LOCoCAT: Low-Overhead Classification of CAN Bus Attack Types

IF 1.7 4区 计算机科学 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Caio Batista de Melo;Nikil Dutt
{"title":"LOCoCAT: Low-Overhead Classification of CAN Bus Attack Types","authors":"Caio Batista de Melo;Nikil Dutt","doi":"10.1109/LES.2023.3299217","DOIUrl":null,"url":null,"abstract":"Although research has shown vulnerabilities and shortcomings of the controller area network bus (CAN bus) and proposed alternatives, the CAN bus protocol is still the industry standard and present in most vehicles. Due to its vulnerability to potential intruders that can hinder execution or even take control of the vehicles, much work has focused on detecting intrusions on the CAN bus. However, most literature does not provide mechanisms to reason about, or respond to the attacks so that the system can continue to execute safely despite the intruder. This letter proposes a low-overhead methodology to automatically classify intrusions into predefined types once detected. Our framework: 1) groups messages of the same attacks into blocks; 2) extracts relevant features from each block; and 3) predicts the type of attack using a lightweight classifier model. The initial models depicted in this letter show an accuracy of up to 99.16% within the first 50 ms of the attack, allowing the system to quickly react to the intrusion before the malicious actor can conclude their attack. We believe this letter lays the groundwork for vehicles to have specialized runtime reactions based on the attack type.","PeriodicalId":56143,"journal":{"name":"IEEE Embedded Systems Letters","volume":"15 4","pages":"178-181"},"PeriodicalIF":1.7000,"publicationDate":"2023-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10261979","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Embedded Systems Letters","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10261979/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Although research has shown vulnerabilities and shortcomings of the controller area network bus (CAN bus) and proposed alternatives, the CAN bus protocol is still the industry standard and present in most vehicles. Due to its vulnerability to potential intruders that can hinder execution or even take control of the vehicles, much work has focused on detecting intrusions on the CAN bus. However, most literature does not provide mechanisms to reason about, or respond to the attacks so that the system can continue to execute safely despite the intruder. This letter proposes a low-overhead methodology to automatically classify intrusions into predefined types once detected. Our framework: 1) groups messages of the same attacks into blocks; 2) extracts relevant features from each block; and 3) predicts the type of attack using a lightweight classifier model. The initial models depicted in this letter show an accuracy of up to 99.16% within the first 50 ms of the attack, allowing the system to quickly react to the intrusion before the malicious actor can conclude their attack. We believe this letter lays the groundwork for vehicles to have specialized runtime reactions based on the attack type.
localcat: CAN总线攻击类型的低开销分类
尽管研究显示了CAN总线的漏洞和缺点,并提出了替代方案,但CAN总线协议仍然是行业标准,并存在于大多数车辆中。由于它容易受到潜在入侵者的攻击,这些入侵者可能会阻碍车辆的执行,甚至控制车辆,因此许多工作都集中在检测can总线上的入侵上。然而,大多数文献并没有提供推理或响应攻击的机制,以便系统能够在入侵者存在的情况下继续安全执行。本文提出了一种低开销的方法,在检测到入侵后自动将入侵分类为预定义的类型。我们的框架(i)将相同攻击的消息分组到块中,(ii)从每个块中提取相关特征,以及(iii)使用轻量级分类器模型预测攻击类型。本文中描述的初始模型显示,在攻击的前50毫秒内,准确率高达99.16%,允许系统在恶意行为者结束攻击之前快速对入侵做出反应。我们相信本文为车辆基于攻击类型的专门运行时反应奠定了基础。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Embedded Systems Letters
IEEE Embedded Systems Letters Engineering-Control and Systems Engineering
CiteScore
3.30
自引率
0.00%
发文量
65
期刊介绍: The IEEE Embedded Systems Letters (ESL), provides a forum for rapid dissemination of latest technical advances in embedded systems and related areas in embedded software. The emphasis is on models, methods, and tools that ensure secure, correct, efficient and robust design of embedded systems and their applications.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信