A Model-Based Method for Enabling Source Mapping and Intrusion Detection on Proprietary Can Bus

Jia Zhou, Guoqi Xie, Haibo Zeng, Weizhe Zhang, Laurence T. Yang, Mamoun Alazab, Renfa Li

    Research output: Contribution to journalArticlepeer-review

    4 Citations (Scopus)


    With the deep integration of the Internet of Things (IoT) technology and the increase of computational power and memory, vehicles can also serve as the infrastructures for Intelligent Transportation System (ITS), e.g., as fog nodes. However, when connecting vehicles to the internet, alongside with the benefits it brings, it also opens many new challenges such as security attacks. Controller Area Network (CAN) is one of the main in-vehicle communication protocols in modern cars. Its lack of sender verification mechanism makes CAN particularly vulnerable to cyber-attacks including masquerade attack. Fingerprinting Electronic Control Units (ECUs) based on hardware characteristics has been proved feasible and effective on defending CAN buses. However, most state-of-the-art works exploited the supervised learning algorithm to identify the transmitter based on the signal characteristics. This makes the decision process hard to understand, and it also limits the deployment on proprietary CAN bus without prior knowledge. To solve this, we design a novel clock-skew-based approach capable of pinpointing the sender and detecting intrusion on proprietary CAN bus. We take a single CAN frame as the object for measurement, and adjust the measuring process such that our approach can be independent of the transmission time of frames. Based on the statistical analysis of data from real vehicles, we propose a novel box-plot algorithm based on score mechanism to filter the raw data. Finally, the clock skews are estimated and accumulated to build a linear model for representing the transmitter ECU. The evaluation results on one CAN prototype and two production vehicles show that our approach is able to well identify and differentiate ECUs on the bus without prior knowledge. The data processed by the proposed box-plot algorithm can describe the hardware characteristics of ECUs precisely. We also show the ability of our approach to protecting the CAN bus against the masquerade attack.

    Original languageEnglish
    Pages (from-to)12922-12932
    Number of pages11
    JournalIEEE Transactions on Intelligent Transportation Systems
    Issue number11
    Early online date3 Mar 2022
    Publication statusPublished - 1 Nov 2023

    Bibliographical note

    Publisher Copyright:
    © 2000-2011 IEEE.


    Dive into the research topics of 'A Model-Based Method for Enabling Source Mapping and Intrusion Detection on Proprietary Can Bus'. Together they form a unique fingerprint.

    Cite this