Real-Time Security Warning and ECU Identification for In-Vehicle Networks

Vehicle intelligence and networking have manifested the significance of the embedded controller area network (CAN) bus. However, the lack of message encryption and identity (ID) authentication leaves electric control units (ECUs) exposed to cyber attacks. To identify the potential attacks on the CAN, intrusion detection systems (IDSs) are required with consideration of their computational burden and their application in vehicles. Therefore, we propose a lightweight ECU identification scheme. Explicitly, the proposed method records the periodic intervals of frames and calculates accumulated clock offsets with the recursive least square (RLS) algorithm; meanwhile, the empirical rules (ERs) are adopted to eliminate the noises. Then, the ECU fingerprints have been formulated with the derived clock skew, clock offsets, as well as their expectations. Furthermore, to accurately identify the attackers in the masquerade attacks, a double-verified attacker identification approach is proposed, in which the data dependency and intra-inter-class algorithm are, respectively, utilized for better executability. Finally, we have tested the proposed method with an actual vehicle, and the results manifest that the proposed method could identify the abnormal ECUs with an identification accuracy of at least 98%, and its execution time is less than 3 ms.