Abstract:
Controller Area Network (CAN), designed in the early 1980s, is the most widely
used in-vehicle communication protocol. The CAN protocol has various features
to provide highly reliable communication between the nodes. Some of these
features are the arbitration process to provide fixed priority scheduling, error
confinement mechanism to eliminate faulty nodes, and message form check
along with cyclic redundancy checksum to identify transmission faults. It also has
differential voltage architecture on twisted two-wire, eliminating electrical and
magnetic noise. Although these features make the CAN a perfect solution for the
real-time cyber-physical structure of vehicles, the protocol lacks basic security
measures like encryption and authentication; therefore, vehicles are vulnerable
to cyber-attacks. Due to increased automation and connectivity, the attack
surface rises over time. This research aims to detect CAN bus attacks by
proposing WINDS, a wavelet-based intrusion detection system. The WINDS
analyses the network traffic behaviour by binary classification in the time-scale
domain to identify potential attack instances anomalies. As there is no standard
testing methodology, a part of this research constitutes a comprehensive testing
framework and generation of benchmarking dataset. Finally, WINDS is tested
according to the framework and its competitiveness with state-of-the-art solutions
is presented.
