Detecting Anomalies in Controller Area Network for Automobiles
MetadataShow full item record
Availability of interfaces such as WI-FI, Bluetooth and Cellular networks, software components to control a vehicle’s functionality, and lack of security mechanisms in the Controller Area Network (CAN) bus protocol make vehicles vulnerable to attacks. In the recent past, researchers used internal and external attacks on automobiles to demonstrate that it is feasible to compromise the vehicle through the transmission of malicious messages on the vehicle’s CAN bus. To defend against such attacks, we propose three detection techniques. First, cross correlating and validating sensor values across multiple sensors can improve the data integrity of CAN bus messages. Second, the order of the messages from a single Electronic Control Unit (ECU) can be used to detect anomalies. CAN messages from the ECU should always be seen in a specific order as they are transmitted one after the other based on the priorities of messages. Fabrication and suspension attacks can be detected using such schemes. Third, a timing based detector is proposed to observe and detect changes in the timing behavior through deterministic and statistical techniques. An anomaly detection is possible after one malicious message if the CAN bus utilization is less than 50% or after at most three malicious messages if the CAN bus utilization is greater than 50% using a deterministic detection technique. The detection of an attack is possible with good accuracy and low false positive rates using a statistical detection technique but at the cost of longer detection latency.
Vasistha, Daksh Kumar (2017). Detecting Anomalies in Controller Area Network for Automobiles. Master's thesis, Texas A & M University. Available electronically from