Research And Implementation Of Intrusion Detection System For In-vehicle CAN Bus

With the accelerated integration of the Internet of Things technology and the automotive industry,the degree of intelligence and networking of modern vehicles is deepening.In order to provide users with more comfortable driving experience,the number of electronic control units(ECU)in the car has increased year by year and external communication interfaces such as 3G/4G and Bluetooth are becoming more and more abundant.The vehicle is no longer an isolated and self-closed mechanical product,but an open system with complex in-vehicle networks.The openness and electronization of vehicles make cyber security problems loom large.Once breaking into the in-vehicle network through external interfaces,hackers can launch attacks resulting in privacy breaches,or even car crashes.As one of the most widely used vehicle buses,the controller area network(CAN)bus is a key attack target for hackers.In recent years,attackers have infiltrated into the CAN bus through Bluetooth,On-Board Diagnostics(OBD)and other interfaces to carry out malicious attacks,which poses a severe threat to driving safety.Therefore,it is very important to study the security protection scheme of the CAN bus to ensure the cyber security of in-vehicle networks.Among the existing security protection schemes,the most feasible is intrusion detection technology.However,existing intrusion detection systems have a limited number of types of attacks that can be detected and provide fewer attack details.Aiming at the security problems faced by CAN bus and the inadequacy of existing intrusion detection technology,this paper proposes an intrusion detection system that can be applied to most typical attack scenarios and can determine the attack type and attack frames.Based on the in-depth analysis of the CAN bus communication characteristics and security issues,this paper summarizes the typical attack scenarios and security vulnerabilities of the CAN bus.In order to further study normal frames and intrusion frames,the CAN bus platform is built with real vehicle hardware to read the normal data and implement typical attacks.On this basis,according to the impact of attacks on the bus,this paper divides the typical attacks into high-volume attacks and low-volume attacks and proposes a framework of bus intrusion detection.Based on the proposed framework,two intrusion detection algorithms are proposed in this paper.An entropy-based ID domain intrusion detection algorithm is proposed for high-volume attacks.The intrusion is identified by calculating the bus entropy and relative entropy of the CAN bus.Theoretical analysis and simulation show that the algorithm has good detection effects for flood attacks,isolation attacks,and replay attacks.A decision tree-based data domain intrusion detection algorithm is proposed for low-volume attacks.The C4.5 decision tree model and associated byte detection model are constructed in accordance with the data domain characteristics of CAN bus frames.The simulation results show that the detection success rate of this algorithm for deception attacks frames can reach 96.7%.The proposed intrusion detection system,which combines the two detection algorithms,can detect various types of CAN bus attacks,greatly improving the detection range and success rate.