Digital Twin-Based Evaluation of Vehicular Controller Area Network Intrusion Detection Systems
DOI:
https://doi.org/10.31436/ijpcc.v11i1.530Keywords:
In-vehicle network, Controller Area Network, Intrusion detection, Digital twinAbstract
The functions and operations of a modern automobile are becoming increasingly computerised, with this transformation made possible by Electronic Control Units (ECUs) that communicate and coordinate with each other on the in-vehicle network. Controller Area Network (CAN) is one of the most popular protocols for the in-vehicle network, supporting low latency and reliable communications. However, the CAN protocol does not have provisions for security, such as encryption, authentication, and authorisation, which makes it vulnerable to cyberattacks, particularly in today’s automotive landscape characterised by extensive connectivity with external devices, vehicles, and infrastructure. While intrusion detection systems (IDS) for CAN have emerged as a key security measure, assessing their performance against realistic attacks remains a challenge since testing with real vehicles poses significant costs and safety risks and testbeds suffer from a lack of fidelity in terms of the CAN frame transmission timings and generated payloads. This work proposes a digital twin (DT)-based framework for CAN IDS evaluation that replicates the functionality of real-world ECUs and CAN bus of a vehicle with real-time flow of data from the physical bus to its virtual representation. The main contribution of this work is a CAN DT that can not only enable the generation of realistic attack traffic for simple and sophisticated attack scenarios but also the generation of diverse combinations of attack and real driving scenarios. This DT can facilitate the evaluation of both the detection capability and performance of CAN IDS. This work presents the methodology for generating the proposed DT and discusses current findings as well as future work
References
R. N. Charette, “How Software Is Eating the Car,” IEEE Spectrum. Accessed: Sep. 08, 2022. [Online]. Available
https://spectrum.ieee.org/software-eating-car
K. Koscher, A. Czeskis, F. Roesner, S. Patel, and T. Kohno, “Experimental Security Analysis of a Modern Automobile,” 2010 IEEE Symp. Secur. Priv., pp. 1–16, 2010.
S. Checkoway et al., “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” Proc. 20th USENIX Secur. Symp., pp. 77–92, 2011.
C. Miller and C. Valasek, “Remote Exploitation of an Unaltered Passenger Vehicle,” in Black Hat USA, Las Vegas, 2015.
“Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars,” Keen Security Lab Blog. Accessed: Jun. 14, 2022. [Online]. Available: http://keenlab.tencent.com/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/index.html
H. Jadidbonab, A. Tomlinson, H. N. Nguyen, T. Doan, and S. A. Shaikh, “A Real-Time In-Vehicle Network Testbed for Machine Learning-Based IDS Training and Validation,” 2021, p. 16.
C. Jichici, B. Groza, and P.-S. Murvay, “Integrating Adversary Models and Intrusion Detection Systems for In-vehicle Networks in CANoe,” in Innovative Security Solutions for Information Technology and Communications, vol. 12001, E. Simion and R. Géraud-Stewart, Eds., in Lecture Notes in Computer Science, vol. 12001. , Cham: Springer International Publishing, 2020, pp. 241–256. doi: 10.1007/978-3-030-41025-4_16.
B. Lampe and W. Meng, “can-train-and-test: A curated CAN dataset for automotive intrusion detection,” Comput. Secur., vol. 140, p. 103777, May 2024, doi: 10.1016/j.cose.2024.103777.
F. Pollicino, D. Stabili, and M. Marchetti, “Performance Comparison of Timing-Based Anomaly Detectors for Controller Area Network: A Reproducible Study,” ACM Trans. Cyber-Phys. Syst., vol. 8, no. 2, pp. 1–24, Apr. 2024, doi: 10.1145/3604913.
E. Aliwa, O. Rana, C. Perera, and P. Burnap, “Cyberattacks and Countermeasures for In-Vehicle Networks,” ACM Comput. Surv., vol. 54, no. 1, pp. 1–37, Apr. 2021, doi: 10.1145/3431233.
K. Tindell, “The canframe.py tool,” Ken Tindell’s blog. Accessed: Jan. 27, 2023. [Online]. Available:
https://kentindell.github.io/2020/01/03/canframe_py_tool/
D. Stabili, F. Pollicino, and A. Rota, “A benchmark framework for CAN IDS,” presented at the Italian Conference on Cyber Security, Apr. 2021.
M. E. Verma et al., “A comprehensive guide to CAN IDS data and introduction of the ROAD dataset,” PLOS ONE, vol. 19, no. 1, p. e0296879, Jan. 2024, doi: 10.1371/journal.pone.0296879.
