Detection and Mitigation of Sensor and CAN Bus Attacks in Vehicle Anti-Lock Braking Systems

For a modern vehicle, if the sensor in a vehicle anti-lock braking system (ABS) or controller area network (CAN) bus is attacked during a brake process, the vehicle will lose driving direction control and the driver’s life will be highly threatened. However, current methods for detecting attacks are not sufficiently accurate, and no method can provide attack mitigation. To ensure vehicle ABS security, we propose an attack detection method to accurately detect both sensor attack (SA) and CAN bus attack in a vehicle ABS, and an attack mitigation strategy to mitigate their negative effects on the vehicle ABS. In our attack detection method, we build a vehicle state space equation that considers the real-time road friction coefficient to predict vehicle states (i.e., wheel speed and longitudinal brake force) with their previous values. Based on sets of historical measured vehicle states, we develop a search algorithm to find out attack changes (vehicle state changes because of attack) by minimizing errors between the predicted vehicle states and the measured vehicle states. In our attack mitigation strategy, attack changes are subtracted from the measured vehicle states to generate correct vehicle states for a vehicle ABS. We conducted the first real SA experiments to show how a magnet affects sensor readings. Our simulation results demonstrate that our attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and also that our attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.

Attacks to Automatous Vehicles: A Deep Learning Algorithm for Cybersecurity

Rapid technological development has changed drastically the automotive industry. Network communication has improved, helping the vehicles transition from completely machine- to software-controlled technologies. The autonomous vehicle network is controlled by the controller area network (CAN) bus protocol. Nevertheless, the autonomous vehicle network still has issues and weaknesses concerning cybersecurity due to the complexity of data and traffic behaviors that benefit the unauthorized intrusion to a CAN bus and several types of attacks. Therefore, developing systems to rapidly detect message attacks in CAN is one of the biggest challenges. This study presents a high-performance system with an artificial intelligence approach that protects the vehicle network from cyber threats. The system secures the autonomous vehicle from intrusions by using deep learning approaches. The proposed security system was verified by using a real automatic vehicle network dataset, including spoofing, flood, replaying attacks, and benign packets. Preprocessing was applied to convert the categorical data into numerical. This dataset was processed by using the convolution neural network (CNN) and a hybrid network combining CNN and long short-term memory (CNN-LSTM) models to identify attack messages. The results revealed that the model achieved high performance, as evaluated by the metrics of precision, recall, F1 score, and accuracy. The proposed system achieved high accuracy (97.30%). Along with the empirical demonstration, the proposed system enhanced the detection and classification accuracy compared with the existing systems and was proven to have superior performance for real-time CAN bus security.

SDAE+Bi-LSTM-Based Situation Awareness Algorithm for the CAN Bus of Intelligent Connected Vehicles

With a deep connection to the internet, the controller area network (CAN) bus of intelligent connected vehicles (ICVs) has suffered many network attacks. A deep situation awareness method is urgently needed to judge whether network attacks will occur in the future. However, traditional shallow methods cannot extract deep features from CAN data with noise to accurately detect attacks. To solve these problems, we developed a SDAE+Bi-LSTM based situation awareness algorithm for the CAN bus of ICVs, simply called SDBL. Firstly, the stacked denoising auto-encoder (SDAE) model was used to compress the CAN data with noise and extract the deep spatial features at a certain time, to reduce the impact of noise. Secondly, a bidirectional long short-term memory (Bi-LSTM) model was further built to capture the periodic features from two directions to enhance the accuracy of the future situation prediction. Finally, a threat assessment model was constructed to evaluate the risk level of the CAN bus. Extensive experiments also verified the improved performance of our SDBL algorithm.

A Vehicle Can Bus Anomaly Detection Method for Periodic Attacks Based on the Entropy Model

Because of the rapid development of automobile intelligence and networking, cyber attackers can invade the vehicle network via wired and wireless interfaces, such as physical interfaces, short-range wireless interfaces, and long-range wireless interfaces. Thus, interfering with regular driving will immediately jeopardises the drivers’ and passengers’ personal and property safety. To accomplish security protection for the vehicle CAN (Controller Area Network) bus, we propose an anomaly detection method by calculating the information entropy based on the number of interval messages during the sliding window. It detects periodic attacks on the vehicle CAN bus, such as replay attacks and flooding attacks. First, we calculate the number of interval messages according to the CAN bus baud rate, the number of bits of a single frame message, and the time required to calculate information entropy within the window. Second, we compute the window information entropy of regular packet interval packets and determine the normal threshold range by setting a threshold coefficient. Finally, we calculate the information entropy of the data to be measured, determine whether it is greater than or less than the threshold, and detect the anomaly. The experiment uses CANoe software to simulate the vehicle network. It uses the body frame CAN bus network of a brand automobile body bench as the regular network, simulates attack nodes to attack the regular network periodically, collects message data, and verifies the proposed detection method. The results show that the proposed detection method has lower false-negative and false-positive rates for attack scenarios such as replay attacks and flood attacks across different attack cycles.