Journal article
Detecting CAN attacks on J1939 and NMEA 2000 networks
- Abstract:
- J1939 is a networking layer built on top of the widespread CAN bus used for communication between different subsystems within a vehicle. The J1939 and NMEA 2000 protocols standardize data enrichment for these subsystems, and are used for trucks, weapon systems, naval vessels, and other industrial systems. Practical security solutions for existing CAN based communication systems are notoriously difficult because of the lack of cryptographic capabilities of the devices involved. In this paper we propose a novel intrusion detection system (IDS) for J1939 and NMEA 2000 networks. Our IDS (CANDID) combines timing analysis with a packet manipulation detection system and data analysis. This data analysis enables us to capture the state of the vehicle, detect messages with irregular timing intervals, and take advantage of the dependencies between different Electronic Control Units (ECUs) to restrict even the most advanced attacker. Our IDS is deployed and tested on multiple vehicles, and has demonstrated greater accuracy and detection capabilities than previous work.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 1.6MB, Terms of use)
-
- Publisher copy:
- 10.1109/TDSC.2022.3182481
Authors
- Publisher:
- IEEE
- Journal:
- IEEE Transactions on Dependable and Secure Computing More from this journal
- Volume:
- 20
- Issue:
- 3
- Pages:
- 2406-2420
- Publication date:
- 2022-06-14
- Acceptance date:
- 2022-06-08
- DOI:
- EISSN:
-
1941-0018
- ISSN:
-
1545-5971
- Language:
-
English
- Keywords:
- Pubs id:
-
1263455
- Local pid:
-
pubs:1263455
- Deposit date:
-
2022-06-13
- ARK identifier:
Terms of use
- Copyright holder:
- IEEE
- Copyright date:
- 2022
- Rights statement:
- © 2022 IEEE.
- Notes:
- This is the accepted manuscript version of the article. The final version is available online from IEEE at: https://doi.org/10.1109/TDSC.2022.3182481
If you are the owner of this record, you can report an update to it here: Report update to this record