HomePublicationsPaper

ZeroCAN: Anomaly-Based Zero-Day Attack Detection in Vehicular CAN Bus Networks
Ref: CISTER-TR-250102       Publication Date: 2025

Abstract:
Zero-day attacks present a significant security threat to vehicular networks, exploiting vulnerabilities at both software and hardware levels within such systems that remain undis- covered. Mitigating these threats is essential to ensuring the safety and security of vehicular systems. Support Vector Machine (SVM) is a good candidate for anomaly detection of zero-day attacks within vehicular networks because it can handle high- dimensional data and effectively distinguish between normal and abnormal patterns in complex and dynamic environments. A trained SVM on the normal operation data of in-vehicular network can identify flag deviations, thus making it effective in the detection of any previously unknown attack patterns, which is a common behaviour of zero-day attacks. In this paper, we introduce an anomaly detection method called ”ZeroCAN” which models the behaviour of every single electronic control unit on the network with a separate SVM and a set of high-level features that capture the timing and data payload aspects of CANbus traffic. This approach achieves an anomaly detection rate of over 99% and a false positive rate below 0.01% during normal operation in most cases

Jonathan Rendel

,

William Balte

,

Harrison Kurunathan

,

Hazem Ali

,

Alexandre Roque

,

Wagner Morais

,

Mahdi Fazeli

Document:

View
PDF Download
PDF