Beatrix Koltai, András Gazdag, and Gergely Ács
Improving CAN anomaly detection with correlation-based signal clustering
Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.
Reference:
DOI: 10.36244/ICJ.2023.4.3
Please cite this paper the following way:
Beatrix Koltai, András Gazdag, and Gergely Ács, "Improving CAN anomaly detection with correlation-based signal clustering", Infocommunications Journal, Vol. XV, No 4, December 2023, pp. 17-25., https://doi.org/10.36244/ICJ.2023.4.3