Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows

Andrew Tomlinson, Jeremy Bryans, Siraj Ahmed Shaikh, Harsha Kumara Kalutarage

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

9 Citations (Scopus)

Abstract

Cyber-attacks on the automotive controller area network (CAN) have recently been shown to be achievable and potentially disruptive or deadly. Detecting an attack quickly will require the development of intrusion detection systems that can cope with the rapid broadcast of CAN data, the comparatively limited computational power of automotive components, and the proprietary nature of CAN data specifications. This paper presents an analysis of CAN broadcasts and consequent testing of statistical methods to detect timing changes in the CAN traffic indicative of some predicted attacks. The detection is implemented in time-defined windows. The generation of simulated attack data, and the determination of positive detections, are also considered.

Original languageEnglish
Title of host publicationProceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018
Place of PublicationLuxembourg
PublisherIEEE
Pages231-238
Number of pages8
ISBN (Electronic)978-1-5386-6553-4
ISBN (Print)978-1-5386-6708-8
DOIs
Publication statusPublished - 23 Jul 2018
Event48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018 - Luxembourg City, Luxembourg
Duration: 25 Jun 201828 Jun 2018

Conference

Conference48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018
CountryLuxembourg
CityLuxembourg City
Period25/06/1828/06/18

Keywords

  • CAN
  • in-vehicle network
  • cybersecurity
  • anomaly detection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows'. Together they form a unique fingerprint.

  • Cite this

    Tomlinson, A., Bryans, J., Shaikh, S. A., & Kalutarage, H. K. (2018). Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows. In Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018 (pp. 231-238). Luxembourg: IEEE. https://doi.org/10.1109/DSN-W.2018.00069