Loading…

An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform

The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed f...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2021, Vol.9, p.166855-166869
Main Authors: Freitas De Araujo-Filho, Paulo, Pinheiro, Antonio J., Kaddoum, Georges, Campelo, Divanilson R., Soares, Fabio L.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3
cites cdi_FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3
container_end_page 166869
container_issue
container_start_page 166855
container_title IEEE access
container_volume 9
creator Freitas De Araujo-Filho, Paulo
Pinheiro, Antonio J.
Kaddoum, Georges
Campelo, Divanilson R.
Soares, Fabio L.
description The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms' ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than 80 ~\mu s for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry's primary concerns.
doi_str_mv 10.1109/ACCESS.2021.3136147
format article
fullrecord <record><control><sourceid>proquest_doaj_</sourceid><recordid>TN_cdi_proquest_journals_2613365797</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9654211</ieee_id><doaj_id>oai_doaj_org_article_61b63ea341dd49e8bd9f23c4d9e1c10a</doaj_id><sourcerecordid>2613365797</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3</originalsourceid><addsrcrecordid>eNpNUU1rGzEUXEoLDWl-QS6CnteVVh-76m1Z3MZg2oBbehT6eErl2qtUklP87yt3Q-i7vMcwM29gmuaW4BUhWH4Yp2m926063JEVJVQQ1r9qrjoiZEs5Fa__u982NznvcZ2hQry_asw4o7X3wQaYC9rMJZ1yiDO6T_BUkcu5O-cCR-RjQtP45SO6C7ODFOYHNJ0NpHYsRdtfGf0I5SfSaBv_tFPMBd0fdKmi47vmjdeHDDfP-7r5_mn9bbprt18_b6Zx21qGh9ICNwZzsLQfpGGed5IbThnXTBDaddT0XDrrDbaMOmu9w9ppr70EYY0YPL1uNouvi3qvHlM46nRWUQf1D4jpQelUgj2AEsQICpoy4hyTMBgnfUctcxKIJVhXr_eL12OKv0-Qi9rHU5prfNXVOFTwXvaVRReWTTHnBP7lK8Hq0o1aulGXbtRzN1V1u6gCALwopOCsI4T-BQCEisM</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2613365797</pqid></control><display><type>article</type><title>An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform</title><source>IEEE Xplore Open Access Journals</source><creator>Freitas De Araujo-Filho, Paulo ; Pinheiro, Antonio J. ; Kaddoum, Georges ; Campelo, Divanilson R. ; Soares, Fabio L.</creator><creatorcontrib>Freitas De Araujo-Filho, Paulo ; Pinheiro, Antonio J. ; Kaddoum, Georges ; Campelo, Divanilson R. ; Soares, Fabio L.</creatorcontrib><description>The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms' ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;80 ~\mu s &lt;/tex-math&gt;&lt;/inline-formula&gt; for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry's primary concerns.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3136147</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Automobile industry ; Automobiles ; Automotive electronics ; Bluetooth ; Cellular radio ; Control equipment ; Controller area network ; controller area network (CAN) ; Cybersecurity ; Electronic control ; Hardware ; Intrusion detection ; Intrusion detection system (IDS) ; Intrusion detection systems ; intrusion prevention system (IPS) ; IP networks ; Machine learning ; Machine learning algorithms ; Security ; Spoofing ; Timing</subject><ispartof>IEEE access, 2021, Vol.9, p.166855-166869</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3</citedby><cites>FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3</cites><orcidid>0000-0002-5025-6624 ; 0000-0001-8851-2665 ; 0000-0002-1178-2648 ; 0000-0001-8440-4237 ; 0000-0001-6367-9872</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9654211$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Freitas De Araujo-Filho, Paulo</creatorcontrib><creatorcontrib>Pinheiro, Antonio J.</creatorcontrib><creatorcontrib>Kaddoum, Georges</creatorcontrib><creatorcontrib>Campelo, Divanilson R.</creatorcontrib><creatorcontrib>Soares, Fabio L.</creatorcontrib><title>An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform</title><title>IEEE access</title><addtitle>Access</addtitle><description>The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms' ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;80 ~\mu s &lt;/tex-math&gt;&lt;/inline-formula&gt; for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry's primary concerns.</description><subject>Algorithms</subject><subject>Automobile industry</subject><subject>Automobiles</subject><subject>Automotive electronics</subject><subject>Bluetooth</subject><subject>Cellular radio</subject><subject>Control equipment</subject><subject>Controller area network</subject><subject>controller area network (CAN)</subject><subject>Cybersecurity</subject><subject>Electronic control</subject><subject>Hardware</subject><subject>Intrusion detection</subject><subject>Intrusion detection system (IDS)</subject><subject>Intrusion detection systems</subject><subject>intrusion prevention system (IPS)</subject><subject>IP networks</subject><subject>Machine learning</subject><subject>Machine learning algorithms</subject><subject>Security</subject><subject>Spoofing</subject><subject>Timing</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1rGzEUXEoLDWl-QS6CnteVVh-76m1Z3MZg2oBbehT6eErl2qtUklP87yt3Q-i7vMcwM29gmuaW4BUhWH4Yp2m926063JEVJVQQ1r9qrjoiZEs5Fa__u982NznvcZ2hQry_asw4o7X3wQaYC9rMJZ1yiDO6T_BUkcu5O-cCR-RjQtP45SO6C7ODFOYHNJ0NpHYsRdtfGf0I5SfSaBv_tFPMBd0fdKmi47vmjdeHDDfP-7r5_mn9bbprt18_b6Zx21qGh9ICNwZzsLQfpGGed5IbThnXTBDaddT0XDrrDbaMOmu9w9ppr70EYY0YPL1uNouvi3qvHlM46nRWUQf1D4jpQelUgj2AEsQICpoy4hyTMBgnfUctcxKIJVhXr_eL12OKv0-Qi9rHU5prfNXVOFTwXvaVRReWTTHnBP7lK8Hq0o1aulGXbtRzN1V1u6gCALwopOCsI4T-BQCEisM</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Freitas De Araujo-Filho, Paulo</creator><creator>Pinheiro, Antonio J.