CAN Security: Cost-Effective Intrusion Detection for Real-Time Control Systems
In-vehicle networks are generally used for computerized control and connecting information technology devices in cars. However, increasing connectivity also increases security risks. “Spoofing attacks”, in which an adversary infiltrates the controller area network (CAN) with malicious data and makes the car behave abnormally, have been reported. Therefore, countermeasures against this type of attack are needed. Modifying legacy electronic control units (ECUs) will affect development costs and reliability because in-vehicle networks have already been developed for most vehicles. Current countermeasures, such as authentication, require modification of legacy ECUs. On the other hand, anomaly detection methods may result in misdetection due to the difficulty in setting an appropriate threshold. Evaluating a reception cycle of data can be used to simply detect spoofing attacks. However, this may result in false detection due to fluctuation in the data reception cycle in the CAN.