Research And Implementation Of In-Vehicle CAN Bus Anomaly Detection Method

With the development of intelligent networked vehicles,vehicles are deployed with more and more on-board information functions and applications.These information functions and applications not only bring convenience to people’s transportation,but also increase the internal and external access interfaces of the vehicle,which leads to some security risks.As the most widely used vehicle communication network at present,the controller area network(CAN),which undertakes the important responsibility of maintaining the information interaction between key electronic control units of vehicle,has undoubtedly become the preferred entry point for malicious attackers to implement malicious intrusion because of its lack of security protection mechanism and means.Therefore,the research on information security of CAN bus is particularly important.At present,many approaches have been proposed for the security protection of CAN bus,including encryption,identity authentication,message authentication and anomaly detection.However,due to the characteristics of CAN bus protocol and the constraints of vehicle implementation environment,the application of security protection methods based on encryption and authentication is facing great challenges.The approach based on anomaly detection ensures the security of CAN bus by constructing a learning model that can identify the abnormal behavior on CAN bus,which can make up for the deficiency of security protection methods based on encryption and authentication.Therefore,it has become an effective method to solve the problem of information security of CAN bus.Based on the information security of CAN bus,this paper analyzes various attack types faced by CAN bus in detail,and puts forward two anomaly detection approaches combined with the characteristics of CAN bus protocol and attacks:(1)An anomaly detection approach based on dynamic time warping(DTW)distance,it proposes a CAN ID conversion algorithm,and divides the converted ID sequence into multiple waves.The anomaly is identified by calculating the DTW distance between waves.(2)An anomaly detection approach based on graph pattern matching is proposed,the CAN traffic is expressed by the structure of graph.The matching degree of graph pattern is tested and the anomaly is identified by calculating the distance between CAN traffic graphs.In this paper,the two approaches are double verified in the public data set and real vehicle environment,and six performance indexes are selected for performance evaluation.The experimental results show that the two approaches have good detection performance for DoS,Fuzzy,Injection,Flooding,Spoofing,Replay and Suppression attacks,and the F1-score can reach 99.49%at most.