A Vehicle Can Bus Anomaly Detection Method for Periodic Attacks Based on the Entropy Model

Abstract Because of the rapid development of automobile intelligence and networking, cyber attackers can invade the vehicle network via wired and wireless interfaces, such as physical interfaces, short-range wireless interfaces, and long-range wireless interfaces. Thus, interfering with regular driving will immediately jeopardises the drivers’ and passengers’ personal and property safety. To accomplish security protection for the vehicle CAN (Controller Area Network) bus, we propose an anomaly detection method by calculating the information entropy based on the number of interval messages during the sliding window. It detects periodic attacks on the vehicle CAN bus, such as replay attacks and flooding attacks. First, we calculate the number of interval messages according to the CAN bus baud rate, the number of bits of a single frame message, and the time required to calculate information entropy within the window. Second, we compute the window information entropy of regular packet interval packets and determine the normal threshold range by setting a threshold coefficient. Finally, we calculate the information entropy of the data to be measured, determine whether it is greater than or less than the threshold, and detect the anomaly. The experiment uses CANoe software to simulate the vehicle network. It uses the body frame CAN bus network of a brand automobile body bench as the regular network, simulates attack nodes to attack the regular network periodically, collects message data, and verifies the proposed detection method. The results show that the proposed detection method has lower false-negative and false-positive rates for attack scenarios such as replay attacks and flood attacks across different attack cycles.

Download Full-text

Anomaly Detection of CAN Bus Messages Using A Deep Neural Network for Autonomous Vehicles

Applied Sciences ◽

10.3390/app9153174 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3174 ◽

Cited By ~ 5

Author(s):

Zhou ◽

Li ◽

Shen

Keyword(s):

Neural Network ◽

Anomaly Detection ◽

Autonomous Vehicles ◽

Deep Neural Network ◽

Can Bus ◽

Detection Accuracy ◽

Area Network ◽

Data Packets ◽

Essential Components ◽

Triplet Loss

The in-vehicle controller area network (CAN) bus is one of the essential components for autonomous vehicles, and its safety will be one of the greatest challenges in the field of intelligent vehicles in the future. In this paper, we propose a novel system that uses a deep neural network (DNN) to detect anomalous CAN bus messages. We treat anomaly detection as a cross-domain modelling problem, in which three CAN bus data packets as a group are directly imported into the DNN architecture for parallel training with shared weights. After that, three data packets are represented as three independent feature vectors, which corresponds to three different types of data sequences, namely anchor, positive and negative. The proposed DNN architecture is an embedded triplet loss network that optimizes the distance between the anchor example and the positive example, makes it smaller than the distance between the anchor example and the negative example, and realizes the similarity calculation of samples, which were originally used in face detection. Compared to traditional anomaly detection methods, the proposed method to learn the parameters with shared-weight could improve detection efficiency and detection accuracy. The whole detection system is composed of the front-end and the back-end, which correspond to deep network and triplet loss network, respectively, and are trainable in an end-to-end fashion. Experimental results demonstrate that the proposed technology can make real-time responses to anomalies and attacks to the CAN bus, and significantly improve the detection ratio. To the best of our knowledge, the proposed method is the first used for anomaly detection in the in-vehicle CAN bus.

Download Full-text

Application of Controller Area Network (CAN) bus anomaly detection based on time series prediction

Vehicular Communications ◽

10.1016/j.vehcom.2020.100291 ◽

2021 ◽

Vol 27 ◽

pp. 100291

Author(s):

Hongmao Qin ◽

Mengru Yan ◽

Haojie Ji

Keyword(s):

Time Series ◽

Anomaly Detection ◽

Can Bus ◽

Time Series Prediction ◽

Controller Area Network ◽

Area Network

Download Full-text

Gyro anomaly detection method based on information entropy

10.1109/phm-nanjing52125.2021.9612796 ◽

2021 ◽

Author(s):

Guan Wu ◽

Rui Chen ◽

Hailong Zhang ◽

Jun Chen ◽

Xing Hu

Keyword(s):

Anomaly Detection ◽

Information Entropy ◽

Detection Method

Download Full-text

Attacks to Automatous Vehicles: A Deep Learning Algorithm for Cybersecurity

Sensors ◽

10.3390/s22010360 ◽

2022 ◽

Vol 22 (1) ◽

pp. 360

Author(s):

