We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Detecting CAN Masquerade Attacks with Signal Clustering Similarity

Abstract: Vehicular Controller Area Networks (CANs) are susceptible to cyber attacks of different levels of sophistication. Fabrication attacks are the easiest to administer -- an adversary simply sends (extra) frames on a CAN -- but also the easiest to detect because they disrupt frame frequency. To overcome time-based detection methods, adversaries must administer masquerade attacks by sending frames in lieu of (and therefore at the expected time of) benign frames but with malicious payloads. Research efforts have proven that CAN attacks, and masquerade attacks in particular, can affect vehicle functionality. Examples include causing unintended acceleration, deactivation of vehicle's brakes, as well as steering the vehicle. We hypothesize that masquerade attacks modify the nuanced correlations of CAN signal time series and how they cluster together. Therefore, changes in cluster assignments should indicate anomalous behavior. We confirm this hypothesis by leveraging our previously developed capability for reverse engineering CAN signals (i.e., CAN-D [Controller Area Network Decoder]) and focus on advancing the state of the art for detecting masquerade attacks by analyzing time series extracted from raw CAN frames. Specifically, we demonstrate that masquerade attacks can be detected by computing time series clustering similarity using hierarchical clustering on the vehicle's CAN signals (time series) and comparing the clustering similarity across CAN captures with and without attacks. We test our approach in a previously collected CAN dataset with masquerade attacks (i.e., the ROAD dataset) and develop a forensic tool as a proof of concept to demonstrate the potential of the proposed approach for detecting CAN masquerade attacks.
Comments: 8 pages, 5 figures, 3 tables
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG); Applications (stat.AP)
Journal reference: Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
DOI: 10.14722/autosec.2022.23028
Cite as: arXiv:2201.02665 [cs.CR]
  (or arXiv:2201.02665v2 [cs.CR] for this version)

Submission history

From: Pablo Moriano [view email]
[v1] Fri, 7 Jan 2022 20:25:40 GMT (1391kb,D)
[v2] Fri, 11 Mar 2022 19:52:01 GMT (2317kb,D)

Link back to: arXiv, form interface, contact.