB, Ko R, Fan C-I, editors, Security in Computing and Communications - 8th International Symposium, SSCC 2020, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2021. p. 180-196. (Communications in Computer and Information Science). doi: https://doi.org/10.1007/978-981-16-0422-5_13

Anomaly Detection in CAN-BUS Using Pattern Matching Algorithm

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this