2020 Volume 28 Pages 611-622
Nowadays, vehicles are equipped with multiple Electronic Control Units (ECUs) each of which communicates with one another using a specification called Controller Area Network (CAN). CAN provides its own share of benefits in modernizing automobiles, but it also brought along a security issue to the automotive industry. CAN bus does not have any mechanism for encrypting or authenticating CAN payloads. As a countermeasure against these drawbacks, we have experimented on identifying intrusions in the CAN bus using Long Short-Term Memory Networks (LSTM). LSTM networks are trained with features extracted from reverse engineered packets. In a specific range of time windows, we have extracted three parameters, the number of packets, the bit flip rate and the average time difference that are used to train LSTM. The trained LSTM is later then used to predict all the three features which will be combined to a single anomaly signal using a root mean squared error. Depending on which side of the threshold appears the anomaly signal value, we managed to identify anomalies in an acceptable performance rate, up to F1 score of 98%. We have tested our methods with a variety of attacks on the CAN bus and demonstrated how effective our detection methods is.
