Normal and Malicious Sliding Windows Similarity Analysis Method for Fast and Accurate IDS Against DoS Attacks on In-Vehicle Networks

機関リポジトリ HANDLE オープンアクセス

抄録

Controller Area Network (CAN) is a de facto standard of in-vehicle networks. Since CAN employs broadcast communication and a slower network than other general networks (e.g. Ethernet, IEEE802.11), it is inherently vulnerable to Denial-of-Service (DoS) attacks. As a countermeasure against DoS attacks on CAN, a method for detecting a DoS attack using the entropy in a sliding window has been proposed.Thismethodhasagoodadvantageintermsofeffectivenessandthesmallcomputationaloverhead. However, this method may only be effective against DoS attacks under naive conditions such as some higher priority messages. In addition, if an adversary can adjust the entropy of the DoS attack to its normal value, the conventional method cannot detect a DoS attack in which the adversary manipulates the entropy. We found this type of DoS attack, which is called an entropy-manipulated attack. In this paper, we propose a method that can detect an entropy-manipulated attack by using the similarity of two sliding windows. We con?rmed that the proposed method detected the DoS attack in 100% of the cases in our experiment, and we showed that the detection time is up to 93% (14 μs) shorter than the conventional method.

収録刊行物

  • IEEE Access

    IEEE Access 8 42422-42435, 2020-02-24

    IEEE

キーワード

詳細情報 詳細情報について

問題の指摘

ページトップへ