{"title":"车载CAN网络入侵检测系统评估框架","authors":"G. Dupont, J. D. Hartog, S. Etalle, A. Lekidis","doi":"10.1109/ICCVE45908.2019.8965028","DOIUrl":null,"url":null,"abstract":"Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that “meaning-aware” detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.","PeriodicalId":384049,"journal":{"name":"2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Evaluation Framework for Network Intrusion Detection Systems for In-Vehicle CAN\",\"authors\":\"G. Dupont, J. D. Hartog, S. Etalle, A. Lekidis\",\"doi\":\"10.1109/ICCVE45908.2019.8965028\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that “meaning-aware” detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.\",\"PeriodicalId\":384049,\"journal\":{\"name\":\"2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE)\",\"volume\":\"63 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCVE45908.2019.8965028\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCVE45908.2019.8965028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluation Framework for Network Intrusion Detection Systems for In-Vehicle CAN
Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that “meaning-aware” detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
