Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows

Andrew Tomlinson, Jeremy Bryans, Siraj Ahmed Shaikh, Harsha Kumara Kalutarage

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    43 Citations (Scopus)

    Abstract

    Cyber-attacks on the automotive controller area network (CAN) have recently been shown to be achievable and potentially disruptive or deadly. Detecting an attack quickly will require the development of intrusion detection systems that can cope with the rapid broadcast of CAN data, the comparatively limited computational power of automotive components, and the proprietary nature of CAN data specifications. This paper presents an analysis of CAN broadcasts and consequent testing of statistical methods to detect timing changes in the CAN traffic indicative of some predicted attacks. The detection is implemented in time-defined windows. The generation of simulated attack data, and the determination of positive detections, are also considered.

    Original languageEnglish
    Title of host publicationProceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018
    Place of PublicationLuxembourg
    PublisherIEEE
    Pages231-238
    Number of pages8
    ISBN (Electronic)978-1-5386-6553-4
    ISBN (Print)978-1-5386-6708-8
    DOIs
    Publication statusPublished - 23 Jul 2018
    Event48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018 - Luxembourg City, Luxembourg
    Duration: 25 Jun 201828 Jun 2018

    Conference

    Conference48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018
    Country/TerritoryLuxembourg
    CityLuxembourg City
    Period25/06/1828/06/18

    Keywords

    • CAN
    • in-vehicle network
    • cybersecurity
    • anomaly detection

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows'. Together they form a unique fingerprint.

    Cite this