TTIDS: Transmission-Resuming Time-Based Intrusion Detection System for Controller Area Network (CAN)
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Seyoung | - |
dc.contributor.author | Jo, Hyo Jin | - |
dc.contributor.author | Cho, Aram | - |
dc.contributor.author | Lee, Dong Hoon | - |
dc.contributor.author | Choi, Wonsuk | - |
dc.date.accessioned | 2022-08-15T05:40:28Z | - |
dc.date.available | 2022-08-15T05:40:28Z | - |
dc.date.created | 2022-08-12 | - |
dc.date.issued | 2022 | - |
dc.identifier.issn | 2169-3536 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/143235 | - |
dc.description.abstract | Modern vehicles are becoming complex cyber-physical systems equipped with numerous electronic control units (ECUs). Over the controller area network (CAN), these ECUs communicate with each other to share information related to vehicle status as well as commands to efficiently control the vehicle. However, the increasing complexity of modern vehicles has inadvertently expanded potential attack surfaces, making them vulnerable to cyber attacks. In light of this, researchers are currently working to demonstrate remote vehicle maneuvering by compromising ECUs, and as a countermeasure to such malicious manipulation, to study automotive intrusion detection systems (IDSs) as potential remedies. In general, CAN messages are transmitted periodically, and as such, many researchers have relied on frequency-based IDSs in their solutions proposals. However, an attacker can bypass this defense by suspending the communication of the target ECU from the network and injecting malicious messages with the same frequency as the suspended messages. As a result, an attacker is able to masquerade as the original transmission frequency. In this paper, we propose a Transmission-resuming Time-based IDS (TTIDS), which is designed to detect such attacks. TTIDS detects when an ECU periodically transmitting messages is suspended, and then it estimates when the suspended ECU resumes periodic transmission. With this projection, TTIDS detects malicious messages transmitted while the ECU is suspended. We conduct the evaluation of TTIDS on two real vehicles and present the results, which show the TTIDS is able to effectively detect an enhanced attack that bypasses existing frequency-based IDSs with a false positive rate of 0.213% and a false negative rate of 0.027%. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | - |
dc.subject | AUTHENTICATION | - |
dc.title | TTIDS: Transmission-Resuming Time-Based Intrusion Detection System for Controller Area Network (CAN) | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Dong Hoon | - |
dc.identifier.doi | 10.1109/ACCESS.2022.3174356 | - |
dc.identifier.scopusid | 2-s2.0-85131286385 | - |
dc.identifier.wosid | 000798484400001 | - |
dc.identifier.bibliographicCitation | IEEE ACCESS, v.10, pp.52139 - 52153 | - |
dc.relation.isPartOf | IEEE ACCESS | - |
dc.citation.title | IEEE ACCESS | - |
dc.citation.volume | 10 | - |
dc.citation.startPage | 52139 | - |
dc.citation.endPage | 52153 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.isOpenAccess | Y | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordPlus | AUTHENTICATION | - |
dc.subject.keywordAuthor | Payloads | - |
dc.subject.keywordAuthor | Automotive engineering | - |
dc.subject.keywordAuthor | Processor scheduling | - |
dc.subject.keywordAuthor | Intrusion detection | - |
dc.subject.keywordAuthor | Standards | - |
dc.subject.keywordAuthor | Software | - |
dc.subject.keywordAuthor | Hardware | - |
dc.subject.keywordAuthor | Automotive security | - |
dc.subject.keywordAuthor | controller area network (CAN) | - |
dc.subject.keywordAuthor | electronic control unit (ECU) | - |
dc.subject.keywordAuthor | intrusion detection system (IDS) | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.