This paper evaluates the effectiveness of information-theoretic anomaly detection algorithms applied to networks included in modern vehicles. In particular, we focus on providing an experimental evaluation of anomaly detectors based on entropy. Attacks to in-vehicle networks were simulated by injecting different classes of forged CAN messages in traces captured from a modern licensed vehicle. Experimental results show that if entropy-based anomaly detection is applied to all CAN messages it is only possible to detect attacks that comprise a high volume of forged CAN messages. On the other hand, attacks characterized by the injection of few forged CAN messages attacks can be detected only by applying several independent instances of the entropy based anomaly detector, one for each class of CAN messages.

Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms / Marchetti, Mirco; Stabili, Dario; Guido, Alessandro; Colajanni, Michele. - (2016), pp. 429-434. (Intervento presentato al convegno IEEE 2nd International Forum on Research and Technologies for Society and Industry tenutosi a Bologna, Italy nel September 2016) [10.1109/RTSI.2016.7740627].

Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms

MARCHETTI, Mirco;Stabili, Dario;GUIDO, ALESSANDRO;COLAJANNI, Michele
2016

Abstract

This paper evaluates the effectiveness of information-theoretic anomaly detection algorithms applied to networks included in modern vehicles. In particular, we focus on providing an experimental evaluation of anomaly detectors based on entropy. Attacks to in-vehicle networks were simulated by injecting different classes of forged CAN messages in traces captured from a modern licensed vehicle. Experimental results show that if entropy-based anomaly detection is applied to all CAN messages it is only possible to detect attacks that comprise a high volume of forged CAN messages. On the other hand, attacks characterized by the injection of few forged CAN messages attacks can be detected only by applying several independent instances of the entropy based anomaly detector, one for each class of CAN messages.
2016
IEEE 2nd International Forum on Research and Technologies for Society and Industry
Bologna, Italy
September 2016
WOS:000392142500083
2-s2.0-85006038648
429
434
Marchetti, Mirco; Stabili, Dario; Guido, Alessandro; Colajanni, Michele
Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms / Marchetti, Mirco; Stabili, Dario; Guido, Alessandro; Colajanni, Michele. - (2016), pp. 429-434. (Intervento presentato al convegno IEEE 2nd International Forum on Research and Technologies for Society and Industry tenutosi a Bologna, Italy nel September 2016) [10.1109/RTSI.2016.7740627].
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1135277
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 141
  • ???jsp.display-item.citation.isi??? 51
social impact