Research Article
Anomaly Detection of Vehicle CAN Network Based on Message Content
@INPROCEEDINGS{10.1007/978-3-030-21373-2_9, author={Xiuliang Mo and Pengyuan Chen and Jianing Wang and Chundong Wang}, title={Anomaly Detection of Vehicle CAN Network Based on Message Content}, proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings}, proceedings_a={SPNCE}, year={2019}, month={6}, keywords={Anomaly detection CAN network CAN bus Data frame Mahalanobis distance}, doi={10.1007/978-3-030-21373-2_9} }- Xiuliang Mo
Pengyuan Chen
Jianing Wang
Chundong Wang
Year: 2019
Anomaly Detection of Vehicle CAN Network Based on Message Content
SPNCE
Springer
DOI: 10.1007/978-3-030-21373-2_9
Abstract
With the rapid advance of intelligent vehicles, auxiliary driving and automatic driving have been paid more attention to. While vehicle security has become increasingly prominent, which is seriously related to the property and personal safety. The attacker can send abnormal information to the controller through internal CAN bus. Because of the particularity of the vehicle CAN network information communication protocol, the encryption authentication technology cannot effectively solve the safety problem of the vehicle network. In the paper, a novel anomaly detection method based on CAN packet content is proposed. The scheme is effective in preventing in-vehicle ECU attacks caused by malicious modifications. Statistical thinking is adopted to analyze the characteristics of normal message content. Then a confidence interval based on normal features is defined for detecting abnormal network messages. Its detection performance has been demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.