Theyazn H. H. Aldhyani ◽

Hasan Alkahtani

Keyword(s):

Deep Learning ◽

High Performance ◽

Short Term Memory ◽

Learning Algorithm ◽

Can Bus ◽

Autonomous Vehicle ◽

Hybrid Network ◽

Superior Performance ◽

Area Network ◽

Vehicle Network

Rapid technological development has changed drastically the automotive industry. Network communication has improved, helping the vehicles transition from completely machine- to software-controlled technologies. The autonomous vehicle network is controlled by the controller area network (CAN) bus protocol. Nevertheless, the autonomous vehicle network still has issues and weaknesses concerning cybersecurity due to the complexity of data and traffic behaviors that benefit the unauthorized intrusion to a CAN bus and several types of attacks. Therefore, developing systems to rapidly detect message attacks in CAN is one of the biggest challenges. This study presents a high-performance system with an artificial intelligence approach that protects the vehicle network from cyber threats. The system secures the autonomous vehicle from intrusions by using deep learning approaches. The proposed security system was verified by using a real automatic vehicle network dataset, including spoofing, flood, replaying attacks, and benign packets. Preprocessing was applied to convert the categorical data into numerical. This dataset was processed by using the convolution neural network (CNN) and a hybrid network combining CNN and long short-term memory (CNN-LSTM) models to identify attack messages. The results revealed that the model achieved high performance, as evaluated by the metrics of precision, recall, F1 score, and accuracy. The proposed system achieved high accuracy (97.30%). Along with the empirical demonstration, the proposed system enhanced the detection and classification accuracy compared with the existing systems and was proven to have superior performance for real-time CAN bus security.

Download Full-text

Research of Automotive Controller Area Network Bus Detection System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.662.736 ◽

2013 ◽

Vol 662 ◽

pp. 736-739

Author(s):

Hong Wei Cui

Keyword(s):

Data Fusion ◽

Detection Method ◽

Can Bus ◽

Detection System ◽

Fault Analysis ◽

Controller Area Network ◽

Failure Diagnosis ◽

Area Network ◽

Fusion Model ◽

Work Condition

The detection method of automotive controller area network bus is studied in this paper. The composition of detection system is introduced. By analyzing and processing the data of CAN bus and sensors, work condition of automotive is achieved. Multi-pattern data fusion model and algorithm for failure diagnosis is researched. The detection system designed in this paper can be applied to automotive fault analysis, troubleshooting and maintenance.

Download Full-text

Detection and Mitigation of Sensor and CAN Bus Attacks in Vehicle Anti-Lock Braking Systems

ACM Transactions on Cyber-Physical Systems ◽

10.1145/3495534 ◽

2022 ◽

Vol 6 (1) ◽

pp. 1-24

Author(s):

Liuwang Kang ◽

Haiying Shen

Keyword(s):

Detection Method ◽

Can Bus ◽

Search Algorithm ◽

Mitigation Strategy ◽

Attack Detection ◽

Area Network ◽

Negative Effects ◽

Direction Control ◽

Road Friction ◽

Attack Mitigation

For a modern vehicle, if the sensor in a vehicle anti-lock braking system (ABS) or controller area network (CAN) bus is attacked during a brake process, the vehicle will lose driving direction control and the driver’s life will be highly threatened. However, current methods for detecting attacks are not sufficiently accurate, and no method can provide attack mitigation. To ensure vehicle ABS security, we propose an attack detection method to accurately detect both sensor attack (SA) and CAN bus attack in a vehicle ABS, and an attack mitigation strategy to mitigate their negative effects on the vehicle ABS. In our attack detection method, we build a vehicle state space equation that considers the real-time road friction coefficient to predict vehicle states (i.e., wheel speed and longitudinal brake force) with their previous values. Based on sets of historical measured vehicle states, we develop a search algorithm to find out attack changes (vehicle state changes because of attack) by minimizing errors between the predicted vehicle states and the measured vehicle states. In our attack mitigation strategy, attack changes are subtracted from the measured vehicle states to generate correct vehicle states for a vehicle ABS. We conducted the first real SA experiments to show how a magnet affects sensor readings. Our simulation results demonstrate that our attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and also that our attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.

Download Full-text