The smart features of modern cars are enabled by a number of Electronic Control Units (ECUs) components that communicate through an in-vehicle network, known as Controller Area Network (CAN) bus. The fundamental challenge is the security of the communication link where an attacker can inject messages (e.g., increase the speed) that may impact the safety of the driver. Most of existing practical IDS solutions rely on the knowledge of the identity of the ECUs, which is proprietary information. This paper proposes a message injection attack detection solution that is independent of the IDs of the ECUs. First, we represent the sequencing of the messages in a given time-interval as a direct graph and compute the similarities of the successive graphs using the cosine similarity and Pearson correlation. Then, we apply threshold, change point detection, and Long Short-Term Memory (LSTM)-Recurrent Neural Network (RNN) to detect and predict malicious message injections into the CAN bus. The evaluation of the methods using a dataset collected from a moving vehicle under malicious RPM and speed reading message injections show a detection accuracy of 97.32% and detection speed of 2.5 milliseconds when using a threshold method. The performance metrics makes the IDS suitable for real-time control mechanisms for vehicle resiliency to cyber-attacks.

中文翻译：

---

使用连续消息序列图的相似性检测对 CAN 总线的消息注入攻击

许多电子控制单元 (ECU) 组件通过称为控制器局域网 (CAN) 总线的车载网络进行通信，从而实现现代汽车的智能功能。基本挑战是通信链路的安全性，攻击者可以在其中注入可能影响驾驶员安全的消息（例如，提高速度）。大多数现有的实用 IDS 解决方案依赖于 ECU 身份的知识，这是专有信息。本文提出了一种独立于ECU ID的消息注入攻击检测解决方案。首先，我们将给定时间间隔内的消息排序表示为直接图，并使用余弦相似度和皮尔逊相关性计算连续图的相似度。然后，我们应用阈值，变化点检测，和长短期记忆 (LSTM)-循环神经网络 (RNN) 来检测和预测注入 CAN 总线的恶意消息。使用从恶意 RPM 和速度读取消息注入下的移动车辆收集的数据集对这些方法的评估表明，使用阈值方法时，检测精度为 97.32%，检测速度为 2.5 毫秒。性能指标使 IDS 适用于车辆网络攻击弹性的实时控制机制。使用阈值方法时为 5 毫秒。性能指标使 IDS 适用于车辆网络攻击弹性的实时控制机制。使用阈值方法时为 5 毫秒。性能指标使 IDS 适用于车辆网络攻击弹性的实时控制机制。