Exploiting Temperature-Varied ECU Fingerprints for Source Identification in In-vehicle Network Intrusion Detection

The in-vehicle controller area network(CAN) provides reliable communications among ECUs, whereas the lack of security design of CAN protocols makes it vulnerable to CAN targeting attacks. Unfortunately, existing CAN intrusion detection systems merely recognize fabricated CAN messages while only little work are devoted to intrusion source identification. Demonstrated by our experimental study, the state-of-the-art source ECU identification approaches, which are based on physical ECU fingerprints, will fail when ECU temperature varies. In this paper, we innovatively propose temperature-varied fingerprinting, called TVF, for CAN intrusion detection and source ECU identification. Inspired by the significant observation that the clock offset of a specific ECU, i.e., its fingerprint, varies with the environment temperature of the ECU, the concept of temperature-varied ECU fingerprints are proposed and exploited to improve source identification accuracy in real-world vehicle CAN intrusion cases. The proposed temperature-varied fingerprinting is implemented and extensive performance evaluation experiments are conducted in both CAN bus prototype and real vehicles. The experimental results demonstrate the efficacy of the proposed TVF.