Attacker Identification and Intrusion Detection for In-Vehicle Networks

As the most wide-spread in-vehicle data bus protocol, CAN (Controller Area Network) has attracted more and more attention due to its lack of security protection mechanism. A variety of attacks against CAN bus have emerged, posing serious threat to vehicle safety. Accordingly, some methods have been proposed to detect CAN bus attacks, however, they have certain shortcomings such as additional computing burden and obvious false detection rate. Therefore, using the physical characteristics of voltage signal on CAN bus, we propose an LOF (Local Outlier Factor)-based intrusion detection method, which can greatly reduce the false detection rate as well as improve the detection accuracy. The modification of CAN protocol and the additional computation burden can also be avoided. In addition, to the best of our knowledge, we are the first to implement bus-off intrusion detection on real vehicles.