Campus Units

Electrical and Computer Engineering

Document Type

Conference Proceeding

Publication Version

Submitted Manuscript

Publication Date



There have been several public demonstrations of attacks on connected vehicles showing the ability of an attacker to take control of a targeted vehicle by injecting messages into their Controller Area Network (CAN) bus. In this paper, using injected speed reading and Revolutions Per Minute (RPM) messages, we examined the ability of the Pearson correlation, the k-means clustering, and the Hidden Markov Model (HMM) techniques to differentiate ’no-attack’ and ’under-attack’ states of the given vehicle. We found that the Pearson correlation distinguishes the two states while the k-means fails to distinguish the two states and HMM can successfully detect attacks but may have a high false positive rate. In addition, we found that the HMM-based detection method, and the k-means clustering methods exhibit different capabilities to detect attacks on the speedometer and tachometer sensors. The results suggest using other features besides the data content of the CAN messages and integrate knowledge about how the Electronic Control Units (ECUs) collaborate in building effective techniques for the detection of injection of fabricated message attacks.


This is a draft manuscript of the article Ben Othmane, Lotfi, Lalitha Dhulipala, Moataz Abdelkhalek, Manimaran Govindarasu, and Nicholas Multari. "Detection of Injection Attacks in In-Vehicle Networks." (2019).

Copyright Owner

The Authors



File Format