基于样本熵的车载CAN网络入侵检测

doi:10.19562/j.chinasae.qcgc.2023.07.009

汽车工程 ›› 2023, Vol. 45 ›› Issue (7): 1184-1191.doi: 10.19562/j.chinasae.qcgc.2023.07.009

所属专题：智能网联汽车技术专题-控制2023年

• 专题：汽车智能化关键技术 • 上一篇下一篇

基于样本熵的车载CAN网络入侵检测

崔英祥,张幽彤,魏洪乾()

北京理工大学机械与车辆学院，北京 100081

收稿日期:2022-12-13 修回日期:2023-01-28 出版日期:2023-07-25 发布日期:2023-07-25
通讯作者: 魏洪乾 E-mail:bit_hongqian@126.com
基金资助:
国家重点研发计划“网络空间安全与治理”(2021YFB3101501);国家自然科学基金(52202461);中国博士后科学基金(2022TQ0032);汽车新技术安徽省工程技术研究中心开放基金(QCKJ202202A)

An Intrusion Detection System for In-vehicle CAN Network Based on Sample Entropy

Yingxiang Cui,Youtong Zhang,Hongqian Wei()

School of Mechanical Engineering，Beijing Institute of Technology，Beijing 100081

Received:2022-12-13 Revised:2023-01-28 Online:2023-07-25 Published:2023-07-25
Contact: Hongqian Wei E-mail:bit_hongqian@126.com

摘要/Abstract

摘要：

汽车的智能化和无人化发展增加了对汽车总线网络的依赖，如汽车的实时动力控制、操纵控制等均需要借助车载CAN网络作为信息传递的媒介。然而不像工业互联网等具有完善的信息鉴别和身份认证机制，车载CAN网络缺乏足够的安全防护措施，容易被不法分子入侵。因此，为提高车载CAN网络的安全通信保障，本文提出一种基于样本熵的入侵检测系统（sample entropy-intrusion detection system， SE-IDS）。具体地，通过实时采样汽车的总线数据构建样本熵测试集，利用样本熵的计算方法统计样本熵值，通过观察熵值的突变情况确定该时刻是否有攻击发生。此外，利用实际汽车ECU（electronic control unit）进行了硬件在环测试，分别验证了提出的方法对DOS（denial of service）攻击、模糊攻击、bus-off攻击的检测能力。测试结果表明，DOS攻击、模糊攻击、bus-off攻击均会使稳定的样本熵值出现不可导点，可以据此作为通信异常的标志，从而确定CAN网络遭受的入侵行为。此外，嵌入式设备的在线检测同样验证了该方法在实际ECU上的实时执行能力。

关键词: 汽车总线网络, 入侵检测系统, 样本熵, 攻击模拟

Abstract:

The intelligent and unmanned development of automobiles has increased the dependence on the automobile bus network， such as the real-time power control of the automobile， the automobile steering control， etc.， which require the automobile CAN network as the carrier of information transmission. However， unlike the industrial Internet， which has sound mechanism of information identification and identity authentication， the on-board CAN network lacks sufficient security protection measures and is easy to be invaded by criminals. Therefore， in order to enhance the secure communication capability of the vehicle CAN network， an intrusion detection system based on sample entropy is proposed in this paper. Specifically， the sample entropy test set is constructed by sampling the bus data of the car in real time， and the sample entropy value is counted by using the sample entropy calculation method， the sudden change of which is observed to determine whether there is an attack at this moment. In addition， this paper uses the actual automotive ECU to conduct a hardware-in-the-loop test to verify the detection capabilities of the proposed method for DOS attacks， fuzzy attacks， and bus-off attacks. The test results show that DOS attack， fuzzy attack， and bus-off attack will make the stable sample entropy value appear non-conductive point， which can be used as an abnormal sign of communication data to determine the intrusion behavior of CAN network. In addition， the online detection of embedded devices also verifies the real-time execution ability of this method on actual ECUs.

Key words: automobile bus network, intrusion detection system, sample entropy, attack simulation

崔英祥, 张幽彤, 魏洪乾. 基于样本熵的车载CAN网络入侵检测[J]. 汽车工程, 2023, 45(7): 1184-1191.

Yingxiang Cui, Youtong Zhang, Hongqian Wei. An Intrusion Detection System for In-vehicle CAN Network Based on Sample Entropy[J]. Automotive Engineering, 2023, 45(7): 1184-1191.

