Please use this identifier to cite or link to this item:
http://bura.brunel.ac.uk/handle/2438/28415
Title: | Application-Layer Anomaly Detection Leveraging Time-Series Physical Semantics in CAN-FD Vehicle Networks |
Authors: | Zhao, R Luo, C Gao, F Gao, Z Li, L Zhang, D Yang, W |
Keywords: | anomaly detection;physical semantics;timing prediction;CAN-FD |
Issue Date: | 16-Jan-2024 |
Publisher: | MDPI |
Citation: | Zhao, R. et al. (2024) 'Application-Layer Anomaly Detection Leveraging Time-Series Physical Semantics in CAN-FD Vehicle Networks', Electronics (Switzerland), 13 (2), 377, pp. 1 - 24. doi: 10.3390/electronics13020377. |
Abstract: | The Controller Area Network with Flexible Data-Rate (CAN-FD) bus is the predominant in-vehicle network protocol, responsible for transmitting crucial application semantic signals. Due to the absence of security measures, CAN-FD is vulnerable to numerous cyber threats, particularly those altering its authentic physical values. This paper introduces Physical Semantics-Enhanced Anomaly Detection (PSEAD) for CAN-FD networks. Our framework effectively extracts and standardizes the genuine physical meaning features present in the message data fields. The implementation involves a Long Short-Term Memory (LSTM) network augmented with a self-attention mechanism, thereby enabling the unsupervised capture of temporal information within high-dimensional data. Consequently, this approach fully exploits contextual information within the physical meaning features. In contrast to the non-physical semantics-aware whole frame combination detection method, our approach is more adept at harnessing the physical significance inherent in each segment of the message. This enhancement results in improved accuracy and interpretability of anomaly detection. Experimental results demonstrate that our method achieves a mere 0.64% misclassification rate for challenging-to-detect replay attacks and zero misclassifications for DoS, fuzzing, and spoofing attacks. The accuracy has been enhanced by over 4% in comparison to existing methods that rely on byte-level data field characterization at the data link layer. |
Description: | Data Availability Statement: The data presented in this study are available on request from the corresponding author. The data are not publicly available due to the need for confidentiality of application layer protocols for car companies. |
URI: | https://bura.brunel.ac.uk/handle/2438/28415 |
DOI: | https://doi.org/10.3390/electronics13020377 |
Other Identifiers: | ORCiD: Fei Gao https://orcid.org/0000-0003-4195-5033 ORCiD: Dong Zhang https://orcid.org/0000-0002-4974-4671 377 |
Appears in Collections: | Dept of Mechanical and Aerospace Engineering Research Papers |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
FullText.pdf | Copyright © 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). | 8 MB | Adobe PDF | View/Open |
This item is licensed under a Creative Commons License