In-Vehicle Networks (IVNs) have become increasingly complex due to the need to enhance driving experience and provide passengers with a broader range of services. The Controller Area Network (CAN) bus is widely used in modern vehicles, enabling communication between various electronic control units. The CAN bus exhibits cybersecurity vulnerabilities that require the use of protection mechanisms. An Intrusion Detection System (IDS) can efficiently identify and mitigate threats in CAN networks. In this article, we perform an extensive and thorough analysis of a CAN dataset, namely CANini. The CANini dataset comes from the augmentation of the CAN-MIRGU dataset, which has been collected from a real vehicle under various driving scenarios. Our analysis offers a comprehensive and extensive characterization of CAN network traffic, examining specifically inter-frame arrival times and patterns in data bytes. We proceeded to test these features by designing a simple anomaly-based IDS that employs a multiclass Decision Tree classifier. To find and assess the weaknesses of our selected architecture, a robustness analysis was performed on the IDS by manipulating the properties of the CAN traffic. Our novel analysis provides critical insights into the behavior and structure of CAN in a typical IVN, which is crucial for the development and validation of a reliable IDS.
Keywords: Anomaly detection, automotive, CAN dataset, cybersecurity, data mining, features extraction, intrusion detection, machine learning.
