CAN bus flood attack detection based on communication characteristics
JI Yimu, LIU Shangdong,
JIAO Zhipeng, SUN Jing, WANG Na, CHEN Zhiyu, BI Qiang, TIAN Penghao,
WU Fei
Affiliations
JI Yimu, LIU Shangdong
School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China ;Jiangsu Key Laboratory of High-Tech Research on Wireless Sensor Networks, Nanjing University of Posts and Telecommunications, Nanjing 210023, China ; Institute of High Performance Computing and Big Data Processing, Nanjing University of Posts and Telecommunications, Nanjing 210023, China; Research Center for High Performance Computing and Intelligent Processing Engineering, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
JIAO Zhipeng, SUN Jing, WANG Na, CHEN Zhiyu, BI Qiang, TIAN Penghao
School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China;Institute of High Performance Computing and Big Data Processing, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
WU Fei
Institute of High Performance Computing and Big Data Processing, Nanjing University of Posts and Telecommunications, Nanjing 210023, China;School of Automation, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
CAN has become the most extensive fieldbus for contemporary automotive applications due to its outstanding reliability and flexibility. However, the standard CAN protocol does not provide sufficient security measures and is vulnerable to eavesdropping, replay, flooding, and denial of service attacks. In order to effectively detect whether the CAN bus is attacked, and to filter malicious messages when subjected to flooding attacks. The characteristics of vehicle CAN bus message communication were analyzed, and an intrusion detection method was proposed, which could effectively perform intrusion detection and malicious message filtering. Through experimental verification, the method can detect whether the CAN bus is attacked by 100%, and the accuracy of malicious packet filtering can reach over 99%.
