The smart features of modern cars are enabled by a number of Electronic
Control Units (ECUs) components that communicate through an in-vehicle network,
known as Controller Area Network (CAN) bus. The fundamental challenge is the
security of the communication link where an attacker can inject messages (e.g.,
increase the speed) that may impact the safety of the driver. Developing an
effective defensive security solution depends on the knowledge of the identity
of the ECUs, which is proprietary information. This paper proposes a message
injection attack detection mechanism that is independent of the IDs of the
ECUs, which is achieved by capturing the patterns in the message sequences.
First, we represent the sequencing ofther messages in a given time-interval as
a direct graph and compute the similarities of the successive graphs using the
cosine similarity and Pearson correlation. Then, we apply threshold, change
point detection, and Long Short-Term Memory (LSTM)-Recurrent NeuralNetwork
(RNN) to detect and predict malicious message injections into the CAN bus. The
evaluation of the methods using a dataset collected from a moving vehicle under
malicious RPM and speed reading message injections show a detection accuracy of
98.45% when using LSTM-RNN and 97.32% when using a threshold method. Further,
the pace of detecting the change isfast for the case of injection of RPM
reading messagesbut slow for the case of injection of speed readingsmessages.

By admin