图/表 10

图1

图2

表1

图3

图4

图5

图6

图7

图8

图9

参考文献 23

1	李馥娟，王群，钱焕延.车联网安全威胁综述［J］.电子技术应用，2017，43（5）：29-33，37.
	LI F J， WANG Q， QIAN H Y. Overview of internet of vehicles security threats［J］. Application of Electronic Technique，2017，43（5）：29-33，37.
2	王喜文.汽车信息安全问题不容忽视［J］.汽车工业研究， 2013（11）：34-39.
	WANG X W. The problem of automobile information security cannot be ignored［J］. Automotive Industry Research，2013（11）：34-39.
3	KIM K， KIM J， JEONG S， et al. Cybersecurity for autonomous vehicles： review of attacks and defense［J］. Computers & Security， 2021， 103： 102150.
4	MARTÍNEZ-CRUZ A， RAMÍREZ-GUTIÉRREZ K， FEREGRINO-URIBE C， et al. Security on in-vehicle communication protocols： issues， challenges， and future research directions［J］. Computer Communications， 2021， 180： 1-20.
5	OTOUM Y， NAYAK A. AS-IDS： anomaly and signature based ids for the internet of things［J］. Journal of Network and Systems Management， 2021， 29（3）.
6	HOPPE T， KILTZ S， DITTMANN J. Security threats to automotive CAN networks—practical examples and selected short-term countermeasures［J］. Reliability Engineering & System Safety， 2011， 96（1）： 11-25.
7	MÜTER M， GROLL A， FREILING F C. A structured approach to anomaly detection for in-vehicle networks［C］. 2010 6th International Conference on Information Assurance and Security， IAS 2010， 2010： 92-98.
8	GMIDEN M， GMIDEN M H， TRABELSI H. An intrusion detection method for securing in-vehicle CAN bus［C］. 2016 17th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering， STA 2016-Proceedings， 2017： 176-180.
9	MOORE M R， BRIDGES R A， COMBS F L， et al. Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks： a data-driven approach to in-vehicle intrusion detection［C］. ACM International Conference Proceeding Series， 2017.
10	HYUN M S， HA R K， HUY K K. Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network［C］. International Conference on Information Networking， 2016-March， 2016： 63-68.
11	MILLER C， VALASEK C. Remote exploitation of an unaltered passenger vehicle［J］. Black Hat USA， 2015，2015：1-91.
12	KYONG-TAK C， KANG G S. Fingerprinting electronic control units for vehicle intrusion detection［C］. Proceedings of the 25th USENIX Security Symposium，2016： 911-927.
13	LEE H， JEONG S H， KIM H K. OTIDS： a novel intrusion detection system for in-vehicle network by using remote frame［C］. 2017 15th Annual Conference on Privacy， Security and Trust， PST 2017， 2018： 57-66.
14	MEE L H， BYUNG I K， HUY K K. Anomaly intrusion detection method for vehicular networks based on survival analysis［J］. Vehicular Communications， 2018，14： 52-63.
15	MIN-JOO K， JE-WON K. Intrusion detection system using deep neural network for in-vehicle network security［J］. Communications in Computer and Information Science， 2022，1557： 255-267.
16	LOUKAS G， VUONG T， HEARTFIELD R， et al. Cloud-based cyber-physical intrusion detection for vehicles using deep learning［J］. IEEE Access， 2017，6： 3491-3508.
17	TYREE Z， BRIDGES R A， COMBS F L， et al. Exploiting the shape of CAN data for in-vehicle intrusion detection［J］. arXiv， 2018.
18	ARUN G， JAYANTHI R， KANG S. Exploiting consistency among heterogeneous sensors for vehicle anomaly detection ［C］. SAE Paper 2017-01-1654.
19	程彭洲. 基于深度学习的车载网络入侵检测及隐私安全防护研究［D］. 镇江：江苏大学， 2022.
20	陈力. 基于深度学习的车载总线网络入侵检测方法研究［D］. 杭州：浙江科技学院， 2020.
21	YU Z， et al. TCE-IDS： time interval conditional entropy based intrusion detection system for automotive controller area networks［J］. IEEE Transactions on Industrial Informatics， 2022： 1-10.
22	PINCUS S M. Assessing serial irregularity and its implications for health［J］. Ann. N. Y. Acad. Sci，2002，954： 245 - 267．
23	SONG H M， KIM H K. CAN network intrusion datasets ［DB/OL］. （2018-12-30） https：//ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset.

序号	ID类型	报文周期	ID值
1	I	10 ms	0x002
2			0x130
3			0x131
4			0x140
5			0x153
6			0x18f
7			0x260
8			0x2a0
9			0x2c0
10			0x316
11			0x329
12			0x350
13			0x370
14			0x43f
15			0x440
16			0x545
17	II	20 ms	0x1f1
18			0x430
19			0x4b1
20			0x4f0
21	III	50 ms	0x5f0
22	IV	100 ms	0x0a0
23			0x0a1
24			0x690

基于样本熵的车载CAN网络入侵检测

An Intrusion Detection System for In-vehicle CAN Network Based on Sample Entropy

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 23

相关文章 1

Metrics

本文评价

推荐阅读 10