{"title":"基于远程帧的车载网络入侵检测系统OTIDS","authors":"Hyunsung Lee, S. Jeong, H. Kim","doi":"10.1109/PST.2017.00017","DOIUrl":null,"url":null,"abstract":"Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"195","resultStr":"{\"title\":\"OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame\",\"authors\":\"Hyunsung Lee, S. Jeong, H. Kim\",\"doi\":\"10.1109/PST.2017.00017\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.\",\"PeriodicalId\":405887,\"journal\":{\"name\":\"2017 15th Annual Conference on Privacy, Security and Trust (PST)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"195\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 15th Annual Conference on Privacy, Security and Trust (PST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST.2017.00017\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2017.00017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame
Controller Area Network (CAN) is a bus communication protocol which defines a standard for reliable and efficient transmission between in-vehicle nodes in real-time. Since CAN message is broadcast from a transmitter to the other nodes on a bus, it does not contain information about the source and destination address for validation. Therefore, an attacker can easily inject any message to lead system malfunctions. In this paper, we propose an intrusion detection method based on the analysis of the offset ratio and time interval between request and response messages in CAN. If a remote frame having a particular identifier is transmitted, a receiver node should respond to the remote frame immediately. In attack-free state, each node has a fixed response offset ratio and time interval while these values vary in attack state. Using this property, we can measure the response performance of the existing nodes based on the offset ratio and time interval between request and response messages. As a result, our methodology can detect intrusions by monitoring offset ratio and time interval, and it allows quick intrusion detection with high accuracy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
