ClockIDS: A Real-Time Vehicle Intrusion Detection System Based on Clock Skew

Although intelligent connected vehicles (ICVs) can better assist drivers and improve their driving experience, they have huge network security problems and are frequently attacked. This is because the vehicle network is connected to the Internet, which expands the attack surface of ICV, and attackers have more ways to launch attacks. In recent years, many security experts fight against attackers and propose various types of vehicle intrusion detection systems (IDSs) to protect the controller area network (CAN). However, with the continuous enhancement of attack means, especially the appearance of the masquerade attack, most IDSs are no longer applicable. In this article, we design a new fingerprint-based vehicle IDS to protect the CAN, called ClockIDS. It establishes a unique fingerprint for each electronic control unit (ECU) based on clock skew. On this basis, ClockIDS realizes the functions of intrusion detection and attack source identification by utilizing the empirical rule and dynamic time warping. It neither occupies the bandwidth of CAN bus nor needs to modify the CAN protocol. Our experiments on two real vehicles show that ClockIDS can establish a unique fingerprint for ECU without being affected by the size of message period, and can detect three types of attack with a detection accuracy of 98.63%. In addition, this system can identify the attack source, and the average recognition accuracy is 96.77%. Furthermore, ClockIDS has high real-time performance, and the average time cost of each detection is only 1.99 ms.