• Corpus ID: 198331298

Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks

  title={Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks},
  author={Brent C. Stone},
Several trends in the Cyber domain are converging to present an imminent threat to the safety and prosperity of people and property. Efforts by organizations and nations to automate the administration and functions of Cyber-Physical Systems (CPS) such as road vehicles and manufacturing plants have the side effect of connecting previously isolated CPS networks to the global Internet. These CPS networks routinely have ineffective or no Cyber-security measures in place since they were assumed to… 
Critical Infrastructure Protection XIV: 14th IFIP WG 11.10 International Conference, ICCIP 2020, Arlington, VA, USA, March 16–17, 2020, Revised Selected Papers
  • N. Kovach
  • Computer Science
    Critical Infrastructure Protection
  • 2020
An automated model with graph-based information flow traversal is described for identifying information flow paths in the Automatic Dependent Surveillance-Broadcast (ADS-B) system used in civilian aviation, and subsequently partitioning the flows into security domains.
I Know Where You Parked Last Summer : Automated Reverse Engineering and Privacy Analysis of Modern Cars
The results show that car makers track the GPS position, the number of occupants, their weight, usage statistics of doors, lights, and AC, and that OEMs embed functions to remotely disable the car or get an alert when the driver is speeding.


Secure Cyber-Physical Systems: Current trends, tools and open research problems
A review of current security trends and tools for secure CPS, and a detailed characterization of attacks reported on different cyber-physical systems, grouped according to their application domains, attack complexity, attack source and impact.
Anomaly-Based Detection of Malicious Activity in In-Vehicle Networks
The goals are to show that anomaly detection trained without understanding of the message contents can detect attacks, and to create a framework for understanding how the characteristics of a novel attack can be used to predict its detectability.
Field classification, modeling and anomaly detection in unknown CAN bus networks
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Techniques to extract the format of protocol messages sent by an application that implements a protocol specification, and to infer the field semantics for messages both sent and received by the application are proposed.
Automobile Driver Fingerprinting
This study experimentally investigates the potential to identify individuals using sensor data snippets of their natural driving behavior and finds that, at least among small sets, drivers are indeed distinguishable using only incar sensors.
Traffic to protocol reverse engineering
A new methodology to extract the relevant fields from arbitrary binary protocols to construct a state model is presented, which is proved by deriving the state machine of documented protocols ARP, DHCP and TCP.
A novel semi-supervised approach for network traffic clustering
This work presents a novel semi-supervised learning method using constrained clustering algorithms that incorporates constraints in the course of clustering, indicating that the overall accuracy and cluster purity can be significantly improved.
Dissecting Customized Protocols: Automatic Analysis for Customized Protocols based on IEEE 802.15.4
A novel methodology to analyze and reconstruct unknown wireless customized protocols over IEEE 802.15.4 and develops an automatic analysis and spoofing tool called WPAN automatic spoofer (WASp) that can be used to understand and reconstruct customized protocols to byte-level accuracy, and to generate packets that could be used for verification of analysis results or spoofing attacks.
Protocol-Independent Adaptive Replay of Application Dialog
RolePlayer is presented, a system which, given examples of an application session, can mimic both the client side and the server side of the session for a wide variety of application protocols.