A Lightweight Intrusion Detection System for CAN Protocol Using Neighborhood Similarity

• Published in: 2022 7th International Conference on Data Science and Machine Learning Applications (CDMA) pp. 121 - 126
• Main Authors: Refat, Rafi Ud Daula, Elkhail, Abdulrahman Abu, Malik, Hafiz
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.03.2022
• Subjects: Access control; Authentication; Controller Area Network; Data science; In-vehicular Network Security; Intrusion detection; Intrusion Detection System; Machine learning; Neighborhood Similarity; Performance evaluation; Protocols
• DOI: 10.1109/CDMA54072.2022.00025

The Controller Area Network (CAN) protocol is the most commonly used communication protocol for in-vehicle networks due to its simplicity, efficiency and robustness. However, the CAN protocol is vulnerable to malicious attacks because it lacks basic security features such as message ID authentication, access control and message verification. Specifically, CAN pro-tocol fails to provide protection against message injection at-tacks. This paper presents a novel lightweight Intrusion Detection System (IDS) that translates CAN traffic into a mathematical abstraction i.e. temporal graph and then applies neighborhood-based graph similarity technique to detect CAN bus intrusions. The performance of the proposed approach is evaluated on a dataset from a real vehicle. The dataset consists of three types of message injection attack including spoofing, fuzzy and DoS attack is used for performance evaluation. Experimental results indicate that the proposed IDS can successfully detect these attacks with high detection accuracy. Specifically, the proposed IDS achieves detection accuracy of 96.01% as compared to best case scenario detection accuracy of 90.16% for existing state-of-the-art.