Loading [a11y]/accessibility-menu.js
Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2016 IEEE International Confe...

Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks

PDF
Adrian Taylor; Sylvain Leblanc; Nathalie Japkowicz
All Authors

Abstract:

Modern automobiles have been proven vulnerable to hacking by security researchers. By exploiting vulnerabilities in the car's external interfaces, such as wifi, bluetooth...Show More

Metadata

Abstract:

Modern automobiles have been proven vulnerable to hacking by security researchers. By exploiting vulnerabilities in the car's external interfaces, such as wifi, bluetooth, and physical connections, they can access a car's controller area network (CAN) bus. On the CAN bus, commands can be sent to control the car, for example cutting the brakes or stopping the engine. While securing the car's interfaces to the outside world is an important part of mitigating this threat, the last line of defence is detecting malicious behaviour on the CAN bus. We propose an anomaly detector based on a Long Short-Term Memory neural network to detect CAN bus attacks. The detector works by learning to predict the next data word originating from each sender on the bus. Highly surprising bits in the actual next word are flagged as anomalies. We evaluate the detector by synthesizing anomalies with modified CAN bus data. The synthesized anomalies are designed to mimic attacks reported in the literature. We show that the detector can detect anomalies we synthesized with low false alarm rates. Additionally, the granularity of the bit predictions can provide forensic investigators clues as to the nature of flagged anomalies.
Published in: 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA)
Date of Conference: 17-19 October 2016
Date Added to IEEE Xplore: 26 December 2016
ISBN Information:
DOI: 10.1109/DSAA.2016.20
Conference Location: Montreal, QC, Canada
References is not available for this document.
Contents

I. Introduction

Automobiles have evolved from purely mechanical devices to connected computing platforms. Historically the computers in cars were isolated from the outside world, and the security of those systems was not of concern. But in recent years it has become clear that this is no longer the case; hackers have demonstrated that cars are vulnerable to cyber attacks. Such attacks work by leveraging weaknesses in the Electronic Control Units (ECUs) that control the vehicle. The ECUs communicate using the Controller Area Network (CAN) bus standard. In order to control the car, hackers typically gain access through an external interface such as cellular, bluetooth, or devices plugged into the onboard diagnostic port [1], [2]. Once they have gained a foothold, they find a way to transmit packets on the CAN bus crafted to cause specific effects. ECUs will in most cases accept properly formatted packets without authentication, making it is relatively easy to control the vehicle [3], [4]. However, any attack will modify the CAN bus traffic, and such modifications can be detected.

