EE Seminar: Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks

~~Speaker: Moti Markovitz, 
M.Sc. student under the supervision of Prof. Avishai Wool

Wednesday, December 16, 2015 at 15:00
Room 011, Kitot Bldg., Faculty of Engineering

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks

Abstract

A controller area network (CAN bus) is commonly used for in-vehicle communication. During the last years, several security research groups have shown that CAN bus networks are vulnerable to attacks. In particular, it was demonstrated that an attacker can broadcast fake messages on the CAN bus network and disrupt the normal operation of the vehicle’s critical systems, like shutting down the engine during trip, spinning the steering wheel, etc.

In this thesis we deal with these attacks.
First, we describe the architecture of the vehicle communication system and the security issues. Then we explain how we acquired the data for our research, the initial analysis of the data, and what we have learned from it.
A serious challenge in in-vehicle communication research is that the CAN bus message formats are proprietary and not publicly documented. We describe the field classification algorithm that we have developed, that automatically parse the messages and find their semantics.

In order to evaluate our methods we needed traces of messages whose field structure is known. We present a simulator of CAN bus communication, that we have developed for this purpose.

Finally, we use the message field structures from our field classification algorithm, for building an enforcement model, based on TCAM. This enforcement model can be used for anomaly detection system.