Deep learning approach for attack detection in controller area networks

Jungyeong Lee; Woocheol Kim; Jin-Hee Cho; Dong Seong Kim; Terrence J. Moore; Frederica F. Nelson; Hyuk Lim

doi:10.1117/12.2587015

12 April 2021 Deep learning approach for attack detection in controller area networks

Jungyeong Lee, Woocheol Kim, Jin-Hee Cho, Dong Seong Kim, Terrence J. Moore, Frederica F. Nelson, Hyuk Lim

Proceedings Volume 11746, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications III; 117460W (2021) https://doi.org/10.1117/12.2587015
Event: SPIE Defense + Commercial Sensing, 2021, Online Only

Abstract

As autonomous driving technologies evolve, an in-vehicle network connecting numerous sensors, actuators, and electric control units (ECUs) has become increasingly important and has led to the critical need for ensuring the security of these networks. These ECUs and vehicle components in an in-vehicle network require a more reliable and fast data transport protocol than those in ordinary computer communication. To meet these requirements, the controller area network (CAN) protocol is used in which a CAN frame containing a small payload related to the state and control of a vehicle is sent. Because the CAN protocol broadcasts unencrypted messages to the bus, it is exposed to many security threats and vulnerabilities. In particular, a network can be easily compromised by attacks such as denial-of-service (DoS), fuzzy attacks, and spoofing as long as the attacker can access the CAN network. In this study, we develop a novel deep convolutional neural network (DCNN)-based attack detection technique for CAN. Specifically, we use two key characteristics that can be obtained by observing CAN traffic flows. The first is the statistical distribution of CAN frame appearances per unit time, and the second is the average interarrival time (IAT) of the CAN frames. These characteristics are measured at different levels of time granularity and are aggregated to constitute traffic samples for DCNN-based attack detection. By processing these samples and inputting them into the DCNN, we can determine the presence or absence of an attack during each time interval in real time. Because the proposed method utilizes statistical characteristics at different levels of time granularity, it can effectively detect attacks performed in both wide and narrow time intervals.

Conference Presentation

Citation Download Citation

Jungyeong Lee, Woocheol Kim, Jin-Hee Cho, Dong Seong Kim, Terrence J. Moore, Frederica F. Nelson, and Hyuk Lim "Deep learning approach for attack detection in controller area networks", Proc. SPIE 11746, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications III, 117460W (12 April 2021); https://doi.org/10.1117/12.2587015

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available