网络与信息安全学报 (Feb 2020)
CAN bus flood attack detection based on communication characteristics
Abstract
CAN has become the most extensive fieldbus for contemporary automotive applications due to its outstanding reliability and flexibility.However,the standard CAN protocol does not provide sufficient security measures and is vulnerable to eavesdropping,replay,flooding,and denial of service attacks.In order to effectively detect whether the CAN bus is attacked,and to filter malicious messages when subjected to flooding attacks.The characteristics of vehicle CAN bus message communication were analyzed,and an intrusion detection method was proposed,which could effectively perform intrusion detection and malicious message filtering.Through experimental verification,the method can detect whether the CAN bus is attacked by 100%,and the accuracy of malicious packet filtering can reach over 99%.