CANival: A multimodal approach to intrusion detection on the vehicle CAN bus

IF 5.8 2区计算机科学 Q1 TELECOMMUNICATIONS

Vehicular Communications Pub Date : 2024-09-12 DOI:10.1016/j.vehcom.2024.100845

Hyunjae Kang , Thanh Vo , Huy Kang Kim , Jin B. Hong

{"title":"CANival: A multimodal approach to intrusion detection on the vehicle CAN bus","authors":"Hyunjae Kang , Thanh Vo , Huy Kang Kim , Jin B. Hong","doi":"10.1016/j.vehcom.2024.100845","DOIUrl":null,"url":null,"abstract":"<div><p>Vehicles of today are composed of over 100 electronic embedded devices known as Electronic Control Units (ECU), each of which controls a different component of the vehicle and communicates via the Controller Area Network (CAN) bus. However, unlike other network protocols, the CAN bus communication protocol lacks security features, which is a growing concern as more vehicles become connected to the Internet. To enable the detection of intrusions on the CAN bus, numerous intrusion detection systems (IDS) have been proposed. Although some are able to achieve high accuracy in detecting specific attacks, no IDS has been able to accurately detect all types of attacks against the CAN bus. To overcome the aforementioned issues, we propose a multimodal analysis framework named <span>CANival</span>, which consists of time interval-based and signal-based analyzers developed by designing a novel Time Interval Likelihood (TIL) model and optimizing an existing model CANet. Experimental results show that our multimodal IDS outperforms the base models and enhances the detection performance testing on two recent datasets, X-CANIDS Dataset and SynCAN, achieving average true positive rates of 0.960 and 0.912, and true negative rates of 0.997 and 0.996, respectively.</p></div>","PeriodicalId":54346,"journal":{"name":"Vehicular Communications","volume":null,"pages":null},"PeriodicalIF":5.8000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214209624001207/pdfft?md5=5a3ea24f061884777e2d92beaac3bc58&pid=1-s2.0-S2214209624001207-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vehicular Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214209624001207","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Vehicles of today are composed of over 100 electronic embedded devices known as Electronic Control Units (ECU), each of which controls a different component of the vehicle and communicates via the Controller Area Network (CAN) bus. However, unlike other network protocols, the CAN bus communication protocol lacks security features, which is a growing concern as more vehicles become connected to the Internet. To enable the detection of intrusions on the CAN bus, numerous intrusion detection systems (IDS) have been proposed. Although some are able to achieve high accuracy in detecting specific attacks, no IDS has been able to accurately detect all types of attacks against the CAN bus. To overcome the aforementioned issues, we propose a multimodal analysis framework named CANival, which consists of time interval-based and signal-based analyzers developed by designing a novel Time Interval Likelihood (TIL) model and optimizing an existing model CANet. Experimental results show that our multimodal IDS outperforms the base models and enhances the detection performance testing on two recent datasets, X-CANIDS Dataset and SynCAN, achieving average true positive rates of 0.960 and 0.912, and true negative rates of 0.997 and 0.996, respectively.

查看原文本刊更多论文

CANival：汽车 CAN 总线入侵检测的多模式方法

当今的汽车由 100 多个被称为电子控制单元 (ECU) 的电子嵌入式设备组成，每个设备控制汽车的不同组件，并通过控制器局域网 (CAN) 总线进行通信。然而，与其他网络协议不同的是，CAN 总线通信协议缺乏安全功能，而随着越来越多的车辆连接到互联网，安全问题日益受到关注。为了能够检测 CAN 总线上的入侵，人们提出了许多入侵检测系统（IDS）。虽然有些系统在检测特定攻击时能够达到很高的准确率，但还没有一种 IDS 能够准确检测出针对 CAN 总线的所有类型的攻击。为了克服上述问题，我们提出了一个名为 CANival 的多模态分析框架，它由基于时间间隔和基于信号的分析器组成，通过设计一个新颖的时间间隔似然（TIL）模型和优化现有的 CANet 模型而开发。实验结果表明，我们的多模态 IDS 优于基础模型，并在最近的两个数据集 X-CANIDS Dataset 和 SynCAN 的测试中提高了检测性能，平均真阳性率分别达到 0.960 和 0.912，真阴性率分别达到 0.997 和 0.996。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Vehicular Communications Engineering-Electrical and Electronic Engineering

CiteScore

12.70

自引率

10.40%

发文量

审稿时长

62 days

期刊介绍： Vehicular communications is a growing area of communications between vehicles and including roadside communication infrastructure. Advances in wireless communications are making possible sharing of information through real time communications between vehicles and infrastructure. This has led to applications to increase safety of vehicles and communication between passengers and the Internet. Standardization efforts on vehicular communication are also underway to make vehicular transportation safer, greener and easier. The aim of the journal is to publish high quality peer–reviewed papers in the area of vehicular communications. The scope encompasses all types of communications involving vehicles, including vehicle–to–vehicle and vehicle–to–infrastructure. The scope includes (but not limited to) the following topics related to vehicular communications: Vehicle to vehicle and vehicle to infrastructure communications Channel modelling, modulating and coding Congestion Control and scalability issues Protocol design, testing and verification Routing in vehicular networks Security issues and countermeasures Deployment and field testing Reducing energy consumption and enhancing safety of vehicles Wireless in–car networks Data collection and dissemination methods Mobility and handover issues Safety and driver assistance applications UAV Underwater communications Autonomous cooperative driving Social networks Internet of vehicles Standardization of protocols.