Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings

Research Article

Anomaly Detection of Vehicle CAN Network Based on Message Content

  • @INPROCEEDINGS{10.1007/978-3-030-21373-2_9,
        author={Xiuliang Mo and Pengyuan Chen and Jianing Wang and Chundong Wang},
        title={Anomaly Detection of Vehicle CAN Network Based on Message Content},
        proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings},
        proceedings_a={SPNCE},
        year={2019},
        month={6},
        keywords={Anomaly detection CAN network CAN bus Data frame Mahalanobis distance},
        doi={10.1007/978-3-030-21373-2_9}
    }
    
  • Xiuliang Mo
    Pengyuan Chen
    Jianing Wang
    Chundong Wang
    Year: 2019
    Anomaly Detection of Vehicle CAN Network Based on Message Content
    SPNCE
    Springer
    DOI: 10.1007/978-3-030-21373-2_9
Xiuliang Mo, Pengyuan Chen,*, Jianing Wang1, Chundong Wang
  • 1: Sichuan University
*Contact email: cpy1001@foxmail.com

Abstract

With the rapid advance of intelligent vehicles, auxiliary driving and automatic driving have been paid more attention to. While vehicle security has become increasingly prominent, which is seriously related to the property and personal safety. The attacker can send abnormal information to the controller through internal CAN bus. Because of the particularity of the vehicle CAN network information communication protocol, the encryption authentication technology cannot effectively solve the safety problem of the vehicle network. In the paper, a novel anomaly detection method based on CAN packet content is proposed. The scheme is effective in preventing in-vehicle ECU attacks caused by malicious modifications. Statistical thinking is adopted to analyze the characteristics of normal message content. Then a confidence interval based on normal features is defined for detecting abnormal network messages. Its detection performance has been demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.