入侵检测系统
CAN总线
假阳性悖论
异常检测
计算机科学
实时计算
控制器(灌溉)
假阳性和假阴性
汽车工业
网络安全
信息物理系统
嵌入式系统
计算机网络
工程类
数据挖掘
人工智能
操作系统
农学
航空航天工程
生物
作者
Habeeb Olufowobi,Clinton Young,Joseph Zambreno,Gedare Bloom
出处
期刊:IEEE Transactions on Vehicular Technology
[Institute of Electrical and Electronics Engineers]
日期:2019-12-24
卷期号:69 (2): 1484-1494
被引量:147
标识
DOI:10.1109/tvt.2019.2961344
摘要
The proliferation of embedded devices in modern vehicles has opened the traditionally-closed vehicular system to the risk of cybersecurity attacks through physical and remote access to the in-vehicle network such as the controller area network (CAN). The CAN bus does not implement a security protocol that can protect the vehicle against the increasing cyber and physical attacks. To address this risk, we introduce a novel algorithm to extract the real-time model parameters of the CAN bus and develop SAIDuCANT, a specification-based intrusion detection system (IDS) using anomaly-based supervised learning with the real-time model as input. We evaluate the effectiveness of SAIDuCANT with real CAN logs collected from two passenger cars and on an open-source CAN dataset collected from real-world scenarios. Experimental results show that SAIDuCANT can effectively detect data injection attacks with low false positive rates. Over four real attack scenarios from the open-source dataset, SAIDuCANT observes at most one false positive before detecting an attack whereas other detection approaches using CAN timing features detect on average more than a hundred false positives before a real attack occurs.
科研通智能强力驱动
Strongly Powered by AbleSci AI