Detection of Injection Attacks in Compressed CAN Traffic Logs

András Gazdag, Dóra Neubrandt, L. Buttyán, Zsolt Szalay

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Prior research has demonstrated that modern cars are vulnerable to cyber attacks. As such attacks may cause physical accidents, forensic investigations must be extended into the cyber domain. In order to support this, CAN traffic in vehicles must be logged continuously, stored efficiently, and analyzed later to detect signs of cyber attacks. Efficient storage of CAN logs requires compressing them. Usually, this compressed logs must be decompressed for analysis purposes, leading to waste of time due to the decompression operation itself and most importantly due to the fact that the analysis must be carried out on a much larger amount of decompressed data. In this paper, we propose an anomaly detection method that works on the compressed CAN log itself. For compression, we use a lossless semantic compression algorithm that we proposed earlier. This compression algorithm achieves a higher compression ratio than traditional syntactic compression methods do such as gzip. Besides this advantage, in this paper, we show that it also supports the detection of injection attacks without decompression. Moreover, with this approach we can detect attacks with low injection frequency that were not detected reliably in previous works.

Original languageEnglish
Title of host publicationSecurity and Safety Interplay of Intelligent Software Systems - ESORICS 2018 International Workshops, ISSA 2018 and CSITS 2018, Revised Selected Papers
EditorsBarbara Gallina, Asaf Shabtai, Yuval Elovici, Brahim Hamid, Joaquin Garcia-Alfaro
PublisherSpringer Verlag
Pages111-124
Number of pages14
ISBN (Print)9783030168735
DOIs
Publication statusPublished - Jan 1 2019
EventInternational Workshop on Interplay of Security, Safety and System/Software Architecture, CSITS 2018, and International Workshop on Cyber Security for Intelligent Transportation Systems, ISSA 2018 held in conjunction with 23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: Sep 6 2018Sep 7 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11552 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Workshop on Interplay of Security, Safety and System/Software Architecture, CSITS 2018, and International Workshop on Cyber Security for Intelligent Transportation Systems, ISSA 2018 held in conjunction with 23rd European Symposium on Research in Computer Security, ESORICS 2018
CountrySpain
CityBarcelona
Period9/6/189/7/18

Keywords

  • Anomaly detection
  • CAN
  • CAN traffic compression

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Detection of Injection Attacks in Compressed CAN Traffic Logs'. Together they form a unique fingerprint.

  • Cite this

    Gazdag, A., Neubrandt, D., Buttyán, L., & Szalay, Z. (2019). Detection of Injection Attacks in Compressed CAN Traffic Logs. In B. Gallina, A. Shabtai, Y. Elovici, B. Hamid, & J. Garcia-Alfaro (Eds.), Security and Safety Interplay of Intelligent Software Systems - ESORICS 2018 International Workshops, ISSA 2018 and CSITS 2018, Revised Selected Papers (pp. 111-124). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11552 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-16874-2_8