Skip to main content

Table 1 Summary of the IDS for CAN bus system literature in the automotive domain. IDS detection strategy methods are proposed based on how the attack manifest into CAN bus network: Manipulation on CAN frequency and CAN packet payload

From: Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review

Key references Detection strategy Method Placement strategy Packet frequency Packet payload modification
Hoppe et al. [36] Anomaly-based Frequency-based CAN
Hoppe et al. [56] IDPS Adaptive dynamic-based CAN
Larson et al. [30] Specification-based CAN 2.0 and CANopen 3.01 specification ECU
Hoppe et al. [36] Anomaly-based Frequency-based CAN
Müter et al. [81] Signature-based Sensor-based ECU
Müter et al. [55] Anomaly-based Statistical-based (entropy-based) CAN
Ling et al. [58] Anomaly-based Frequency-based CAN
Miller and Valasek [45] Anomaly-based Frequency-based CAN
Miller and Valasek [1] Anomaly-based Frequency-based CAN
Studnia et al. [38] Signature-based Finite-state automata CAN
Wasicek et al. [68] Anomaly-based Machine learning-based (ANN) Central gateway
Taylor et al. [43] Anomaly-based Machine learning-based (deep neural network) CAN
Narayanan et al. [73] Anomaly-based Statistical-based (hidden Markov) CAN
Song et al. [57] Signature-based Frequency-based CAN
Kang et al. [62] Anomaly-based Machine learning-based (deep neural network) CAN
Cho et al. [22] Anomaly-based Statistical-based (RLS and CUSUM) CAN
Taylor et al. [41] Anomaly-based Machine learning-based (OCSVM) CAN
Gmiden et al. [60] Anomaly-based Frequency-based CAN
Marchetti et al. [24] Anomaly-based Statistical-based (information theoretic) CAN
Marchetti et al. [71] Anomaly-based Frequency-based (transition matrix) CAN
Lee et al. [11] Anomaly-based Time-based (offset ratio and time interval-based) CAN
Moore et al. [61] Anomaly-based Frequency-based (Markov) CAN
Wang et al. [54] Hybrid-based Hierarchical temporal memory (HTM) CAN
Weber et al. [53] Hybrid-based Specification-based and machine learning-based ECU
Tomlinson et al. [72] Anomaly-based Statistical-based (ARIMA and Z score) CAN