IIUM Repository

Intrusion detection on the in-vehicle network using machine learning

Sharmin, Shaila and Mansor, Hafizah (2021) Intrusion detection on the in-vehicle network using machine learning. In: 2021 3rd International Cyber Resilience Conference (CRC 2021), Virtual.

[img] PDF
Restricted to Repository staff only

Download (412kB) | Request a copy
Download (522kB) | Preview


Controller Area Network (CAN) is a protocol for the in-vehicle network that connects microcontrollers called Electronic Control Units (ECUs) and other components in a vehicle so that they may communicate among themselves and control the operations of the vehicle. The CAN protocol was initially not designed with security in mind, but as modern vehicles are increasingly becoming connected to the outside world through wired and wireless interfaces, the CAN bus has become susceptible to intrusions and attacks such as message injection, replay attacks, denial of service (DoS) attacks, and eavesdropping. This paper presents an intrusion detection method based on the Isolation Forest (iForest) algorithm that detects message insertion attacks using message timing information. The resulting intrusion detection system benefits from the linear time complexity and low memory requirement of the iForest algorithm, as well as the ability to train the classifier with only a small sample of normal CAN traffic. The usage of only timing information for intrusion detection makes it a vehicle-agnostic method that does not rely on the message content, which is often proprietary and confidential information. The intrusion detection system was trained with normal CAN traffic trace and tested with two spoof attack CAN datasets. The high values obtained for the Area Under Curve (AUC) measure in the two cases, 0.966 and 0.974, indicated the effectiveness of this approach for intrusion detection

Item Type: Conference or Workshop Item (Plenary Papers)
Uncontrolled Keywords: —CAN, intrusion detection, isolation forest, message insertion, automotive
Subjects: T Technology > T Technology (General) > T10.5 Communication of technical information
T Technology > T Technology (General) > T175 Industrial research. Research and development
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Hafizah Mansor
Date Deposited: 08 Sep 2021 17:46
Last Modified: 08 Sep 2021 17:46
URI: http://irep.iium.edu.my/id/eprint/91691

Actions (login required)

View Item View Item


Downloads per month over past year