Abstract
Modern vehicles involve engine control units that communicate over multiple in-vehicle networks via a traditional Gateway. In this context, we develop an open, experimental distributed embedded platform that integrates CAN networks of different criticalities, populated with Raspberry Pi 3 nodes and an Odroid XU3 device that acts as the Gateway. During normal operation, a critical CAN (CAN2) emulates engine traffic (i.e., Korean car dataset). In contrast, a non-critical CAN (CAN1) sends packet requests related to the dashboard display (e.g., engine speed, RPM, temperature, airflow, etc.). Responses to these packets are forwarded back to CAN1, forming a request-response path. In our DoS attack scenario, a malicious CAN1 node broadcasts packet requests that are relayed by the Gateway towards CAN2. At the Gateway-level, we detect a DoS attack by monitoring perturbations of system metrics (Cortex-A15 power consumption, temperature gradients, and packet ID frequency) from pre-established thresholds using a sliding window-based cumulative sum approach. Also, we monitor variations of inter-arrival time in the request-response path at the periphery (CAN1). Our results on the experimental automotive platform indicate that frequency count at the Gateway and inter-arrival time at the network periphery are promising techniques for fast and accurate DoS detection using CUSUM. Furthermore, preliminary experimental results indicate that CUSUM is a more precise metric than entropy for detecting DoS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Biron, Z.A., Dey, S., Pisu, P.: Real-time detection and estimation of denial of service attack in connected vehicle systems. IEEE Trans. Intell. Transp. Syst. 19(12), 3893–3902 (2018)
Woo, S., Jo, H.J., Lee, D.H.: A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans. Intell. Transp. Systems 16(2), 993–1006 (2015)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. In: BlackHat Conference 2015, 19 June 2021. http://illmatics.com/car_hacking.pdf
Wu, W., et al.: A survey of intrusion detection for in-vehicle networks. IEEE Trans. Intell. Transp. Syst. 21(3), 919–933 (2020)
Hoppe, T., Kiltz, S., Dittmann, J.: Applying intrusion detection to automotive IT: early insights and challenges. J. Info Assur. Secur. 4(3), 226–235 (2009)
Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of can messages for an in-vehicle network. In: Proceedings of International Conference on Information Networks, pp. 63–68 (2016)
Young, C., et al.: Automotive intrusion detection based on constant CAN message frequencies across vehicle driving modes. In: Proceedings of ACM Workshop on Automotive Cybersecurity, pp. 9–14 (2019)
Lee, H., Jeong, S.H., Kim, H.K.: OTIDS: a novel IDS for an in-vehicle network by using remote frame. In: Proceedings of Conference on Privacy, Security and Trust, pp. 5709–5757 (2017)
Halder, S., Conti, M., Das, S.K.: COIDS: a clock offset based intrusion detection system for controller area networks. In: Proceedings Distributed Computing and Networking, pp. 1–10 (2020)
Cho, K.-T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Proceedings of USENIX Security Symposium, pp. 911–927 (2016)
Choi, W., et al.: Voltageids: low-level communication characteristics for automotive IDS. IEEE Trans. Inf. Forensics Secur. 13(8), 2114–2129 (2018)
Weber, M., et al.: Embedded hybrid anomaly detection for automotive CAN communication. In: Proceedings of Embedded Real-Time Software and System Congress (2018)
Wasicek, A.R., et al.: Context-aware intrusion detection in automotive control system. In: Proceedings of Embedded Security in Cars Conference (2017)
Seo, E., Song, H.M., Kim, H.K.: GIDS: GAN based intrusion detection system for in-vehicle network. In: Proceedings of Conference on Privacy, Security and Trust, pp. 1–6 (2018)
Vasistha, D.K.: Detecting anomalies in controller area network for automobiles. MSc. thesis, Department Computer Engineering, University of Texas A&M (2017)
Rieke, R., et al.: Behavior analysis for safety and security in automotive systems. In: Proceedings of Conference on Parallel, Distributed and Network Proceedings, pp. 381–385 (2017)
Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of ID sequences. In: IEEE Intelligent Vehicles Symposium (2017)
Stabili, D., Marchetti, M., Colajanni, M.: Detecting attacks to internal vehicle networks through hamming distance. In: Proceedings of AEIT International Conference, pp. 1–6, September 2017
Olufowobi, H., et al.: Anomaly detection approach using adaptive cumulative sum algorithm for controller area network. In: Proceedings of ACM Workshop on Automotive Cybersecurity, pp. 5–10 (2019)
Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: Proceedings of IEEE Intelligence on Vehicles Symposiu, pp. 1110–1115 (2011)
Wu, W., et al.: Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks. IEEE Access 6, 45233–45245 (2018)
Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: Proceedings of IEEE Intelligent Vehicles Symposium, pp. 220–225 (2008)
Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for CAN bus. In: Proceedings of World Congress on Industrial Control Systems Security, pp. 45–49 (2015)
Olufowobi, H., et al.: SAIDuCANT: specification-based automotive intrusion detection using controller area network timing. IEEE Trans. Veh. Technol. 69(2), 1484–1494 (2020)
Kleine-Budde, M.: SocketCAN: the official CAN API of the Linux kernel. In: Proceedings of CAN Conference, pp. 5–17 (2012)
CanberryDual, Industrialberry, 19 June 2021. http://www.industrialberry.com/canberry-v-2-1-isolated
OBD dev kit, Scantool, 19 June 2021. https://www.scantool.net/obd-development-kit
Serial Console, Sourceforce, 19 June 2021. https://sourceforge.net/projects/serialconsole
Ginkgo UART-CAN, Viewtool, 19 June 2021. http://www.viewtool.com/index.php/en/27-2016-07-29-02-13-53/44-ginkgo-usb-can-9
Car-Hacking Dataset, HCRL, 19 June 2021. https://sites.google.com/a/hksecurity.net/ocslab/Datasets
CUSUM Charts, 19 June 2020. https://www.spcforexcel.com/knowledge/variable-control-charts
Page, E.S.: Continuous inspection schemes. Biometrika 41(1), 100–115 (1954)
Poor, H.V., Hadjiliadis, O.: Quickest Detection. Cambridge University Press, Cambridge (2009)
Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Applications. Prentice Hall, Hoboken (1993)
Acknowledgment
The authors acknowledge support from EU Horizon 2020 project AVANGARD (Contract No. 869986).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Grammatikakis, M.D., Mouzakitis, N., Kypraios, L., Papatheodorou, N. (2022). DoS Detection on In-Vehicle Networks: Evaluation on an Experimental Embedded System Platform. In: Saponara, S., De Gloria, A. (eds) Applications in Electronics Pervading Industry, Environment and Society. ApplePies 2021. Lecture Notes in Electrical Engineering, vol 866. Springer, Cham. https://doi.org/10.1007/978-3-030-95498-7_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-95498-7_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95497-0
Online ISBN: 978-3-030-95498-7
eBook Packages: EngineeringEngineering (R0)