TY - GEN
T1 - Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network
AU - Song, Hyun Min
AU - Kim, Ha Rang
AU - Kim, Huy Kang
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/3/7
Y1 - 2016/3/7
N2 - Controller Area Network (CAN) bus in the vehicles is a de facto standard for serial communication to provide an efficient, reliable and economical link between Electronic Control Units (ECU). However, CAN bus does not have enough security features to protect itself from inside or outside attacks. Intrusion Detection System (IDS) is one of the best ways to enhance the vehicle security level. Unlike the traditional IDS for network security, IDS for vehicle requires light-weight detection algorithm because of the limitations of the computing power of electronic devices reside in cars. In this paper, we propose a light-weight intrusion detection algorithm for in-vehicle network based on the analysis of time intervals of CAN messages. We captured CAN messages from the cars made by a famous manufacturer and performed three kinds of message injection attacks. As a result, we find the time interval is a meaningful feature to detect attacks in the CAN traffic. Also, our intrusion detection system detects all of message injection attacks without making false positive errors.
AB - Controller Area Network (CAN) bus in the vehicles is a de facto standard for serial communication to provide an efficient, reliable and economical link between Electronic Control Units (ECU). However, CAN bus does not have enough security features to protect itself from inside or outside attacks. Intrusion Detection System (IDS) is one of the best ways to enhance the vehicle security level. Unlike the traditional IDS for network security, IDS for vehicle requires light-weight detection algorithm because of the limitations of the computing power of electronic devices reside in cars. In this paper, we propose a light-weight intrusion detection algorithm for in-vehicle network based on the analysis of time intervals of CAN messages. We captured CAN messages from the cars made by a famous manufacturer and performed three kinds of message injection attacks. As a result, we find the time interval is a meaningful feature to detect attacks in the CAN traffic. Also, our intrusion detection system detects all of message injection attacks without making false positive errors.
KW - car seucirty
KW - controller area network
KW - intrusion detection system
UR - http://www.scopus.com/inward/record.url?scp=84963988159&partnerID=8YFLogxK
U2 - 10.1109/ICOIN.2016.7427089
DO - 10.1109/ICOIN.2016.7427089
M3 - Conference contribution
AN - SCOPUS:84963988159
T3 - International Conference on Information Networking
SP - 63
EP - 68
BT - 30th International Conference on Information Networking, ICOIN 2016
PB - IEEE Computer Society
T2 - 30th International Conference on Information Networking, ICOIN 2016
Y2 - 13 January 2016 through 15 January 2016
ER -