Graph-Based Intrusion Detection System for Controller Area Networks

TL;DR

This paper introduces a novel graph-based intrusion detection system for CAN networks in vehicles, utilizing a four-stage approach with chi-squared analysis to effectively identify various cyber attacks, enhancing security in automotive communication.

Contribution

It presents the first graph-based defense system for CAN, demonstrating improved accuracy and low misclassification rates against multiple cyber attack types.

Findings

Low misclassification rates for different attacks

Up to 13.73% better accuracy than existing methods

Effective detection of DoS, fuzzy, replay, and spoofing attacks

Abstract

The controller area network (CAN) is the most widely used intra-vehicular communication network in the automotive industry. Because of its simplicity in design, it lacks most of the requirements needed for a security-proven communication protocol. However, a safe and secured environment is imperative for autonomous as well as connected vehicles. Therefore CAN security is considered one of the important topics in the automotive research community. In this paper, we propose a four-stage intrusion detection system that uses the chi-squared method and can detect any kind of strong and weak cyber attacks in a CAN. This work is the first-ever graph-based defense system proposed for the CAN. Our experimental results show that we have a very low 5.26% misclassification for denial of service (DoS) attack, 10% misclassification for fuzzy attack, 4.76% misclassification for replay attack, and no misclassification for spoofing attack. In addition, the proposed methodology exhibits up to 13.73% better accuracy compared to existing ID sequence-based methods.