Table 1 Summary of the IDS for CAN bus system literature in the automotive domain. IDS detection strategy methods are proposed based on how the attack manifest into CAN bus network: Manipulation on CAN frequency and CAN packet payload
From: Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review
Key references | Detection strategy | Method | Placement strategy | Packet frequency | Packet payload modification |
|---|---|---|---|---|---|
Hoppe et al. [36] | Anomaly-based | Frequency-based | CAN | ✔ | – |
Hoppe et al. [56] | IDPS | Adaptive dynamic-based | CAN | – | – |
Larson et al. [30] | Specification-based | CAN 2.0 and CANopen 3.01 specification | ECU | ✔ | ✔ |
Hoppe et al. [36] | Anomaly-based | Frequency-based | CAN | ✔ | – |
Müter et al. [81] | Signature-based | Sensor-based | ECU | – | – |
Müter et al. [55] | Anomaly-based | Statistical-based (entropy-based) | CAN | ✔ | – |
Ling et al. [58] | Anomaly-based | Frequency-based | CAN | ✔ | ✔ |
Miller and Valasek [45] | Anomaly-based | Frequency-based | CAN | ✔ | – |
Miller and Valasek [1] | Anomaly-based | Frequency-based | CAN | ✔ | – |
Studnia et al. [38] | Signature-based | Finite-state automata | CAN | ✔ | ✔ |
Wasicek et al. [68] | Anomaly-based | Machine learning-based (ANN) | Central gateway | – | ✔ |
Taylor et al. [43] | Anomaly-based | Machine learning-based (deep neural network) | CAN | ✔ | – |
Narayanan et al. [73] | Anomaly-based | Statistical-based (hidden Markov) | CAN | – | ✔ |
Song et al. [57] | Signature-based | Frequency-based | CAN | ✔ | – |
Kang et al. [62] | Anomaly-based | Machine learning-based (deep neural network) | CAN | – | ✔ |
Cho et al. [22] | Anomaly-based | Statistical-based (RLS and CUSUM) | CAN | ✔ | ✔ |
Taylor et al. [41] | Anomaly-based | Machine learning-based (OCSVM) | CAN | – | ✔ |
Gmiden et al. [60] | Anomaly-based | Frequency-based | CAN | ✔ | ✔ |
Marchetti et al. [24] | Anomaly-based | Statistical-based (information theoretic) | CAN | – | ✔ |
Marchetti et al. [71] | Anomaly-based | Frequency-based (transition matrix) | CAN | ✔ | – |
Lee et al. [11] | Anomaly-based | Time-based (offset ratio and time interval-based) | CAN | ✔ | ✔ |
Moore et al. [61] | Anomaly-based | Frequency-based (Markov) | CAN | ✔ | – |
Wang et al. [54] | Hybrid-based | Hierarchical temporal memory (HTM) | CAN | – | ✔ |
Weber et al. [53] | Hybrid-based | Specification-based and machine learning-based | ECU | ✔ | ✔ |
Tomlinson et al. [72] | Anomaly-based | Statistical-based (ARIMA and Z score) | CAN | ✔ | ✔ |