</creator><creator>Kaddoum, Georges</creator><creator>Campelo, Divanilson R.</creator><creator>Soares, Fabio L.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-5025-6624</orcidid><orcidid>https://orcid.org/0000-0001-8851-2665</orcidid><orcidid>https://orcid.org/0000-0002-1178-2648</orcidid><orcidid>https://orcid.org/0000-0001-8440-4237</orcidid><orcidid>https://orcid.org/0000-0001-6367-9872</orcidid></search><sort><creationdate>2021</creationdate><title>An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform</title><author>Freitas De Araujo-Filho, Paulo ; Pinheiro, Antonio J. ; Kaddoum, Georges ; Campelo, Divanilson R. ; Soares, Fabio L.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Automobile industry</topic><topic>Automobiles</topic><topic>Automotive electronics</topic><topic>Bluetooth</topic><topic>Cellular radio</topic><topic>Control equipment</topic><topic>Controller area network</topic><topic>controller area network (CAN)</topic><topic>Cybersecurity</topic><topic>Electronic control</topic><topic>Hardware</topic><topic>Intrusion detection</topic><topic>Intrusion detection system (IDS)</topic><topic>Intrusion detection systems</topic><topic>intrusion prevention system (IPS)</topic><topic>IP networks</topic><topic>Machine learning</topic><topic>Machine learning algorithms</topic><topic>Security</topic><topic>Spoofing</topic><topic>Timing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Freitas De Araujo-Filho, Paulo</creatorcontrib><creatorcontrib>Pinheiro, Antonio J.</creatorcontrib><creatorcontrib>Kaddoum, Georges</creatorcontrib><creatorcontrib>Campelo, Divanilson R.</creatorcontrib><creatorcontrib>Soares, Fabio L.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE/IET Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Freitas De Araujo-Filho, Paulo</au><au>Pinheiro, Antonio J.</au><au>Kaddoum, Georges</au><au>Campelo, Divanilson R.</au><au>Soares, Fabio L.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>166855</spage><epage>166869</epage><pages>166855-166869</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>The controller area network (CAN), which is still today the most used in-vehicle network, does not provide any security or authentication mechanism by design. Since current vehicles, which have numerous connectivity technologies, such as Bluetooth, Wi-Fi, and cellular radio, can be easily accessed from the exterior world, they can be easy targets of cyber-attacks. It is therefore urgently necessary to enhance vehicle security by detecting and stopping cyber-attacks. In this paper, we propose a novel unsupervised intrusion prevention system (IPS) for automotive CANs that detects and hinders attacks without modifying the architecture of the electronic control units (ECUs) or requiring information that is restricted to car manufacturers. We compare two machine learning algorithms' ability to detect fuzzing and spoofing attacks, and evaluate which of them is most accurate with the fewest number of data bytes. The fewer data bytes required, the sooner detection can start and the sooner attacking frames can be detected. Experiment results show that our proposed detection mechanism achieves accuracy higher than 99%, F1-scores higher than 97%, and detection times shorter than &lt;inline-formula&gt; &lt;tex-math notation="LaTeX"&gt;80 ~\mu s &lt;/tex-math&gt;&lt;/inline-formula&gt; for the types of attacks considered. Moreover, when compared to four state-of-the-art intrusion detection systems, it is the only solution that is capable of discarding attacking frames before damage occurs while being deployed on inexpensive Raspberry Pi. Such an inexpensive deployment is particularly desirable, as cost is one of the automotive industry's primary concerns.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3136147</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-5025-6624</orcidid><orcidid>https://orcid.org/0000-0001-8851-2665</orcidid><orcidid>https://orcid.org/0000-0002-1178-2648</orcidid><orcidid>https://orcid.org/0000-0001-8440-4237</orcidid><orcidid>https://orcid.org/0000-0001-6367-9872</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2021, Vol.9, p.166855-166869
issn 2169-3536
2169-3536
language eng
recordid cdi_proquest_journals_2613365797
source IEEE Xplore Open Access Journals
subjects Algorithms
Automobile industry
Automobiles
Automotive electronics
Bluetooth
Cellular radio
Control equipment
Controller area network
controller area network (CAN)
Cybersecurity
Electronic control
Hardware
Intrusion detection
Intrusion detection system (IDS)
Intrusion detection systems
intrusion prevention system (IPS)
IP networks
Machine learning
Machine learning algorithms
Security
Spoofing
Timing
title An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T08%3A47%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Efficient%20Intrusion%20Prevention%20System%20for%20CAN:%20Hindering%20Cyber-Attacks%20With%20a%20Low-Cost%20Platform&rft.jtitle=IEEE%20access&rft.au=Freitas%20De%20Araujo-Filho,%20Paulo&rft.date=2021&rft.volume=9&rft.spage=166855&rft.epage=166869&rft.pages=166855-166869&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3136147&rft_dat=%3Cproquest_doaj_%3E2613365797%3C/proquest_doaj_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c408t-e5bb05ec3789b4f5295b5345a4613223b759dcfb0c43dccfd0adafaf9e6cb68f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2613365797&rft_id=info:pmid/&rft_ieee_id=9654211&rfr_iscdi=true