Research on CAN Network Security Aspects and Intrusion Detection Design 2017-01-2007

With the rapid development of vehicle intelligent and networking technology, the IT security of automotive systems becomes an important area of research. In addition to the basic vehicle control, intelligent advanced driver assistance systems, infotainment systems will all exchange data with in-vehicle network. Unfortunately, current communication network protocols, including Controller Area Network (CAN), FlexRay, MOST, and LIN have no security services, such as authentication or encryption, etc. Therefore, the vehicle are unprotected against malicious attacks. Since CAN bus is actually the most widely used field bus for in-vehicle communications in current automobiles, the security aspects of CAN bus is focused on. Based on the analysis of the current research status of CAN bus network security, this paper summarizes the CAN bus potential security vulnerabilities and the attack means. Aiming at flood, spoof, drop, replay and modify attacks of CAN bus, an in-vehicle intrusion detection system is designed consisting of a network interface & analysis module, an intrusion detection module based on Adaptive-Network-based Fuzzy Inference System (ANFIS) and a feature database. In order to validate the efficiency of the proposed intrusion detection system, the experiment is setup in the real environment of electric vehicle, in which the attack model and the intrusion detection system are mainly implemented in an emulated gateway, and the attacks are mounting through OBD-II port to the network of the electric vehicle. Through several experiment of attacks, the results show that the designed system for network intrusion detection can effectively detect the abnormal behavior of CAN bus network.