Analysis of in-vehicle networks is an open research area that gained relevance after recent reports of cyber attacks against connected vehicles. After those attacks gained international media attention, many security researchers started to propose different algorithms that are capable to model the normal behaviour of the CAN bus to detect the injection of malicious messages. However, despite the automotive area has different constraint than classical IT security, many security research have been conducted by applying sophisticated algorithm used in IT anomaly detection, thus proposing solutions that are not applicable on current Electronic Control Units (ECUs). This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. Moreover, the proposed algorithm has been designed and implemented with the very strict constraint of low-end ECUs, having low computational complexity and small memory footprints. The proposed algorithm identifies anomalies in the sequence of the payloads of different classes of IDs by computing the Hamming distance between consecutive payloads. Its detection performance are evaluated through experiments carried out using real CAN traffic gathered from an unmodified licensed vehicle.

Detecting attacks to internal vehicle networks through Hamming distance / Stabili, Dario; Marchetti, Mirco; Colajanni, Michele. - (2017), pp. 1-6. (Intervento presentato al convegno IEEE 2017 AEIT International Annual Conference - Infrastructures for Energy and ICT (AEIT 2017) tenutosi a Cagliari, Italy nel September 2017).

Detecting attacks to internal vehicle networks through Hamming distance

Dario stabili;Mirco Marchetti
;
Michele Colajanni
2017

Abstract

Analysis of in-vehicle networks is an open research area that gained relevance after recent reports of cyber attacks against connected vehicles. After those attacks gained international media attention, many security researchers started to propose different algorithms that are capable to model the normal behaviour of the CAN bus to detect the injection of malicious messages. However, despite the automotive area has different constraint than classical IT security, many security research have been conducted by applying sophisticated algorithm used in IT anomaly detection, thus proposing solutions that are not applicable on current Electronic Control Units (ECUs). This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. Moreover, the proposed algorithm has been designed and implemented with the very strict constraint of low-end ECUs, having low computational complexity and small memory footprints. The proposed algorithm identifies anomalies in the sequence of the payloads of different classes of IDs by computing the Hamming distance between consecutive payloads. Its detection performance are evaluated through experiments carried out using real CAN traffic gathered from an unmodified licensed vehicle.
2017
set-2017
IEEE 2017 AEIT International Annual Conference - Infrastructures for Energy and ICT (AEIT 2017)
Cagliari, Italy
September 2017
1
6
Stabili, Dario; Marchetti, Mirco; Colajanni, Michele
Detecting attacks to internal vehicle networks through Hamming distance / Stabili, Dario; Marchetti, Mirco; Colajanni, Michele. - (2017), pp. 1-6. (Intervento presentato al convegno IEEE 2017 AEIT International Annual Conference - Infrastructures for Energy and ICT (AEIT 2017) tenutosi a Cagliari, Italy nel September 2017).
File in questo prodotto:
File Dimensione Formato  
AEIT2017___Full_Paper (1).pdf

Open access

Descrizione: Articolo principale
Tipologia: Versione dell'autore revisionata e accettata per la pubblicazione
Dimensione 205.68 kB
Formato Adobe PDF
205.68 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1149180
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 86
  • ???jsp.display-item.citation.isi??? 58
social impact