Analysis of ID Sequences Similarity Using DTW in Intrusion Detection for CAN Bus

Connected vehicles have recently attracted considerable attention for revolutionizing the transportation industry. Although connectivity brings about a vast number of benefits, it can give rise to a wider attack surface as more physical access interfaces have been introduced. In particular, anomalou...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on vehicular technology 2022-10, Vol.71 (10), p.10426-10441
Main Authors: Sun, Heng, Sun, Mengsi, Weng, Jian, Liu, Zhiquan
Format: Article
Language:English
Subjects:
Buses (vehicles)
Control equipment
Controller area network
dynamic time warping
Electronic control
Feature extraction
Intrusion
Intrusion detection
Methodology
Parameter robustness
Payloads
Protocols
Security
Sequences
Similarity
Sun
Transportation industry
Transportation networks
Vehicle dynamics
vehicle security
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Connected vehicles have recently attracted considerable attention for revolutionizing the transportation industry. Although connectivity brings about a vast number of benefits, it can give rise to a wider attack surface as more physical access interfaces have been introduced. In particular, anomalous behaviour of the Electronic Control Units (ECUs) caused by malicious attacks can result in serious consequences and possibly lead to fatal accidents. Hence, it is important to develop methodologies that can sniff vehicular data and detect it for further attack analysis. In this article, we develop a novel similarity-based intrusion detection methodology named SIDuDTW, which identifies malicious messages inside vehicle network, e.g., Controller Area Network (CAN), by using Dynamic Time Warping (DTW) distance between CAN ID sequences. Subsequently, the theoretical analysis for the recurring sequence pattern, wave splitting strategies, similarity metric, and optimal parameters providing strong robustness against several kinds of attacks in SIDuDTW are detailed. A series of experiments demonstrate that the developed methodology can detect attacks with high accuracy. In addition, this proposed methodology significantly outperforms the intrusion detection capabilities of existing approaches in terms of basic injection, replay and suppression attacks. It is envisioned that this work will contribute to the development of safer autonomous vehicle conceptualized as a key unit within broader smart city.
ISSN:0018-9545
1939-9359
DOI:10.1109/TVT.2022.3185111