TY - JOUR
T1 - Attacker Identification and Intrusion Detection for In-Vehicle Networks
AU - Ning, Jing
AU - Wang, Jiadai
AU - Liu, Jiajia
AU - Kato, Nei
N1 - Funding Information:
Manuscript received July 30, 2019; accepted August 16, 2019. Date of publication August 23, 2019; date of current version November 11, 2019. The associate editor coordinating the review of this letter and approving it for publication was X. Lei. This work was supported by the National Natural Science Foundation of China (61771374, 61771373, 61801360, and 61601357), in part by the Fundamental Research Fund for the Central Universities (3102019PY005, JB181506, JB181507, and JB181508), and in part by China 111 Project (B16037). (Corresponding author: Jiajia Liu.) J. Ning and J. Wang are with the State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, China, and also with the School of Cyber Engineering, Xidian University, Xi’an 710071, China.
Publisher Copyright:
© 1997-2012 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - As the most wide-spread in-vehicle data bus protocol, CAN (Controller Area Network) has attracted more and more attention due to its lack of security protection mechanism. A variety of attacks against CAN bus have emerged, posing serious threat to vehicle safety. Accordingly, some methods have been proposed to detect CAN bus attacks, however, they have certain shortcomings such as additional computing burden and obvious false detection rate. Therefore, using the physical characteristics of voltage signal on CAN bus, we propose an LOF (Local Outlier Factor)-based intrusion detection method, which can greatly reduce the false detection rate as well as improve the detection accuracy. The modification of CAN protocol and the additional computation burden can also be avoided. In addition, to the best of our knowledge, we are the first to implement bus-off intrusion detection on real vehicles.
AB - As the most wide-spread in-vehicle data bus protocol, CAN (Controller Area Network) has attracted more and more attention due to its lack of security protection mechanism. A variety of attacks against CAN bus have emerged, posing serious threat to vehicle safety. Accordingly, some methods have been proposed to detect CAN bus attacks, however, they have certain shortcomings such as additional computing burden and obvious false detection rate. Therefore, using the physical characteristics of voltage signal on CAN bus, we propose an LOF (Local Outlier Factor)-based intrusion detection method, which can greatly reduce the false detection rate as well as improve the detection accuracy. The modification of CAN protocol and the additional computation burden can also be avoided. In addition, to the best of our knowledge, we are the first to implement bus-off intrusion detection on real vehicles.
KW - Controller area network
KW - intrusion detection
KW - local outlier factor
UR - http://www.scopus.com/inward/record.url?scp=85077753487&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077753487&partnerID=8YFLogxK
U2 - 10.1109/LCOMM.2019.2937097
DO - 10.1109/LCOMM.2019.2937097
M3 - Article
AN - SCOPUS:85077753487
SN - 1089-7798
VL - 23
SP - 1927
EP - 1930
JO - IEEE Communications Letters
JF - IEEE Communications Letters
IS - 11
M1 - 8811570
ER -