{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T02:31:49Z","timestamp":1760236309671,"version":"build-2065373602"},"reference-count":33,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2021,11,11]],"date-time":"2021-11-11T00:00:00Z","timestamp":1636588800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61971192"],"award-info":[{"award-number":["61971192"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Cryptography Development Fund","award":["MMJJ20180106"],"award-info":[{"award-number":["MMJJ20180106"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>In-vehicle electronic control unit (ECU) communications generally count on private protocols (defined by the manufacturers) under controller area network (CAN) specifications. Parsing the private protocols for a particular vehicle model would be of great significance in testing the vehicle\u2019s resistance to various attacks, as well as in designing efficient intrusion detection and prevention systems (IDPS) for the vehicle. This paper proposes a suite of methods for parsing ECU private protocols on in-vehicle CAN network. These methods include an algorithm for parsing discrete variables (encoded in a discrete manner, e.g., gear state), an algorithm for parsing continuous variables (encoded in a continuous manner, e.g., vehicle speed), and a parsing method based on upper-layer protocols (e.g., OBD and UDS). Extensive verifications have been performed on five different brands of automobiles (including an electric vehicle) to demonstrate the universality and the correctness of these parsing algorithms. Some parsing tips and experiences are also presented. Our continuous-variables parsing algorithm could run in a semi-automatic manner and the parsing algorithm from upper-layer protocols could execute in a completely automatic manner. One might view the results obtained by our parsing algorithms as an important indicator of penetration testing on in-vehicle CAN network.<\/jats:p>","DOI":"10.3390\/e23111495","type":"journal-article","created":{"date-parts":[[2021,11,11]],"date-time":"2021-11-11T23:02:41Z","timestamp":1636671761000},"page":"1495","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["(Semi-)Automatically Parsing Private Protocols for In-Vehicle ECU Communications"],"prefix":"10.3390","volume":"23","author":[{"given":"Tongtong","family":"Chen","sequence":"first","affiliation":[{"name":"School of Software Engineering, East China Normal University, Shanghai 200062, China"}]},{"given":"Xiangxue","family":"Li","sequence":"additional","affiliation":[{"name":"School of Software Engineering, East China Normal University, Shanghai 200062, China"},{"name":"Shanghai Key Laboratory of Trustworthy Computing, Shanghai 200062, China"},{"name":"Westone Cryptologic Research Center, Beijing 100070, China"}]}],"member":"1968","published-online":{"date-parts":[[2021,11,11]]},"reference":[{"key":"ref_1","first-page":"1","article-title":"Free-fall: Hacking tesla from wireless to can bus","volume":"25","author":"Nie","year":"2017","journal-title":"Briefing Black Hat USA"},{"key":"ref_2","unstructured":"Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., and Kohno, T. (2011, January 8\u201312). Comprehensive experimental analyses of automotive attack surfaces. Proceedings of the USENIX Security Symposium, San Francisco, CA, USA."},{"key":"ref_3","first-page":"94","article-title":"A survey of remote automotive attack surfaces","volume":"2014","author":"Miller","year":"2014","journal-title":"Black Hat USA"},{"key":"ref_4","first-page":"91","article-title":"Remote exploitation of an unaltered passenger vehicle","volume":"2015","author":"Miller","year":"2015","journal-title":"Black Hat USA"},{"key":"ref_5","unstructured":"Hunt, T. (2021, November 09). Controlling Vehicle Features of Nissan Leafs across the Globe via Vulnerable Apis. Blog Post. Available online: https:\/\/www.troyhunt.com\/controlling-vehicle-features-of-nissan\/."},{"key":"ref_6","unstructured":"Currie, R. (2021, November 09). Developments in Car Hacking, Available online: https:\/\/www.sans.org\/white-papers\/36607\/."},{"key":"ref_7","unstructured":"KEEN Security Lab (2021, November 09). Experimental Security Assessment of Bmw Cars: A Summary Report. Available online: https:\/\/keenlab.tencent.com\/en\/whitepapers\/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MNET.2017.1600257","article-title":"In-Vehicle Network Attacks and Countermeasures: Challenges and Future Directions","volume":"31","author":"Liu","year":"2017","journal-title":"IEEE Netw."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., and Shacham, H. (2010, January 16\u201319). Experimental Security Analysis of a Modern Automobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2010.34"},{"key":"ref_10","unstructured":"Hoppe, T., Kiltz, S., and Dittmann, J. (2008, January 22\u201325). Security threats to automotive CAN networks\u2014Practical examples and selected short-term countermeasures. Proceedings of the International Conference on Computer Safety, Reliability, and Security, Newcastle upon Tyne, UK."