An Efficient Hidden Markov Model For Anomaly Detection In CAN Bus Networks

CAN Bus is currently the most used bus network in vehicles. It was designed however to be used for internal communications with no external access. On the other hand, nowadays in-vehicle networks allow communication with external devices through wireless interfaces such as Bluetooth, Wi-Fi, cellular, etc. For this reason, the network became vulnerable to many external threats which may cause high danger for both drivers and passengers. Much research is being done on securing this bus. Most proposed solutions are based on cryptographic approaches. There are only few works which employ anomaly-detection techniques despite their efficiencies in systems that need real-time detection. Therefore, we propose an intrusion detection system (IDS) based on Hidden Markov Models for the Controller Area Network (CAN) bus. Our system extracts suitable features from CAN packets and uses them to train and construct system model parameters. The system operates by comparing test transition sequences obtained in the detection phase and normal sequences built in the training phase. HMM is a powerful tool to process no linear and time variant systems. For this reason, the proposed IDS shows a good performance namely substantial decrease of false positive errors and increase of detection rate.