Attack Simulation and Adaptation in CAN for Training and Evaluation of IDS.

The vulnerability of vehicles due to the lack of security features of the Controller Area Network (CAN) is now well known. CAN is one of the de facto standards for internal vehicle communication, so securing CAN against attacks is an ongoing challenge. For this purpose, Intrusion Detection Systems (IDS) are a widely known approach for attack detection. IDS have to be trained and evaluated, therefore data is needed. The few publicly available data sets cover only a small variance of possible attacks. Since conducting real attacks can be a costly business, the presented method generates simulated attack data that can be used to train and evaluate IDS. To show the vulnerabilities of an IDS, the approach adapted the attacks so that they are not detected by the IDS. The approach is executed on an IDS that detected 99.99% of the original attacks in the publicly available data sets. After adaptation by the proposed method, we found several attacks that were not detected.