Topology Verification Enabled Intrusion Detection for In-Vehicle CAN-FD Networks

Controller area network with flexible data rate (CAN-FD) is a widely used communication protocol for in-vehicle sensing and control. However, due to the lack of inherent security mechanisms, unauthorized devices could access the CAN-FD by embedding external intruding devices (XIDs) to in-vehicle networks. Malicious intrusion into CAN-FD can expose a compromised vehicle to significantly increased safety, security, and privacy related risks. To enhance the security of CAN-FD networks, a novel intrusion detection method based on verification of network topology is proposed, where XIDs can be reliably detected through a simple random walk based network topology construction and subsequent verification. When an intrusion is detected, a secure mode would be triggered to further protect the network from being attacked. Simulation results indicate that multiple XIDs can be accurately detected, while the increment in the number of XIDs from 1 to 8 can lead to the convergence time increasing from 48 to 102 steps in the powertrain subnet and from 189 to 416 steps in the body subnet.