Skip to main content
SHARE
Publication

CANShield: Signal-based Intrusion Detection for Controller Area Networks...

by Md Shahriar, Yang Xiao, Pablo A Moriano Salazar, Wenjing Lou, Thomas Hou
Publication Type
Conference Paper
Book Title
Embedded Security in Cars (ESCAR) USA Conference 2022
Publication Date
Page Numbers
1 to 15
Publisher Location
Detroit, Michigan, United States of America
Conference Name
Embedded Security in Cars (ESCAR USA Conference 2022)
Conference Location
Detroit, Michigan, United States of America
Conference Sponsor
isits AG International School of IT Security AG
Conference Date
-

Modern vehicles rely on complex cyber-physical systems made up of hundreds of electronic control units (ECUs) connected through controller area network (CAN) buses. However, the CAN bus attack surface is increasing due to advanced features in automobiles, making it prone to injection attacks. The ordinary injection attacks disrupt the typical timing properties of the CAN data stream, and the rule-based intrusion detection systems (IDS) can easily detect them. However, advanced attackers can inject false data to the signal level, maintaining the regular pattern/frequency of the CAN messages. Such attacks can bypass the rule-based IDS or any anomaly-based IDS built on binary payload data. To make the vehicles robust against such intelligent attacks, we propose CANShield, a signal-based intrusion detection framework for the CAN bus that consists of three modules. A data preprocessing module handles the high-dimensional CAN data stream at the signal level and make them suitable for any machine learning model. A data analyzer module consists of multiple deep autoencoder networks, each analyzing the time series data from a different perspective. Finally, an attack detection module uses an ensemble method to make the final decision. Evaluation results on a standard signal-based dataset show the effectiveness of the CANShield in detecting five advanced attacks.