Select All
1.
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, “Comprehensive experimental analyses of automotive attack surfaces,” in Proc. 20th USENIX Security Symposium 2011. Berkeley, CA, USA : USENIX Association, 2011.
Google Scholar
2.
C. Valasek and C. Miller, “Remote Exploitation of an Unaltered Passenger Vehicle,” IOActive Labs Research, Tech. Rep., 2015. [Online]. Available: http://www.ioactive.com/labs/resources-white-papers.html
Google Scholar
3.
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, “Experimental Security Analysis of a Modern Automobile,” in Proc. IEEE Symposium on Security and Privacy 2010, 2010, pp. 447–462.
View Article
Google Scholar
4.
C. Miller and C. Valasek, “Adventures in Automotive Networks and Control Units,” IOActive Labs Research, Tech. Rep., Aug. 2013. [Online]. Available: http://blog.ioactive.com/2013/08/car-hacking-content.html
Google Scholar
5.
A. G. Illera and J. V. Vidal, “Dude, WTF in my CAN! ” Presented at Black Hat Asia 2014. [Online]. Available: https://www.blackhat.com/asia-14/briefings.html
Google Scholar
6.
V. Chandola, A. Banerjee, and V. Kumar, “Anomaly Detection for Discrete Sequences: A Survey,” IEEE Trans. Knowl. Data Eng., vol. 24, no. 5, pp. 823–839, May 2012.
View Article
Google Scholar
7.
R. Maxion and K. Tan, “Anomaly detection in embedded systems,” IEEE Trans. Comput., vol. 51, no. 2, pp. 108–120, Feb. 2002.
View Article
Google Scholar
8.
E. Keogh, J. Lin, and A. Fu, “HOT SAX: efficiently finding the most unusual time series subsequence,” in Proc. Fifth IEEE InternationalConference on Data Mining, Nov. 2005, pp. 226–233.
View Article
Google Scholar
9.
P. Malhotra, L. Vig, G. Shroff, and P. Agarwal, “Long Short Term Memory Networks for Anomaly Detection in Time Series,” in Proc. 23rd European Symposium On Artificial Neural Networks, Computational Intelligence and Machine Learning, Bruges, Belgium, 2015, pp. 89–94.
Google Scholar
10.
S. Chauhan and L. Vig, “Anomaly detection in ECG time signals via deep long short-term memory networks,” in Proc. IEEE InternationalConference on Data Science and Advanced Analytics (DSAA), 2015. 36678 2015, Oct. 2015, pp. 1–7.
View Article
Google Scholar
11.
A. Nanduri and L. Sherry, “Anomaly detection in aircraft data using Recurrent Neural Networks (RNN),” in Proc. 2016 Integrated Communications Navigation and Surveillance, Apr. 2016, pp. 5C2–1-5C2-8.
View Article
Google Scholar
12.
P. Malhotra, A. Ramakrishnan, G. Anand, L. Vig, P. Agarwal, and G. Shroff, “LSTM-based Encoder-Decoder for Multisensor Anomaly Detection,” in Presented at ICML 2016 Anomaly Detection Workshop, New York, NY, Jul. 2016. [Online]. Available: https://arxiv.org/abs/1607.00148
Google Scholar
13.
S. Zhai, Y. Cheng, W. Lu, and Z. Zhang, “Deep Structured Energy Based Models for Anomaly Detection,” in Proc. 33rd InternationalConference on Machine Learning, 2016, pp. 1100–1109.
Google Scholar
14.
M. Soelch, J. Bayer, M. Ludersdorfer, and P. van der Smagt, “Variational Inference for On-line Anomaly Detection in High-Dimensional Time Series,” arXiv:1602.07109 [cs, stat], Feb. 2016, arXiv: 1602.07109. [Online]. Available: http://arxiv.org/abs/1602.07109
Google Scholar
15.
C. Miller and C. Valasek, “A Survey of Remote Automotive Attack Surfaces,” IOActive Labs Research, Tech. Rep., 2014. [Online]. Available: http://www.ioactive.com/labs/resources-white-papers.html
Google Scholar
16.
A. Taylor, N. Japkowicz, and S. Leblanc, “Frequency-based anomaly detection for the automotive CAN bus,” in Proc. 2015 World Congress on Industrial Control Systems Security (WCICSS), Dec. 2015, pp. 45–49.
View Article
Google Scholar
17.
H. M. Song, H. R. Kim, and H. K. Kim, “Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network,” in Proc. 2016 InternationalConference on Information Networking (ICOIN), Jan. 2016, pp. 63–68.
View Article
Google Scholar
18.
K.-T. Cho and K. G. Shin, “Fingerprinting Electronic Control Units for Vehicle Intrusion Detection,” in Proc. 25th USENIX Security Symposium, Austin, TX, USA, Aug. 2016.
Google Scholar
19.
M. Muter and N. Asaj, “Entropy-based anomaly detection for in-vehicle networks,” in Proc. 2011 IEEE Intelligent Vehicles Symposium (IV), Jun. 2011, pp. 1110–1115.
View Article
Google Scholar
20.
M. Markovitz and A. Wool, “Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks,” in escar Europe 2015, 2015. [Online]. Available: https://www.escar.info/history/escar-europe/escar-europe-2015-lectures-and-program-committee.html
Google Scholar
21.
S. Hochreiter and J. Schmidhuber, “Long Short-Term Memory,” Neural Computation, vol. 9, no. 8, pp. 1735–1780, Nov. 1997.
View Article
Google Scholar
22.
K. Greff, R. K. Srivastava, J. Koutník B. R. Steunebrink, and J. Schmidhuber, “LSTM: A Search Space Odyssey,” IEEE Trans. on Neural Networks and Learning Systems, vol. PP, no. 99, pp. 1–11, 2016.
View Article
Google Scholar
23.
M. Sundermeyer, R. Schlüter and H. Ney, “LSTM Neural Networks for Language Modeling.” in INTERSPEECH-2012, 2012, pp. 194–197.
CrossRef Google Scholar

Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.