| Item type |
Journal(1) |
| 公開日 |
2018-03-15 |
| タイトル |
|
|
タイトル |
Supervised and Unsupervised Intrusion Detection Based on CAN Message Frequencies for In-vehicle Network |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Supervised and Unsupervised Intrusion Detection Based on CAN Message Frequencies for In-vehicle Network |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
[一般論文] anomaly detection, intrusion detection, in-vehicle network |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_6501 |
|
資源タイプ |
journal article |
| 著者所属 |
|
|
|
Kyoto University |
| 著者所属 |
|
|
|
Kyoto University |
| 著者所属 |
|
|
|
Kyoto University |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属 |
|
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Kyoto University |
| 著者所属(英) |
|
|
|
en |
|
|
Kyoto University |
| 著者所属(英) |
|
|
|
en |
|
|
Kyoto University |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者所属(英) |
|
|
|
en |
|
|
Panasonic Corporation |
| 著者名 |
Takuya, Kuwahara
Yukino, Baba
Hisashi, Kashima
Takeshi, Kishikawa
Junichi, Tsurumi
Tomoyuki, Haga
Yoshihiro, Ujiie
Takamitsu, Sasaki
Hideki, Matsushima
|
| 著者名(英) |
Takuya, Kuwahara
Yukino, Baba
Hisashi, Kashima
Takeshi, Kishikawa
Junichi, Tsurumi
Tomoyuki, Haga
Yoshihiro, Ujiie
Takamitsu, Sasaki
Hideki, Matsushima
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Modern vehicles are equipped with Electronic Control Units (ECUs) and external communication devices. The Controller Area Network (CAN), a widely used communication protocol for ECUs, does not have a security mechanism to detect improper packets; if attackers exploit the vulnerability of an ECU and manage to inject a malicious message, they are able to control other ECUs to cause improper operation of the vehicle. With the increasing popularity of connected cars, it has become an urgent matter to protect in-vehicle networks against security threats. In this paper, we study the applicability of statistical anomaly detection methods for identifying malicious CAN messages in in-vehicle networks. We focus on intrusion attacks of malicious messages. Because the occurrence of an intrusion attack certainly influences the message traffic, we focus on the number of messages observed in a fixed time window to detect intrusion attacks. We formalize features to represent a message sequence that incorporates the number of messages associated with each receiver ID. We collected CAN message data from an actual vehicle and conducted a quantitative analysis of the methods and the features in practical situations. The results of our experiments demonstrated our proposed methods provide fast and accurate detection in various cases.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.26(2018) (online)
DOI http://dx.doi.org/10.2197/ipsjjip.26.306
------------------------------ |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Modern vehicles are equipped with Electronic Control Units (ECUs) and external communication devices. The Controller Area Network (CAN), a widely used communication protocol for ECUs, does not have a security mechanism to detect improper packets; if attackers exploit the vulnerability of an ECU and manage to inject a malicious message, they are able to control other ECUs to cause improper operation of the vehicle. With the increasing popularity of connected cars, it has become an urgent matter to protect in-vehicle networks against security threats. In this paper, we study the applicability of statistical anomaly detection methods for identifying malicious CAN messages in in-vehicle networks. We focus on intrusion attacks of malicious messages. Because the occurrence of an intrusion attack certainly influences the message traffic, we focus on the number of messages observed in a fixed time window to detect intrusion attacks. We formalize features to represent a message sequence that incorporates the number of messages associated with each receiver ID. We collected CAN message data from an actual vehicle and conducted a quantitative analysis of the methods and the features in practical situations. The results of our experiments demonstrated our proposed methods provide fast and accurate detection in various cases.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.26(2018) (online)
DOI http://dx.doi.org/10.2197/ipsjjip.26.306
------------------------------ |
| 書誌レコードID |
|
|
収録物識別子タイプ |
NCID |
|
収録物識別子 |
AN00116647 |
| 書誌情報 |
情報処理学会論文誌
巻 59,
号 3,
発行日 2018-03-15
|
| ISSN |
|
|
収録物識別子タイプ |
ISSN |
|
収録物識別子 |
1882-7764 |
IPSJ-JNL5903036.pdf (722.9 kB)
