CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus

TL;DR

This paper introduces CANDoSA, a novel intrusion detection system for automotive CAN bus that leverages hardware performance counters to identify cyber attacks, enhancing vehicle cybersecurity.

Contribution

It presents a new HPC-based IDS for CAN bus, utilizing RISC-V simulation and data correlation to improve attack detection accuracy.

Findings

Effective detection of cyber attacks on CAN bus

Enhanced security through HPC feature optimization

Potential for real-time automotive cybersecurity improvements

Abstract

The Controller Area Network (CAN) protocol, essential for automotive embedded systems, lacks inherent security features, making it vulnerable to cyber threats, especially with the rise of autonomous vehicles. Traditional security measures offer limited protection, such as payload encryption and message authentication. This paper presents a novel Intrusion Detection System (IDS) designed for the CAN environment, utilizing Hardware Performance Counters (HPCs) to detect anomalies indicative of cyber attacks. A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks, which trigger distinct HPC responses. Key HPC features are optimized through data extraction and correlation analysis to enhance classification efficiency. Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.