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kaplan, H., Tehrani, K., and Jamshidi, M. (2021). A Fault Diagnosis Design Based on Deep Learning Approach for Electric Vehicle Applications. Energies, 14.","DOI":"10.3390\/en14206599"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"M\u00fcter, M., and Asaj, N. (2011, January 5\u20139). Entropy-based anomaly detection for in-vehicle networks. Proceedings of the IEEE Intelligent Vehicles Symposium (IV), Baden-Baden, Germany.","DOI":"10.1109\/IVS.2011.5940552"},{"key":"ref_13","unstructured":"Cho, K.T., and Shin, K.G. (2016, January 10\u201312). Fingerprinting electronic control units for vehicle intrusion detection. Proceedings of the 25th USENIX Security Symposium, Austin, TX, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Marchetti, M., and Stabili, D. (2017, January 11\u201314). Anomaly detection of CAN bus messages through analysis of ID sequences. Proceedings of the IEEE Intelligent Vehicles Symposium, Los Angeles, CA, USA.","DOI":"10.1109\/IVS.2017.7995934"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Liu, C., Wang, J., Xu, J., Yu, X., Tian, L., Wang, J., Zhou, L., and Zhang, D. (2020, January 15\u201317). Key Security Challenges for Electric Vehicle Charging System. Proceedings of the 2020 2nd International Conference on Artificial Intelligence and Advanced Manufacture (AIAM), Manchester, UK.","DOI":"10.1109\/AIAM50918.2020.00061"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Mohammadhassani, A., Teymouri, A., Mehrizi-Sani, A., and Tehrani, K. (2020, January 2\u20134). Performance evaluation of an inverter-based microgrid under cyberattacks. Proceedings of the IEEE 15th International Conference of System of Systems Engineering-SOSE2020, Budapest, Hungary.","DOI":"10.1109\/SoSE50414.2020.9130524"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"45233","DOI":"10.1109\/ACCESS.2018.2865169","article-title":"Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks","volume":"6","author":"Wu","year":"2018","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Taylor, A., Japkowicz, N., and Leblanc, S. (2015, January 14\u201316). Frequency based anomaly detection for the automotive CAN bus. Proceedings of the World Congress on Industrial Control Systems Security, London, UK.","DOI":"10.1109\/WCICSS.2015.7420322"},{"key":"ref_19","first-page":"306","article-title":"Supervised and Unsupervised Intrusion Detection Based on CAN Message Frequencies for In-vehicle Network","volume":"26","author":"Kuwahara","year":"2018","journal-title":"J. Inf. Process."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Liu, Y., Li, X., and Wu, H. (2021, January 18\u201320). Another Look at the Connection between CAN Signal Ringing & In-Vehicle ECU Identification. Proceedings of the IEEE TrustCom 2021, Shenyang, China.","DOI":"10.1109\/TrustCom53373.2021.00141"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Liu, Y., and Li, X. (2021, January 17\u201319). Source Identification from In-Vehicle CAN-FD Signaling: What Can We Expect?. Proceedings of the International Conference on Information and Communications Security (ICICS2021), Chongqing, China.","DOI":"10.1007\/978-3-030-86890-1_12"},{"key":"ref_22","unstructured":"Robert Bosch GmbH (1991). Can Specification Version 2.0, Rober Bousch GmbH."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Smith, C. (2016). The Car Hacker\u2019s Handbook: A Guide for the Penetration Tester, No Starch Press.","DOI":"10.4271\/1593277032"},{"key":"ref_24","unstructured":"Santiago, C.P. (2018). Security Assessment for Automotive Controllers Using Side Channel and Fault Injection Attacks. [Master\u2019s Thesis, Universitat Polit\u00e8cnica de Catalunya]."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Wajape, M., and Elamana, N.B. (2014, January 16\u201317). Study of iso 14229-1 and iso 15765-3 and implementation in ems ecu for eeprom for uds application. Proceedings of the 2014 IEEE International Conference on Vehicular Electronics and Safety, Hyderabad, India.","DOI":"10.1109\/ICVES.2014.7063742"},{"key":"ref_26","first-page":"260","article-title":"Adventures in automotive networks and control units","volume":"21","author":"Miller","year":"2013","journal-title":"Def Con"},{"key":"ref_27","unstructured":"Miller, C., and Valasek, C. (2015). Car Hacking: For Poories, IOActive Report. Technical Report."},{"key":"ref_28","unstructured":"Miller, C., and Valasek, C. (2021, November 09). Can Message Injection, Available online: http:\/\/illmatics.com\/can%20message%20injection.pdf."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"2198","DOI":"10.1109\/TMC.2016.2618873","article-title":"Fine-Grained Abnormal Driving Behaviors Detection and Identification with Smartphones","volume":"16","author":"Yu","year":"2017","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"2087","DOI":"10.1109\/TII.2017.2674661","article-title":"SafeDrive: Online Driving Anomaly Detection From Large-Scale Vehicle Data","volume":"13","author":"Zhang","year":"2017","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Seo, E., Song, H.M., and Kim, H.K. (2018, January 28\u201330). Gan based intrusion detection system for in-vehicle network. Proceedings of the 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland.","DOI":"10.1109\/PST.2018.8514157"},{"key":"ref_32","unstructured":"International Organization for Standardization (ISO) (2021, November 09). 14229-1: 2013 Road Vehicles\u2013Unified Diagnostic Services (uds)\u2013Part 1: Specification and Requirements. Available online: https:\/\/www.iso.org\/obp\/ui\/#!iso:std:55283:en."},{"key":"ref_33","unstructured":"International Organization for Standardization (ISO) (2021, November 09). 15765-2 Road Vehicles\u2013Diagnostic Communication over controller Area Network (Docan)\u2013Part 2: Transport Protocol and Network Layer Services. Available online: https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:15765:-2:ed-3:v1:en."}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/11\/1495\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:28:52Z","timestamp":1760167732000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/11\/1495"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,11]]},"references-count":33,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2021,11]]}},"alternative-id":["e23111495"],"URL":"https:\/\/doi.org\/10.3390\/e23111495","relation":{},"ISSN":["1099-4300"],"issn-type":[{"type":"electronic","value":"1099-4300"}],"subject":[],"published":{"date-parts":[[2021,11,11]]}}}