{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T05:06:36Z","timestamp":1743051996840,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031093562"},{"type":"electronic","value":"9783031093579"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,6,30]],"date-time":"2022-06-30T00:00:00Z","timestamp":1656547200000},"content-version":"vor","delay-in-days":180,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Previous attacks have shown that in-vehicle networks have vulnerabilities and a successful attack could lead to significant financial loss and danger to life. In this paper, we propose a Pearson correlation based anomaly detection algorithm to detect CAN message modification attacks. The algorithm does not need a priori information about the communication: it identifies signals based on statistical properties, finds the important correlation coefficients for the correlating signals, and detects attacks as deviations from a previously learned normal state.<\/jats:p>","DOI":"10.1007\/978-3-031-09357-9_4","type":"book-chapter","created":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T19:02:49Z","timestamp":1656529369000},"page":"38-50","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Correlation-Based Anomaly Detection for\u00a0the\u00a0CAN Bus"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4481-3308","authenticated-orcid":false,"given":"Andr\u00e1s","family":"Gazdag","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6491-2266","authenticated-orcid":false,"given":"Gy\u00f6rgy","family":"Lupt\u00e1k","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4233-2559","authenticated-orcid":false,"given":"Levente","family":"Butty\u00e1n","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,6,30]]},"reference":[{"key":"4_CR1","doi-asserted-by":"publisher","unstructured":"Ben Othmane, L., Dhulipala, L., Abdelkhalek, M., Multari, N., Govindarasu, M.: On the performance of detecting injection of fabricated messages into the can bus. IEEE Trans. Dependable Secure Comput., 1 (2020). https:\/\/doi.org\/10.1109\/TDSC.2020.2990192","DOI":"10.1109\/TDSC.2020.2990192"},{"issue":"8","key":"4_CR2","doi-asserted-by":"publisher","first-page":"2114","DOI":"10.1109\/TIFS.2018.2812149","volume":"13","author":"W Choi","year":"2018","unstructured":"Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: VoltageIDS: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114\u20132129 (2018). https:\/\/doi.org\/10.1109\/TIFS.2018.2812149","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"4_CR3","unstructured":"Gazdag, A., Ferenczi, C., Butty\u00e1n, L.: Development of a man-in-the-middle attack device for the can bus. In: Proceedings of the 1st Conference on Information Technology and Data Science Debrecen, Hungary, 6\u20138 November 2020, pp. 115\u2013130 (2020)"},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Gmiden, M., Mohamed, H., Trabelsi, H.: An intrusion detection method for securing in-vehicle CAN bus. In: Proceedings of the 17th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA) (2016). https:\/\/doi.org\/10.1109\/STA.2016.7952095","DOI":"10.1109\/STA.2016.7952095"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-642-35404-5_15","volume-title":"Cryptology and Network Security","author":"B Groza","year":"2012","unstructured":"Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185\u2013200. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35404-5_15"},{"key":"4_CR6","doi-asserted-by":"publisher","first-page":"49375","DOI":"10.1109\/ACCESS.2018.2841884","volume":"6","author":"H Ji","year":"2018","unstructured":"Ji, H., Wang, Y., Qin, H., Wu, X., Yu, G.: Investigating the effects of attack detection for in-vehicle networks based on clock drift of ECUs. IEEE Access 6, 49375\u201349384 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2841884","journal-title":"IEEE Access"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Kang, M.J., Kang, J.W.: Intrusion detection system using deep neural network for in-vehicle network security. PLoS One 11(6), e0155781 (2016)","DOI":"10.1371\/journal.pone.0155781"},{"key":"4_CR8","doi-asserted-by":"publisher","unstructured":"Kang, M.J., Kang, J.W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: Proceedings of the 83rd IEEE Vehicular Technology Conference (VTC Spring), pp. 1\u20135 (2016). https:\/\/doi.org\/10.1109\/VTCSpring.2016.7504089","DOI":"10.1109\/VTCSpring.2016.7504089"},{"key":"4_CR9","doi-asserted-by":"publisher","unstructured":"Kim, K., Kim, J.S., Jeong, S., Park, J.H., Kim, H.K.: Cybersecurity for autonomous vehicles: review of attacks and defense. Comput. Secur. 103 (2021). https:\/\/doi.org\/10.1016\/j.cose.2020.102150","DOI":"10.1016\/j.cose.2020.102150"},{"key":"4_CR10","doi-asserted-by":"publisher","unstructured":"Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy, pp. 447\u2013462 (2010). https:\/\/doi.org\/10.1109\/SP.2010.34","DOI":"10.1109\/SP.2010.34"},{"issue":"1","key":"4_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13638-019-1484-3","volume":"2019","author":"S-F Lokman","year":"2019","unstructured":"Lokman, S.-F., Othman, A.T., Abu-Bakar, M.