M. Bozdal, M. Samie, S. Aslam, and I. Jennions, “Evaluation of CAN Bus Security Challenges,” Sens. Switz., vol. 20, no. 8, 2020, doi: 10.3390/s20082364.
K.-T. Cho and K. G. Shin, “Fingerprinting Electronic Control Units for Vehicle Intrusion Detection,” in 25th USENIX Security Symposium (USENIX Security 16), Austin, Texas: USENIX Association, 2016, pp. 911--927. [Online]. Available:
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/cho
K.-T. Cho and K. G. Shin, “Error Handling of In-vehicle Networks Makes Them Vulnerable,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna Austria: ACM, Oct. 2016, pp. 1044–1055. doi: 10.1145/2976749.2978302.
M. Grieves, “Digital Twin: Manufacturing Excellence through Virtual Factory Replication,” 2014.
F. Tao, H. Zhang, A. Liu, and A. Y. C. Nee, “Digital Twin in Industry: State-of-the-Art,” IEEE Trans. Ind. Inform., vol. 15, no. 4, pp. 2405–2415, 2019, doi: 10.1109/TII.2018.2873186.
M. Liu, S. Fang, H. Dong, and C. Xu, “Review of digital twin about concepts, technologies, and industrial applications,” J. Manuf. Syst., vol. 58, no. October 2019, pp. 346–361, 2021, doi: 10.1016/j.jmsy.2020.06.017.
J. Guo, M. Bilal, Y. Qiu, C. Qian, X. Xu, and K.-K. Raymond Choo, “Survey on digital twins for Internet of Vehicles: Fundamentals, challenges, and opportunities,” Digit. Commun. Netw., vol. 10, no. 2, pp. 237–247, Apr. 2024, doi: 10.1016/j.dcan.2022.05.023.
E. VanDerHorn and S. Mahadevan, “Digital Twin: Generalization, characterization and implementation,” Decis. Support Syst., vol. 145, p. 113524, Jun. 2021, doi: 10.1016/j.dss.2021.113524.
M. Eckhart and A. Ekelhart, “Towards security-aware virtual environments for digital twins,” CPSS 2018 - Proc. 4th ACM Workshop Cyber-Phys. Syst. Secur. Co-Located ASIA CCS 2018, pp. 61–72, 2018, doi: 10.1145/3198458.3198464.
S. Sharmin, H. Mansor, A. F. Abdul Kadir, and N. A. Aziz, “Benchmarking frameworks and comparative studies of Controller Area Network (CAN) intrusion detection systems: A review,” J. Comput. Secur., vol. 32, no. 5, pp. 477–507, Nov. 2024, doi: 10.3233/JCS-230027.
G. Karopoulos, G. Kambourakis, E. Chatzoglou, J. L. Hernández-Ramos, and V. Kouliaridis, “Demystifying In-Vehicle Intrusion Detection Systems: A Survey of Surveys and a Meta-Taxonomy,” Electronics, vol. 11, no. 7, p. 1072, Mar. 2022, doi: 10.3390/electronics11071072.
S. Stachowski, R. Gaynier, and D. J. LeBlanc, “An Assessment Method for Automotive Intrusion Detection System Performance,” National Highway Traffic Safety Administration, Washington, D.C., DOT HS 812 708, Apr. 2019.
S. Mahmood, H. N. Nguyen, and S. A. Shaikh, “Automotive Cybersecurity Testing: Survey of Testbeds and Methods,” in Digital Transformation, Cyber Security and Resilience of Modern Societies, vol. 84, T. Tagarev, K. T. Atanassov, V. Kharchenko, and J. Kacprzyk, Eds., in Studies in Big Data, vol. 84. , Cham: Springer International Publishing, 2021, pp. 219–243. doi: 10.1007/978-3-030-65722-2_14.
O. Cros, A. Thiroux, and G. Chênevert, “Cacao, a CAN-Bus Simulation Platform for Secured Vehicular Communication,” in Ad Hoc Networks, vol. 345, L. Foschini and M. El Kamili, Eds., in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 345. , Cham: Springer International Publishing, 2021, pp. 213–224. doi: 10.1007/978-3-030-67369-7_16.
P. Mundhenk, A. Mrowca, S. Steinhorst, M. Lukasiewycz, S. A. Fahmy, and S. Chakraborty, “Open source model and simulator for real-time performance analysis of automotive network security,” ACM SIGBED Rev., vol. 13, no. 3, pp. 8–13, Aug. 2016, doi: 10.1145/2983185.2983186.
