OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame

Hyunsung Lee, Seong Hoon Jeong, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

Original languageEnglish
Title of host publicationProceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages57-66
Number of pages10
ISBN (Electronic)9781538624876
DOIs
Publication statusPublished - 2018 Sep 28
Event15th Annual Conference on Privacy, Security and Trust, PST 2017 - Calgary, Canada
Duration: 2017 Aug 272017 Aug 29

Other

Other15th Annual Conference on Privacy, Security and Trust, PST 2017
CountryCanada
CityCalgary
Period17/8/2717/8/29

Fingerprint

Intrusion detection
Controllers
Transmitters
Network protocols
Monitoring
Intrusion detection system
Node
Controller
Attack
Bus

ASJC Scopus subject areas

  • Information Systems and Management
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Lee, H., Jeong, S. H., & Kim, H. K. (2018). OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017 (pp. 57-66). [8476919] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2017.00017

OTIDS : A novel intrusion detection system for in-vehicle network by using remote frame. / Lee, Hyunsung; Jeong, Seong Hoon; Kim, Huy Kang.

Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. p. 57-66 8476919.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, H, Jeong, SH & Kim, HK 2018, OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. in Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017., 8476919, Institute of Electrical and Electronics Engineers Inc., pp. 57-66, 15th Annual Conference on Privacy, Security and Trust, PST 2017, Calgary, Canada, 17/8/27. https://doi.org/10.1109/PST.2017.00017
Lee H, Jeong SH, Kim HK. OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 57-66. 8476919 https://doi.org/10.1109/PST.2017.00017
Lee, Hyunsung ; Jeong, Seong Hoon ; Kim, Huy Kang. / OTIDS : A novel intrusion detection system for in-vehicle network by using remote frame. Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 57-66
@inproceedings{caf1ddf65fc1426b89dfb66e8f1954d8,
title = "OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame",
abstract = "Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.",
author = "Hyunsung Lee and Jeong, {Seong Hoon} and Kim, {Huy Kang}",
year = "2018",
month = "9",
day = "28",
doi = "10.1109/PST.2017.00017",
language = "English",
pages = "57--66",
booktitle = "Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - OTIDS

T2 - A novel intrusion detection system for in-vehicle network by using remote frame

AU - Lee, Hyunsung

AU - Jeong, Seong Hoon

AU - Kim, Huy Kang

PY - 2018/9/28

Y1 - 2018/9/28

N2 - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

AB - Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.

UR - http://www.scopus.com/inward/record.url?scp=85055875328&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055875328&partnerID=8YFLogxK

U2 - 10.1109/PST.2017.00017

DO - 10.1109/PST.2017.00017

M3 - Conference contribution

AN - SCOPUS:85055875328

SP - 57

EP - 66

BT - Proceedings - 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -