Unsupervised Time Series Extraction from Controller Area Network Payloads

TL;DR

This paper presents an unsupervised method for extracting individual time series from vehicle CAN bus payloads, enabling better security analysis without manufacturer documentation or proprietary information.

Contribution

It introduces a novel bit-level transition analysis and greedy grouping strategy for tokenizing CAN data payloads without supervision.

Findings

Effective extraction of time series from CAN payloads demonstrated

Method enables security auditing without manufacturer documentation

Supports intrusion detection in automotive networks

Abstract

This paper introduces a method for unsupervised tokenization of Controller Area Network (CAN) data payloads using bit level transition analysis and a greedy grouping strategy. The primary goal of this proposal is to extract individual time series which have been concatenated together before transmission onto a vehicle's CAN bus. This process is necessary because the documentation for how to properly extract data from a network may not always be available; passenger vehicle CAN configurations are protected as trade secrets. At least one major manufacturer has also been found to deliberately misconfigure their documented extraction methods. Thus, this proposal serves as a critical enabler for robust third-party security auditing and intrusion detection systems which do not rely on manufacturers sharing confidential information.