Intrusion Attacks on Automotive CAN and Their Detection

Abstract

The main highway of communication in a vehicle is the Controller Area Network, commonly known by the acronym CAN. Any vulnerability in this network could allow bad actors to block communication between vehicle subsystems, risking the safety of the vehicle’s occupants. With the ever growing list of vulnerabilities being exposed in the CAN, it is critical to address its safety. This paper looks at one of the known vulnerabilities in the data link layer of the CAN and an Intrusion Detection System that could detect attacks on this network. We detail a few processes of the CAN, arbitration and error states, and how they are leveraged during different attacks. We also explain the core component of the Intrusion Detection System, the Detection Engine, and discuss testing results.