Design of Anomaly Detection Functions for Controller Area Networks

Abstract

Vehicles are becoming increasingly autonomous and connected, leading to an increase in the types of security threats to vehicles. Controller Area Network (CAN) is a serial bus system that is used to connect sensors and controllers (Electronic Control Units - ECUs) within a vehicle. ECUs vary widely in processing power, storage, memory, and connectivity. There is a need for efficient security countermeasures for protecting the CAN from various attacks. In this paper, we present a novel process to efficiently design functions that can be used for anomaly detection. Our earlier work successfully demonstrated the use of Long Short-Term Memory (LSTM) Networks to perform anomaly detection. This paper focuses on the efficient design and testing of functions that are attack-resistant and can be used in our anomaly detection engine. Once trained, our system is capable of efficiently detecting anomalies in real-time. We report the results of our anomaly detection function design process. We also present the results of our overall anomaly detection engine that are used as inputs to our detection engine. Our function design process and anomaly detection engine have been tested on data from real automobiles. We present the results of our experiments and analyze our findings.