Evaluation framework for network intrusion detection systems for in-vehicle CAN

Guillaume Dupont; Jerry Den Hartog; Sandro Etalle; Alexios Lekidis

doi:10.1109/ICCVE45908.2019.8965028

Evaluation framework for network intrusion detection systems for in-vehicle CAN

Guillaume Dupont, Jerry Den Hartog, Sandro Etalle, Alexios Lekidis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

7 Citations (Scopus)

Abstract

Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that 'meaning-aware' detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.

Original language	English
Title of host publication	2019 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers
ISBN (Electronic)	9781728101422
DOIs	https://doi.org/10.1109/ICCVE45908.2019.8965028
Publication status	Published - Nov 2019
Event	8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Graz, Austria Duration: 4 Nov 2019 → 8 Nov 2019

Conference

Conference	8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019
Country/Territory	Austria
City	Graz
Period	4/11/19 → 8/11/19

Keywords

CAN bus
Car hacking
In-vehicle networks
Intrusion detection

Access to Document

10.1109/ICCVE45908.2019.8965028

Cite this

@inproceedings{3dedf61e200e4d8f9404d5a379d3fbf6,

title = "Evaluation framework for network intrusion detection systems for in-vehicle CAN",

abstract = "Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that 'meaning-aware' detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.",

keywords = "CAN bus, Car hacking, In-vehicle networks, Intrusion detection",

author = "Guillaume Dupont and {Den Hartog}, Jerry and Sandro Etalle and Alexios Lekidis",

year = "2019",

month = nov,

doi = "10.1109/ICCVE45908.2019.8965028",

language = "English",

booktitle = "2019 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 ; Conference date: 04-11-2019 Through 08-11-2019",

}

Dupont, G , Den Hartog, J , Etalle, S & Lekidis, A 2019, Evaluation framework for network intrusion detection systems for in-vehicle CAN. in 2019 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Proceedings., 8965028, Institute of Electrical and Electronics Engineers, 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019, Graz, Austria, 4/11/19. https://doi.org/10.1109/ICCVE45908.2019.8965028

Evaluation framework for network intrusion detection systems for in-vehicle CAN. / Dupont, Guillaume ; Den Hartog, Jerry ; Etalle, Sandro et al.

2019 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Proceedings. Institute of Electrical and Electronics Engineers, 2019. 8965028.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Evaluation framework for network intrusion detection systems for in-vehicle CAN

AU - Dupont, Guillaume

AU - Den Hartog, Jerry

AU - Etalle, Sandro

AU - Lekidis, Alexios

PY - 2019/11

Y1 - 2019/11

N2 - Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that 'meaning-aware' detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.

AB - Modern vehicles are complex safety critical cyber physical systems, that are connected to the outside world, with all security implications it brings. Different network intrusion detection systems (NIDSs) proposed for the CAN bus, the predominant type of in-vehicle network, to improve security are hard to compare due to disparate evaluation methods adopted. In this paper we provide the means to compare CAN NIDSs on equal footing and evaluate the ones detailed in the literature. Based on this we observe some limitation of existing approaches and why in the CAN setting it is intrinsically difficult to distinguish benign from malicious payload. We argue that 'meaning-aware' detection (a concept we define) which is challenging (but perhaps not impossible) to create for this setting.

KW - CAN bus

KW - Car hacking

KW - In-vehicle networks

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=85079321248&partnerID=8YFLogxK

U2 - 10.1109/ICCVE45908.2019.8965028

DO - 10.1109/ICCVE45908.2019.8965028

M3 - Conference contribution

AN - SCOPUS:85079321248

BT - 2019 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers

T2 - 8th IEEE International Conference on Connected Vehicles and Expo, ICCVE 2019

Y2 - 4 November 2019 through 8 November 2019

ER -

Evaluation framework for network intrusion detection systems for in-vehicle CAN

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this