X. Zheng, L. Pan, H. Chen, R. Di Pietro, and L. Batten, “A Testbed for Security Analysis of Modern Vehicle Systems,” in 2017 IEEE Trustcom/BigDataSE/ICESS, Sydney, NSW: IEEE, Aug. 2017, pp. 1090–1095. doi: 10.1109/Trustcom/BigDataSE/ICESS.2017.357.
D. S. Fowler, M. Cheah, S. A. Shaikh, and J. Bryans, “Towards a Testbed for Automotive Cybersecurity,” in 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST), Tokyo, Japan: IEEE, Mar. 2017, pp. 540–541. doi: 10.1109/ICST.2017.62.
D. Granata, M. Rak, and G. Salzillo, “Towards HybridgeCAN, a hybrid bridged CAN platform for automotive security testing,” in 2021 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece: IEEE, Jul. 2021, pp. 249–254. doi: 10.1109/CSR51186.2021.9527969.
C. E. Everett and D. McCoy, “OCTANE: Open Car Testbed And Network Experiments Bringing Cyber-Physical Security Research to Researchers and Students,” in 6th Workshop on Cyber Security Experimentation and Test, 2013, p. 8.
T. Toyama, T. Yoshida, H. Oguma, and T. Matsumoto, “PASTA: Portable Automotive Security Testbed with Adaptability,” presented at the Black Hat Europe, London, 2018.
D. Shi, L. Kou, C. Huo, and T. Wu, “A CAN Bus Security Testbed Framework for Automotive Cyber-Physical Systems,” Wirel. Commun. Mob. Comput., vol. 2022, pp. 1–11, Aug. 2022, doi: 10.1155/2022/7176194.
L. Popa, A. Berdich, and B. Groza, “CarTwin—Development of a Digital Twin for a Real-World In-Vehicle CAN Network,” Appl. Sci., vol. 13, no. 1, p. 445, Dec. 2022, doi: 10.3390/app13010445.
G. Bhatti, H. Mohan, and R. Raja Singh, “Towards the future of smart electric vehicles: Digital twin technology,” Renew. Sustain. Energy Rev., vol. 141, no. January, p. 110801, 2021, doi: 10.1016/j.rser.2021.110801.
V. Damjanovic-Behrendt, “A Digital Twin-based Privacy Enhancement Mechanism for the Automotive Industry,” 2018, pp. 272–279.
S. Marksteiner, S. Bronfman, M. Wolf, and E. Lazebnik, “Using Cyber Digital Twins for Automated Automotive Cybersecurity Testing,” in 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria: IEEE, Sep. 2021, pp. 123–128. doi: 10.1109/EuroSPW54576.2021.00020.
F. Akbarian, E. Fitzgerald, and M. Kihl, “Intrusion Detection in Digital Twins for Industrial Control Systems,” 2020 28th Int. Conf. Softw. Telecommun. Comput. Netw. SoftCOM 2020, 2020, doi: 10.23919/SoftCOM50211.2020.9238162.
A. Pokhrel, V. Katta, and R. Colomo-Palacios, “Digital Twin for Cybersecurity Incident Prediction: A Multivocal Literature Review,” Proc. - 2020 IEEEACM 42nd Int. Conf. Softw. Eng. Workshop ICSEW 2020, pp. 671–678, 2020, doi: 10.1145/3387940.3392199.
R. Tharma, R. Winter, and M. Eigner, “An Approach for the Implementation of the Digital Twin in the Automotive Wiring Harness Field,” presented at the 15th International Design Conference, 2018, pp. 3023–3032. doi: 10.21278/idc.2018.0188.
“Korlan USB2CAN - 8devices.” Accessed: Jun. 21, 2024. [Online]. Available: https://www.8devices.com/products/usb2can_korlan
“commaai/opendbc: democratize access to car decoder rings.” Accessed: Jan. 20, 2024. [Online]. Available: https://github.com/commaai/opendbc
“CAN BUS tools — cantools 39.4.3.dev10+gcc02988 documentation.” Accessed: Dec. 26, 2024. [Online]. Available: https://cantools.readthedocs.io/en/latest/
“Vehicle Network Toolbox.” Accessed: Dec. 26, 2024. [Online]. Available: https://www.mathworks.com/help/vnt/index.html
“Accelerating Testing with Advanced ECU Restbus Simulation.” Accessed: Dec. 24, 2024. [Online]. Available: https://www.ni.com/en/solutions/transportation/hardware-in-the-loop/vehicle-communication-software-suite.html
S. Sharmin, “Pairwise Pearson correlation heatmap for non- constant signals extracted from a Hyundai Sonata 2018.” Zenodo, Jan. 2025. doi: 10.5281/zenodo.14627705.
