Research On Anomaly Detection Technology For CAN Bus Of Intelligent Connected Cars

With the development and application of technologies such as the Internet,artificial intelligence,cloud computing,big data and 5G,cars are no longer a simple mechanical system like before.Today’s cars are equipped with various ECU and sensors.With the increasing functions of modern cars and the increasingly network connection,the exposed attack surface is also getting larger and larger.In view of the attack threats faced by intelligent networked cars,it is extremely important to explore the security protection methods suitable for the on-board CAN bus.However,most of the current anomaly detection models have a single detection form and low reliability,which cannot meet the practical needs of intelligent connected car safety protection.Therefore,the research on CAN bus anomaly detection technology for intelligent connected cars is of great significance.Based on the analysis of the intelligent connected car network system architecture and the CAN bus communication protocol,this article has conducted extensive research on its existing safety issues,and summarized common anomaly detection models of CAN bus.Aiming at the possible threats of CAN bus,an anomaly detection model was proposed.The main work and innovations are summarized as follows:(1)anomaly detection model of CAN bus based on the data domain content is proposed.According to the characteristics of the CAN bus message data domain,an anomaly detection model is designed.The Markov distance confidence intervals for normal messages of different CAN ID are given,and then tampering attacks are simulated.Experiments show that the detection rate of different CAN ID is above 92%.Finally,the computational complexity and memory usage of the algorithm are analyzed,which shows that the detection model is suitable to be implemented on common lowend ECU.(2)The normal cycles of different CAN ID are analyzed and summarized.The timestamps of the extracted CAN messages are added to the feature set as new features.Integrate multiple different time series algorithms,and finally use the voting mechanism to make anomalous data domain decisions.(3)An anomaly detection model based on time series is proposed.Analyze different attack behaviors from the perspective of time domain and data domain.For tampering attacks,the time period of the message is not abnormal,but the data domain content is abnormal.For an insertion attack,the time interval for receiving the CAN ID message is shorter than its normal period.For a drop attack,the time interval for receiving the CAN ID message is greater than its normal period.Experiments show that the detection model for tampering attacks has a detection rate of more than 95% for different CAN ID.For insertion attacks,the detection rate increases as the number of inserted data frames increases.For drop attacks,the model shows very good detection results.The security protection of intelligent connected cars is a relatively new field.This article has preliminary studied the anomaly detection technology applicable to the onboard CAN bus,which has positive significance for the safety protection of intelligent connected cars.