Abstract
Because of the rapid development of automobile intelligence and networking, cyber attackers can invade the vehicle network via wired and wireless interfaces, such as physical interfaces, short-range wireless interfaces, and long-range wireless interfaces. Thus, interfering with regular driving will immediately jeopardises the drivers’ and passengers’ personal and property safety. To accomplish security protection for the vehicle CAN (Controller Area Network) bus, we propose an anomaly detection method by calculating the information entropy based on the number of interval messages during the sliding window. It detects periodic attacks on the vehicle CAN bus, such as replay attacks and flooding attacks. First, we calculate the number of interval messages according to the CAN bus baud rate, the number of bits of a single frame message, and the time required to calculate information entropy within the window. Second, we compute the window information entropy of regular packet interval packets and determine the normal threshold range by setting a threshold coefficient. Finally, we calculate the information entropy of the data to be measured, determine whether it is greater than or less than the threshold, and detect the anomaly. The experiment uses CANoe software to simulate the vehicle network. It uses the body frame CAN bus network of a brand automobile body bench as the regular network, simulates attack nodes to attack the regular network periodically, collects message data, and verifies the proposed detection method. The results show that the proposed detection method has lower false-negative and false-positive rates for attack scenarios such as replay attacks and flood attacks across different attack cycles.
A Vehicle Can Bus Anomaly Detection Method for Periodic Attacks Based on the Entropy Model