{"title":"CANGuard: Practical Intrusion Detection for In-Vehicle Network via Unsupervised Learning","authors":"Wu Zhou, Hao-ming Fu, Shray Kapoor","doi":"10.1145/3453142.3493514","DOIUrl":null,"url":null,"abstract":"Modern vehicles are becoming more advanced recently by incorporating new functionalities, such as V2X, more connectivity and autonomous driving. However, these new things also open the vehicle wider to the outside and thus pose more severe threats to the vehicle security and safety. In this paper, we propose CANGuard, a vehicle intrusion detection system that learns in-vehicle traffic patterns and uses the patterns to detect anomaly in a vehicle network. CANGuard applies autoencoder, an unsupervised learning technique, on the raw CAN messages to learn efficient models of these data, and requires no expert to label CAN messages as needed in supervised approaches. Unlike another study that also uses unsupervised learning but can only detect attacks involving one single type of message, CANGuard can detect attacks involving multiple types of messages as well. Experiments with public data sets demonstrate that CANGuard has almost the same, at some case better, results as compared with state-of-art supervised approaches. Combined with its unsupervised nature and its capability to detect attacks involving multiple types of message, this proves CANGuard is more practical to be deployed in modern vehicle environments.","PeriodicalId":6779,"journal":{"name":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","volume":"170 1","pages":"454-458"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3453142.3493514","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Modern vehicles are becoming more advanced recently by incorporating new functionalities, such as V2X, more connectivity and autonomous driving. However, these new things also open the vehicle wider to the outside and thus pose more severe threats to the vehicle security and safety. In this paper, we propose CANGuard, a vehicle intrusion detection system that learns in-vehicle traffic patterns and uses the patterns to detect anomaly in a vehicle network. CANGuard applies autoencoder, an unsupervised learning technique, on the raw CAN messages to learn efficient models of these data, and requires no expert to label CAN messages as needed in supervised approaches. Unlike another study that also uses unsupervised learning but can only detect attacks involving one single type of message, CANGuard can detect attacks involving multiple types of messages as well. Experiments with public data sets demonstrate that CANGuard has almost the same, at some case better, results as compared with state-of-art supervised approaches. Combined with its unsupervised nature and its capability to detect attacks involving multiple types of message, this proves CANGuard is more practical to be deployed in modern vehicle environments.