-H.: Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review. EURASIP J. Wirel. Commun. Netw. 2019(1), 1\u201317 (2019). https:\/\/doi.org\/10.1186\/s13638-019-1484-3","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"4_CR12","doi-asserted-by":"publisher","unstructured":"Marchetti, M., Stabili, D.: Anomaly detection of can bus messages through analysis of id sequences. In: Proceedings of the IEEE Intelligent Vehicles Symposium (IV), pp. 1577\u20131583 (2017). https:\/\/doi.org\/10.1109\/IVS.2017.7995934","DOI":"10.1109\/IVS.2017.7995934"},{"key":"4_CR13","unstructured":"Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown CAN bus networks. In: Proceedings of the Embedded Security in CARs (ESCAR) Conference (2015)"},{"key":"4_CR14","doi-asserted-by":"publisher","unstructured":"Matsumoto, T., Hata, M., Tanabe, M., Yoshioka, K., Oishi, K.: A method of preventing unauthorized data transmission in controller area network. In: Proceedings of the 75th IEEE Vehicular Technology Conference (VTC Spring), pp. 1\u20135 (2012). https:\/\/doi.org\/10.1109\/VETECS.2012.6240294","DOI":"10.1109\/VETECS.2012.6240294"},{"key":"4_CR15","unstructured":"Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Technical report, IOActive (2014). https:\/\/ioactive.com\/pdfs\/IOActive_Remote_Attack_Surfaces.pdf"},{"key":"4_CR16","unstructured":"Miller, C., Valasek, C.: Adventures in automotive networks and control units. Technical report, IOActive (2013)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Moore, M.R., Bridges, R.A., Combs, F.L., Starr, M.S., Prowell, S.J.: Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks. In: Proceedings of the 12th Annual Conference on Cyber and Information Security Research (2017)","DOI":"10.1145\/3064814.3064816"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"N\u00fcrnberger, S., Rossow, C.: vatiCAN - vetted, authenticated CAN bus. In: Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 106\u2013124 (2016)","DOI":"10.1007\/978-3-662-53140-2_6"},{"key":"4_CR19","unstructured":"Sharma, C., Moylan, S., Amariucai, G.T., Vasserman, E.Y.: An extended survey on vehicle security. Computing Research Repository (CoRR) abs\/1910.04150 (2019). http:\/\/arxiv.org\/abs\/1910.04150"},{"key":"4_CR20","doi-asserted-by":"publisher","unstructured":"Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: Proceedings of the International Conference on Information Networking (ICOIN) (2016). https:\/\/doi.org\/10.1109\/ICOIN.2016.7427089","DOI":"10.1109\/ICOIN.2016.7427089"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus. In: Proceedings of the World Congress on Industrial Control System Security (WCICSS), December 2015","DOI":"10.1109\/WCICSS.2015.7420322"},{"key":"4_CR22","doi-asserted-by":"publisher","unstructured":"Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: Proceedings of the IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 130\u2013139 (2016). https:\/\/doi.org\/10.1109\/DSAA.2016.20","DOI":"10.1109\/DSAA.2016.20"},{"key":"4_CR23","unstructured":"Theissler, A.: Anomaly detection in recordings from in-vehicle networks. In: Proceedings of the International Workshop on Big Data Applications and Principles (2014)"},{"key":"4_CR24","doi-asserted-by":"publisher","unstructured":"Tomlinson, A., Bryans, J., Shaikh, S.A., Kalutarage, H.K.: Detection of automotive CAN cyber-attacks by identifying packet timing anomalies in time windows. In: Proceedings of the 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 231\u2013238 (2018). https:\/\/doi.org\/10.1109\/DSN-W.2018.00069","DOI":"10.1109\/DSN-W.2018.00069"},{"key":"4_CR25","unstructured":"Van Herrewege, A., Singel\u00e9e, D., Verbauwhede, I.: CANAuth - a simple, backward compatible broadcast authentication protocol for CAN bus. In: Proceedings of the ESCAR Conference (2011)"},{"key":"4_CR26","doi-asserted-by":"publisher","unstructured":"Wu, W., et al.: A survey of intrusion detection for in-vehicle networks. IEEE Trans. Intell. Transp. Syst. 21(3) (2020). https:\/\/doi.org\/10.1109\/TITS.2019.2908074","DOI":"10.1109\/TITS.2019.2908074"},{"key":"4_CR27","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2019.2899062","author":"C Young","year":"2019","unstructured":"Young, C., Zambreno, J., Olufowobi, H., Bloom, G.: Survey of automotive controller area network intrusion-detection systems. IEEE Des. Test (2019). https:\/\/doi.org\/10.1109\/MDAT.2019.2899062","journal-title":"IEEE Des. Test"}],"container-title":["Communications in Computer and Information Science","Security in Computer and Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-09357-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T19:13:41Z","timestamp":1656530021000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-09357-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031093562","9783031093579"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-09357-9_4","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"30 June 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EuroCybersec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International ISCIS Security Workshop","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nice","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iscissecurityworkshop2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iotac.eu\/eurocybersec2021-workshop\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}