DOS Attack Detection For In-vehicle CAN Bus Based On Nonparametric CUSUM Algorithm

With the continuous development of the automotive industry,traditional automobiles have been unable to meet the various intelligent demands of consumers,and the automotive industry is facing upgrading and transformation.The R&D direction of the car is changing from a traditional,closed car network to a new,interactive internetwork.Car networking is a huge Internet that is formed by the interaction between car information and the outside world.It is based on the current driving information of the vehicle and the searched road conditions information to organize and analyze and provide the driver with the best driving plan under the current road conditions.The continuous development of the car network,vehicle-mounted information security issues between vehicles and vehicles,infrastructure,and clouds have also attracted the attention of depots and R&D personnel.In-vehicle information security includes information security when the outside world is connected to the interior of the car,and also includes information security of the bus inside the car.The current bus on the car is mainly LIN,CAN,Flex Ray,and may replace MOST's car Ethernet technology.Since the characteristics of the CAN bus message and arbitration mechanism can well meet the automotive real-time and reliability requirements,the CAN bus is the main vehicle bus in the current automotive bus market.However,in the initial design of the CAN bus,information security protection measures were not taken into consideration.Therefore,research on the safety performance of the CAN bus is the first and most important step to ensure the safety of the bus network in the car.Denial of Service(DOS),because of its easy operation,is the most common attack on traditional computers and the Internet.Denial-of-service attacks can make resources scarce,regardless of the capacity of the computer or the bandwidth of the network.Therefore,in a vehicle-borne environment with limited bandwidth and processingspeed,it is more susceptible to denial of service attacks and the study of denial of service attacks on the CAN bus is self-evident.This paper analyzes how to detect this type of denial of service attack based on the analysis of how hackers make the on board CAN bus denial of service.The main tasks are as follows:First,introduce the development of the current car networking and the importance of the CAN bus.Analyzing the CAN bus protocol features and the existing CAN bus security mechanisms,for these characteristics and the existence of security mechanisms analysis of them which may generate denial of service attacks.Second,based on the analysis of the features of the CAN bus that do not provide security protection mechanism and the characteristics of denial of service attacks,analyze the possible denial of service threats in the CAN bus,such as the authentication process of the CAN bus security mechanism,may be subject to certification.Flooding attacks;Due to the characteristics of the CAN bus arbitration mechanism,there may be packet flood attacks during the CAN bus communication process.Thirdly,by reading a large number of documents and analyzing the characteristics of detecting denial-of-service attacks and selects the non-parametric CUSUM algorithm,which is suitable for detecting denial-of-service attacks in CAN bus.It is used to judge the attack time and false alarm rate.Check whether the non-parametric CUSUM algorithm successfully detects the attack and whether the false alarm rate changes as the parameter selection changes.Fourth,experiments were conducted by using the Freescale MC9S12XDT512 development board and the USBCAN-II analysis tool.The selection of the algorithm was analyzed and verified.In the on-board CAN bus,the detection of the authentication flood attack and the packet flood attack was successfully detected and the parameters were different.Select whether the inspection time will be shortened.