WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
Autor: | Mehmet Bozdal, Mohammad Samie, Ian K. Jennions |
---|---|
Rok vydání: | 2021 |
Předmět: |
021110 strategic
defence & security studies General Computer Science Computer science intrusion detection wavelet analysis Real-time computing 0211 other engineering and technologies General Engineering Wavelet transform 020206 networking & telecommunications 02 engineering and technology Intrusion detection system Thresholding TK1-9971 CAN bus Wavelet 0202 electrical engineering electronic engineering information engineering Overhead (computing) General Materials Science Electrical engineering. Electronics. Nuclear engineering False alarm in-vehicle network Controller area network Continuous wavelet transform |
Zdroj: | IEEE Access, Vol 9, Pp 58621-58633 (2021) |
ISSN: | 2169-3536 |
Popis: | Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network’s transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms. |
Databáze: | OpenAIRE |
Externí odkaz: |