Controller Area Network (CAN) is an in-vehicle communication protocol, which provides an efficient and reliable communication link between Electronic Control Units (ECUs) in real time. Recent studies have shown that attackers can take remote control of the targeted vehicle by exploiting the vulnerabilities of the CAN protocol. Motivated by this fact, we propose an Intrusion Detection System (IDS), called Clock Offset-based IDS (COIDS), to monitor in-vehicle network activities to detect any intrusion. Precisely, COIDS measures and then exploits the clock offset of transmitter ECU's clock for fingerprinting ECU. COIDS next leverages the derived fingerprints to construct a baseline of ECU's normal clock behavior using an active learning technique. Based on the baseline of normal behavior, COIDS uses the Cumulative Sum method to detect any abnormal deviation in clock offset. Further, COIDS uses a sequential change-point detection technique to determine the exact time of intrusion. Generally, COIDS has to run on every ECU to monitor the network behavior. This can turn out to be a significant power overhead for a hardware-constrained ECU. Thus, we next develop a cooperative game model to optimize the active time duration of COIDS in an ECU. We performed exhaustive experiments on real world publicly available datasets primarily to assess the effectiveness of COIDS against a wide range of in-vehicle network attacks. Our results show that COIDS detects intrusions faster than the best performed IDS in the state-of-the-art. Further, the results show that our designed cooperative game model significantly reduces the power overhead of the ECU without compromising the performance.
A holistic approach to power efficiency in a clock offset based Intrusion Detection Systems for Controller Area Networks
Halder S.;Conti M.;Das S. K.
2021
Abstract
Controller Area Network (CAN) is an in-vehicle communication protocol, which provides an efficient and reliable communication link between Electronic Control Units (ECUs) in real time. Recent studies have shown that attackers can take remote control of the targeted vehicle by exploiting the vulnerabilities of the CAN protocol. Motivated by this fact, we propose an Intrusion Detection System (IDS), called Clock Offset-based IDS (COIDS), to monitor in-vehicle network activities to detect any intrusion. Precisely, COIDS measures and then exploits the clock offset of transmitter ECU's clock for fingerprinting ECU. COIDS next leverages the derived fingerprints to construct a baseline of ECU's normal clock behavior using an active learning technique. Based on the baseline of normal behavior, COIDS uses the Cumulative Sum method to detect any abnormal deviation in clock offset. Further, COIDS uses a sequential change-point detection technique to determine the exact time of intrusion. Generally, COIDS has to run on every ECU to monitor the network behavior. This can turn out to be a significant power overhead for a hardware-constrained ECU. Thus, we next develop a cooperative game model to optimize the active time duration of COIDS in an ECU. We performed exhaustive experiments on real world publicly available datasets primarily to assess the effectiveness of COIDS against a wide range of in-vehicle network attacks. Our results show that COIDS detects intrusions faster than the best performed IDS in the state-of-the-art. Further, the results show that our designed cooperative game model significantly reduces the power overhead of the ECU without compromising the performance.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.