Forensics aware lossless compression of can traffic logs

Andras Gazdag, L. Buttyán, Zsolt Szalay

Research output: Contribution to journalReview article

Abstract

In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.

Original languageEnglish
Pages (from-to)105-110
Number of pages6
JournalCommunications - Scientific Letters of the University of Zilina
Volume19
Issue number4
Publication statusPublished - Jan 1 2017

Fingerprint

Syntactics
traffic
Telecommunication traffic
Accidents
Semantics
Bandwidth
accident
semantics
Compression

Keywords

  • CAN
  • Forensic analysis
  • Network traffic capture
  • Semantic compression

ASJC Scopus subject areas

  • Automotive Engineering
  • Transportation
  • Economics and Econometrics
  • Computer Networks and Communications

Cite this

Forensics aware lossless compression of can traffic logs. / Gazdag, Andras; Buttyán, L.; Szalay, Zsolt.

In: Communications - Scientific Letters of the University of Zilina, Vol. 19, No. 4, 01.01.2017, p. 105-110.

Research output: Contribution to journalReview article

@article{ffb76729e32a4e219534e423bfb54c6e,
title = "Forensics aware lossless compression of can traffic logs",
abstract = "In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.",
keywords = "CAN, Forensic analysis, Network traffic capture, Semantic compression",
author = "Andras Gazdag and L. Butty{\'a}n and Zsolt Szalay",
year = "2017",
month = "1",
day = "1",
language = "English",
volume = "19",
pages = "105--110",
journal = "Communications - Scientific Letters of the University of Zilina",
issn = "1335-4205",
publisher = "University of Zilina",
number = "4",

}

TY - JOUR

T1 - Forensics aware lossless compression of can traffic logs

AU - Gazdag, Andras

AU - Buttyán, L.

AU - Szalay, Zsolt

PY - 2017/1/1

Y1 - 2017/1/1

N2 - In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.

AB - In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.

KW - CAN

KW - Forensic analysis

KW - Network traffic capture

KW - Semantic compression

UR - http://www.scopus.com/inward/record.url?scp=85037676075&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037676075&partnerID=8YFLogxK

M3 - Review article

AN - SCOPUS:85037676075

VL - 19

SP - 105

EP - 110

JO - Communications - Scientific Letters of the University of Zilina

JF - Communications - Scientific Letters of the University of Zilina

SN - 1335-4205

IS - 4

ER -