Anomaly detection method “cumulative sum detection” for in-vehicle networks

Abstract

This paper proposes cumulative sum detection, which can detect cyberattacks on Controller Area Network (CAN). Well-known existing attack detection techniques cause false positives and false negatives when there are long delays or early arrivals involving usual periodic message reception. The proposed technique can detect attacks with almost no false positives or false negatives, that is highly accurate even when there are a long delays or early arrivals. This paper evaluates the detection accuracy of existing techniques and the proposed technique using computer simulation with CAN data obtained from actual vehicles. By considering the evaluation result and the ease of parameter adjustment, we show that the cumulative sum detection is the best of these techniques.