Context-aware Anomaly Detector for Monitoring Cyber Attacks on Automotive CAN Bus.

Résumé:

Automotive electronics is rapidly expanding. An average vehicle contains million lines of software codes, running on 100 of electronic control units (ECUs), in supporting number of safety, driver assistance and infotainment functions. These ECUs are networked using a Controller Area Network (CAN). Security of the CAN bus has not historically been a major concern, however, recent research demonstrate that CAN has many vulnerabilities to cyberattacks. This paper presents a contextualised anomaly detector for monitoring cyberattacks on the CAN bus. Proposed algorithm is based on message sequence modelling, using so called N-grams distributions. It utilises only benign data (one class) for training and threshold estimation. Performance of the algorithm was tested against two different attack scenarios, RPM and gear gauge messages spoofing, using data captured from a real vehicle. Experimental outcomes demonstrate that proposed algorithm is capable of detecting both attacks with%100 accuracy, using far smaller time windows(100ms) which is essential for a practically deployable automotive cyber security solution.