A Survey of Anomaly Detection in In-Vehicle Networks

TL;DR

This survey reviews recent anomaly detection methods for in-vehicle CAN bus networks, comparing deep learning and conventional techniques, and discusses challenges and open research problems in vehicle cybersecurity.

Contribution

It provides a comprehensive evaluation of existing CAN bus anomaly detection methods, analyzing their algorithms, datasets, strengths, and weaknesses, and highlights future research challenges.

Findings

Deep learning methods show promise but have limitations in real-time detection.

Conventional techniques are simpler but less effective against complex attacks.

There are significant open challenges in dataset availability and method robustness.

Abstract

Modern vehicles are equipped with Electronic Control Units (ECU) that are used for controlling important vehicle functions including safety-critical operations. ECUs exchange information via in-vehicle communication buses, of which the Controller Area Network (CAN bus) is by far the most widespread representative. Problems that may occur in the vehicle's physical parts or malicious attacks may cause anomalies in the CAN traffic, impairing the correct vehicle operation. Therefore, the detection of such anomalies is vital for vehicle safety. This paper reviews the research on anomaly detection for in-vehicle networks, more specifically for the CAN bus. Our main focus is the evaluation of methods used for CAN bus anomaly detection together with the datasets used in such analysis. To provide the reader with a more comprehensive understanding of the subject, we first give a brief review of related studies on time series-based anomaly detection. Then, we conduct an extensive survey of recent deep learning-based techniques as well as conventional techniques for CAN bus anomaly detection. Our comprehensive analysis delves into anomaly detection algorithms employed in in-vehicle networks, specifically focusing on their learning paradigms, inherent strengths, and weaknesses, as well as their efficacy when applied to CAN bus datasets. Lastly, we highlight challenges and open research problems in CAN bus anomaly detection.