WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)

Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, prop...

Full description

Bibliographic Details
Main Authors: Mehmet Bozdal, Mohammad Samie, Ian K. Jennions
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
Controller area network
intrusion detection
in-vehicle network
wavelet analysis
Online Access:https://ieeexplore.ieee.org/document/9402263/
id doaj-5779c3c46f1f4d4c9f18ebfcf16a760a
record_format Article
spelling doaj-5779c3c46f1f4d4c9f18ebfcf16a760a2021-04-20T23:00:32ZengIEEEIEEE Access2169-35362021-01-019586215863310.1109/ACCESS.2021.30730579402263WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)Mehmet Bozdal0https://orcid.org/0000-0002-2081-7101Mohammad Samie1https://orcid.org/0000-0002-8850-5606Ian K. Jennions2https://orcid.org/0000-0002-5752-1873IVHM Centre, Cranfield University, Bedford, U.KIVHM Centre, Cranfield University, Bedford, U.KIVHM Centre, Cranfield University, Bedford, U.KVehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network’s transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.https://ieeexplore.ieee.org/document/9402263/Controller area networkintrusion detectionin-vehicle networkwavelet analysis
collection DOAJ
language English
format Article
sources DOAJ
author Mehmet Bozdal
Mohammad Samie
Ian K. Jennions
spellingShingle Mehmet Bozdal
Mohammad Samie
Ian K. Jennions
WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
IEEE Access
Controller area network
intrusion detection
in-vehicle network
wavelet analysis
author_facet Mehmet Bozdal
Mohammad Samie
Ian K. Jennions
author_sort Mehmet Bozdal
title WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
title_short WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
title_full WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
title_fullStr WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
title_full_unstemmed WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN)
title_sort winds: a wavelet-based intrusion detection system for controller area network (can)
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2021-01-01
description Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network’s transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.
topic Controller area network
intrusion detection
in-vehicle network
wavelet analysis
url https://ieeexplore.ieee.org/document/9402263/
work_keys_str_mv AT mehmetbozdal windsawaveletbasedintrusiondetectionsystemforcontrollerareanetworkcan
AT mohammadsamie windsawaveletbasedintrusiondetectionsystemforcontrollerareanetworkcan
AT iankjennions windsawaveletbasedintrusiondetectionsystemforcontrollerareanetworkcan
_version_ 1721517367030185984

Similar Items