Research On Intrusion Detection Algorithm For In-vehicle CAN Bus Based On Information Characteristics Classification Method

With the rapid development of automobile electronic technology and mobile communication technology,more and more vehicle intelligent applications are connected with the network outside the vehicle,which improves people’s driving experience.The intelligent networking of the vehicle has gradually become the future direction of automobile development.The interconnection between the vehicle and the outside world makes the vehicle exposed to the network environment.The in-vehicle bus network which does not have any network security protection measures is facing a serious network security threat.Among them,the in-vehicle CAN bus protocol has become the most widely used communication protocol in the automotive industry because of its low cost and high reliability.In recent years,with the frequent occurrence of in-vehicle network security events,people began to pay attention to its security.In-vehicle network security is related to the safety of people and public facilities.If the vehicle network security can not be guaranteed,the development of vehicle intelligent network technology will be stagnant.In order to ensure the security of in-vehicle CAN bus network,intrusion detection algorithm is one of the effective security strategies.Considering the limited computing resources and high requirements for real-time and accuracy in vehicle environment,a lightweight intrusion detection algorithm based on key features is proposed,which can be directly applied to the vehicle environment.Firstly,this paper summarizes the abnormal behaviors of the traffic and the payload of data frame caused by various attacks,after analyzing the typical attack modes of vehicle can bus.Then,aiming at the abnormal behavior after can bus attack in vehicle,several key features which are easy to calculate are selected as the detection basis of intrusion detection algorithm.Among them,the ID and the arrival time interval of data frame are used as the detection basis of abnormal flow of in-vehicle CAN bus.The correlation between variables,the change range of variable context and the value range of variables are used as the detection basis for abnormal payload.Finally,in order to verify the effectiveness and performance of the intrusion detection algorithm designed in this paper,the in-vehicle CAN bus network topology of the real vehicle and the behavior of several hackers attacking vehicles are simulated with CANoe software.The node programming function of CANoe software is used to realize and analyze the algorithm designed in this paper.In the 15 MS detection time,the detection rate against the drop and replay attacks of the in-vehicle CAN bus reaches 100%and 98.2%.And in the 55 MS detection time,the detection rate of tamper attack is up to 66.2%.