Using internal context to detect automotive controller area network attacks

The rise in data use within cars has led to concerns about their cybersecurity. Controller Area Network (CAN) enables communication between components core the car’s safety and performance, been demonstrated be particularly vulnerable hacking malicious cyber-intrusion. CAN intrusion detection systems have envisaged. Signatures of known attacks might used for detection, but this method holds many limitations. Although some change packet broadcast rates or add unknown packets onto network, that little no effect on these, yet can alter data, also devised. We therefore test three novelty methods (Local Outlier Factor, Compound Classifier One-Class Support Vector Machine) identify an attack based solely anomalies field data-values. compare values across a cluster from different control units, so potentially could attacked unit even when its subsequent fabricated payload data-values remain plausible. two makes car range manipulation magnitudes, reflecting unpredictability attacks. Different training regimes are tested, enabling us assess validity journeys. consider processes needed determine fields included cluster, present algorithms automating those processes.