{"title":"Traffic anomaly detection algorithm for CAN bus using similarity analysis","authors":"","doi":"10.1016/j.hcc.2024.100207","DOIUrl":null,"url":null,"abstract":"<div><p>Recently, vehicles have experienced a rise in networking and informatization, leading to increased security concerns. As the most widely used automotive bus network, the Controller Area Network (CAN) bus is vulnerable to attacks, as security was not considered in its original design. This paper proposes SIDuBzip2, a traffic anomaly detection method for the CAN bus based on the bzip2 compression algorithm. The proposed method utilizes the pseudo-periodic characteristics of CAN bus traffic, constructing time series of CAN IDs and calculating the similarity between adjacent time series to identify abnormal traffic. The method consists of three parts: the conversion of CAN ID values to characters, the calculation of similarity based on bzip2 compression, and the optimal solution of model parameters. The experimental results demonstrate that the proposed SIDuBzip2 method effectively detects various attacks, including Denial of Service , replay, basic injection, mixed injection, and suppression attacks. In addition, existing CAN bus traffic anomaly detection methods are compared with the proposed method in terms of performance and delay, demonstrating the feasibility of the proposed method.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":null,"pages":null},"PeriodicalIF":3.2000,"publicationDate":"2024-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667295224000102/pdfft?md5=b2ff302140dd063117041177fe6d1399&pid=1-s2.0-S2667295224000102-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"High-Confidence Computing","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667295224000102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Recently, vehicles have experienced a rise in networking and informatization, leading to increased security concerns. As the most widely used automotive bus network, the Controller Area Network (CAN) bus is vulnerable to attacks, as security was not considered in its original design. This paper proposes SIDuBzip2, a traffic anomaly detection method for the CAN bus based on the bzip2 compression algorithm. The proposed method utilizes the pseudo-periodic characteristics of CAN bus traffic, constructing time series of CAN IDs and calculating the similarity between adjacent time series to identify abnormal traffic. The method consists of three parts: the conversion of CAN ID values to characters, the calculation of similarity based on bzip2 compression, and the optimal solution of model parameters. The experimental results demonstrate that the proposed SIDuBzip2 method effectively detects various attacks, including Denial of Service , replay, basic injection, mixed injection, and suppression attacks. In addition, existing CAN bus traffic anomaly detection methods are compared with the proposed method in terms of performance and delay, demonstrating the feasibility of the proposed method.
近来,汽车网络化和信息化程度不断提高,导致安全问题日益突出。作为应用最广泛的汽车总线网络,控制器局域网(CAN)总线在最初设计时并没有考虑到安全问题,因此很容易受到攻击。本文提出了一种基于 bzip2 压缩算法的 CAN 总线流量异常检测方法 SIDuBzip2。该方法利用 CAN 总线流量的伪周期特性,构建 CAN ID 的时间序列,并计算相邻时间序列之间的相似性,从而识别异常流量。该方法由三部分组成:CAN ID 值到字符的转换、基于 bzip2 压缩的相似性计算以及模型参数的最优解。实验结果表明,所提出的 SIDuBzip2 方法能有效检测出各种攻击,包括拒绝服务攻击、重放攻击、基本注入攻击、混合注入攻击和抑制攻击。此外,还将现有的 CAN 总线流量异常检测方法与所提出的方法在性能和延迟方面进行了比较,证明了所提出方法的可行性。
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
