Unsupervised real-time anomaly detection system for vehicular network security

An unsupervised machine learning based anomaly detection system by hierarchical temporal memory
(HTM) based learning algorithm is proposed to enhance the security of vehicular network. Firstly,
the frequency distribution of Controller Area Network (CAN) packets is extracted as a meaningful
feature to detect attacks in the CAN traffic. Then the features of CAN packets are learned by
HTM-based module to predict what it expects to happen next. Furthermore, a novel anomaly score
is calculated to analyze the probability of each class to discriminate normal and attack status. The
system protects vehicles by monitoring the CAN bus to detect threats in real time, including detecting
anomalies that might indicate a sophisticated adversary hiding in the vehicle’s systems. Finally, it is
demonstrated with experimental results that the proposed method can provide a real-time anomaly
detection to the attack in vehicular network.