基于熵的车载CAN总线异常检测研究

doi:10.19562/j.chinasae.qcgc.2021.10.017

汽车工程 ›› 2021, Vol. 43 ›› Issue (10): 1543-1548.doi: 10.19562/j.chinasae.qcgc.2021.10.017

基于熵的车载CAN总线异常检测研究

张海春¹,姜荣帅¹,王颉²,鲁赵骏³,刘政林¹()

^1.华中科技大学光学与电子信息学院，武汉 430074
^2.深圳开源互联网安全技术有限公司，深圳 518000
^3.华中科技大学网络空间安全学院，武汉 430074

收稿日期:2021-04-19 修回日期:2021-05-25 出版日期:2021-10-25 发布日期:2021-10-25
通讯作者: 刘政林 E-mail:liuzhenglin@hust.edu.cn
基金资助:
国家自然科学基金(61874047);深圳市创新创业专项—技术攻关面上项目(202011023000308)

Research on Anomaly Detection of In⁃Vehicle CAN Bus Based on Entropy

Haichun Zhang¹,Rongshuai Jiang¹,Jie Wang²,Zhaojun Lu³,Zhenglin Liu¹()

^1.School of Optical and Electronic Information，Huazhong University of Science and Technology，Wuhan 430074
^2.Shenzhen Kaiyuan Internet Security Technology Co. ，Ltd. ，Shenzhen 518000
^3.School of Cyber Science and Engineering，Huazhong University of Science and Technology，Wuhan 430074

Received:2021-04-19 Revised:2021-05-25 Online:2021-10-25 Published:2021-10-25
Contact: Zhenglin Liu E-mail:liuzhenglin@hust.edu.cn

摘要/Abstract

摘要：

由于缺乏加密、完整性校验和身份认证机制，车载CAN总线容易遭受攻击而造成总线数据帧流量异常。为检测攻击者注入车载CAN总线的异常数据帧流量，本文中在分析了基于信息熵的车载CAN总线异常检测机制的基础上，提出了基于相对熵的车载CAN总线异常检测机制，弥补了前者无法检测出异常细节信息的缺陷。在某型号福特车辆上的实验结果表明，基于相对熵的车载CAN总线异常检测机制不仅可以检测出DoS攻击、重放攻击造成的总线数据帧流量异常，还可以检测出具体的攻击类型和异常数据帧的ID，并且取得了较高的检测效率。

关键词: 车载CAN总线, 相对熵, 信息熵, 异常检测

Abstract:

Due to lack of encryption， integrity verification， and identity authentication mechanism， the vehicle Controller Area Network （CAN） bus is prone to attacks that cause abnormal bus data frame flow. In order to detect the abnormal data frame traffic injected by the attacker into the vehicle CAN bus， this paper analyzes the vehicle CAN bus anomaly detection mechanism based on information entropy， and proposes a vehicle CAN bus anomaly detection mechanism based on relative entropy， which makes up for the former's defect of inability to detect abnormal details of the defect. The experimental results on a certain Ford vehicle show that the CAN bus anomaly detection mechanism based on relative entropy can not only detect the abnormal flow of bus data frames caused by DoS attacks and replay attacks， but also detect specific attack types and abnormal CAN ID of the frame， with high detection efficiency.

Key words: in?vehicle CAN bus, relative entropy, information entropy, anomaly detection

张海春,姜荣帅,王颉,鲁赵骏,刘政林. 基于熵的车载CAN总线异常检测研究[J]. 汽车工程, 2021, 43(10): 1543-1548.

Haichun Zhang,Rongshuai Jiang,Jie Wang,Zhaojun Lu,Zhenglin Liu. Research on Anomaly Detection of In⁃Vehicle CAN Bus Based on Entropy[J]. Automotive Engineering, 2021, 43(10): 1543-1548.

图/表 8

图1

图2

图3

图4

图5

图6

图7

图8

参考文献 13

1	KIMM H， HAM H. Integrated fault tolerant system for automotive bus networks［C］. 2010 Second International Conference on Computer Engineering and Applications. IEEE， 2010， 1： 486-490.
2	CHECKOWAY S， MCCOY D， ANDERSON D， et al. Comprehensive experimental analyses of automotive attack surfaces［C］. Proceedings of the USENIX Security Symposium 2011. USENIX Association， 2011.
3	MOORE M R， BRIDGES R A， COMBS F L， et al. Modeling inter⁃signal arrival times for accurate detection of CAN bus signal injection attacks［C］. Conference on Cyber & Information Security Research. 2017.
4	HUANG J， ZHAO M， ZHOU Y， et al. In⁃vehicle networking： protocols， challenges， and solutions［J］. IEEE Network， 2018：92-98.
5	KANG K D， BAEK Y， LEE S， et al. An analysis of voltage drop as a security feature in controller area network［C］. Proceedings of the 2016 IEMEK Symposium on Embedded Technology， 216AD， Daejeon， Korea. 2016： 26-27.
6	于赫. 网联汽车信息安全问题及 CAN 总线异常检测技术研究［D］. 长春：吉林大学， 2016.
	YU H. Research on information security issues of networked vehicles and CAN bus anomaly detection technology ［D］.Changchun： Jilin University， 2016.
7	DI N M， ZENG H， GIUSTO P， et al. Understanding and using the controller area network communication protocol： theory and practice［M］. Springer Science & Business Media， 2012.
8	AVATEFIPOUR O， MALIK H. State⁃of⁃the⁃art survey on in⁃vehicle network communication （CAN⁃bus） security and vulnerabilities［J］. arXiv Preprint arXiv：， 2018.
9	LIU J， ZHANG S， WEN S， et al. In⁃vehicle network attacks and countermeasures： challenges and future directions［J］. IEEE Network， 2017， 31（5）：50-58.
10	KOSCHER K， CZESKIS A， ROESNER F， et al. Experimental security analysis of a modern automobile［C］. 31st IEEE Symposium on Security and Privacy， S&P2010， 16-19 May 2010， Berleley/Oakland， California， USA. IEEE， 2010.
11	HAZEM A， FAHMY H A. Lcap⁃a lightweight can authentication protocol for securing in⁃vehicle networks［C］. 10th Escar Embedded Security in Cars Conference， Berlin， Germany. 2012， 6.
12	NOURELDEEN P， AZER M A， REFAAT A， et al. Replay attack on lightweight CAN authentication protocol［C］. 2017 12th International Conference on Computer Engineering and Systems （ICCES）. IEEE， 2017： 600-606.
13	BOZDAL M， SAMIE M， ASLAM S， et al. Evaluation of CAN bus security challenges［J］. Sensors， 2020， 20（8）： 2364.

[1]	刘启全,马建,赵轩,张凯,孟德安,相里康. 基于值率模型的电动汽车动力电池电压异常检测[J]. 汽车工程, 2023, 45(9): 1728-1739.
[2]	刘志强, 韩静文, 倪捷. 基于驾驶人特性的自适应换道预警算法研究^*[J]. 汽车工程, 2019, 41(4): 440-446.

基于熵的车载CAN总线异常检测研究

Research on Anomaly Detection of In⁃Vehicle CAN Bus Based on Entropy

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 13

相关文章 2

Metrics

本文评价

推荐阅读 10