Detecting Low-Rate Replay-Based Injection Attacks on In-Vehicle Networks

The lack of security in today & x2019;s in-vehicle network make connected vehicles vulnerable to many types of cyber-attacks. Replay-based injection attacks are one of the easiest type of denial-of-service attacks where the attacker floods the in-vehicle network with malicious traffic with intent to alter the vehicle & x2019;s normal behavior. The attacker may exploit this vulnerability to launch targeted low-rate injection attacks which are difficult to detect because the network traffic during attacks looks like regular network traffic. In this paper, we propose a sequence mining approach to detect low-rate injection attacks in Control Area Network (CAN). We discuss four different types of replay attacks that can be used by the adversary, and evaluate the effectiveness of proposed method for varying attack characteristics and computational performance for each of the attacks. We observe that the proposed sequence-based anomaly detection achieves over 99 & x0025; f-score, and outperforms existing dictionary based and multi-variate Markov chain based approach. Given that the proposed technique only uses CAN identifiers, the techniques could be adaptable to any type of vehicle manufacturer.