can-train-and-test: A New CAN Intrusion Detection Dataset

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The controller area network (CAN) bus facilitates communication between a vehicle's microcontrollers, known as electronic control units (ECUs). Developed in 1983, the CAN bus is exceedingly robust—and exceedingly insecure. The CAN bus lacks conventional security controls (e.g., authentication, authorization, access control, encryption—to name a few). Significant research work has focused on improving automotive security; however, it has been challenging to add security to the CAN bus ex post facto.The automotive intrusion detection system (IDS) has been popularized in the literature as a relatively low-cost, low-effort security improvement for the CAN bus. Unfortunately, would-be IDS designers are often confronted with a shortage of adequate datasets to facilitate IDS development and evaluation. For intrusion detection systems built from machine learning models, the dataset shortage is particularly problematic; machine learning models require a lot of data for training and testing. The shortage of CAN datasets might impede or even deter would-be automotive IDS researchers.In this work, we introduce a new CAN dataset, dubbed can-train-and-test, to ameliorate the shortage of CAN datasets for IDS development and evaluation. Our dataset contains CAN data from four different vehicles manufactured by two different organizations—Chevrolet (General Motors) and Subaru. We provide attack-free traffic captures as well as captures that demonstrate nine distinct types of attacks—e.g., denial of service (DoS), fuzzing, standstill. We conduct all nine attacks against each of the four vehicles; thus, IDS designers can use the attack captures to evaluate an IDS's ability to generalize to different vehicles. We provide (1) replayable .log files, (2) unlabeled .csv files, and (3) labeled .csv files in order to meet a variety of IDS development and evaluation needs.
Original languageEnglish
Title of host publicationProceedings of 98th IEEE Vehicular Technology Conference
Number of pages7
PublisherIEEE
Publication date13 Oct 2023
Article number10333756
ISBN (Print)979-8-3503-2929-2
DOIs
Publication statusPublished - 13 Oct 2023
Event98th IEEE Vehicular Technology Conference - Sheraton Hong Kong Tung Chung hotel, Hong Kong, Hong Kong
Duration: 10 Oct 202313 Oct 2023

Conference

Conference98th IEEE Vehicular Technology Conference
LocationSheraton Hong Kong Tung Chung hotel
Country/TerritoryHong Kong
CityHong Kong
Period10/10/202313/10/2023

Keywords

  • Authorization
  • Training
  • Intrusion detection
  • Authentication
  • Machine learning
  • Traction motors
  • Data models

Fingerprint

Dive into the research topics of 'can-train-and-test: A New CAN Intrusion Detection Dataset'. Together they form a unique fingerprint.

Cite this