Beatrix Koltai

PhD student

bkoltai (at) crysys.hu

office: I.E. 429
tel: +36 1 463 2063

Current courses | Publications

Short Bio

Beatrix Koltai was born in 1998 in Budapest. She achieved her MSc degree in 2024 at the Budapest Univeristy of Technology and Economics. She has been involved with the Laboratory of Cryptography and System Security (CrySyS Lab) since 2020. Her general research interests include the applicability of sequential data in security, and attack detection using machine learning methods.

Current Courses

Coding and IT Security (VIHIBB01)

This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source software security and channel coding.

Software Security (VIHIMA21)

This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure applications.

Software Security Laboratory (VIHIMA22)

This laboratory extends and deepens the knowledge and skills obtained in the Software Security course by solving practical, hands-on exercises in real, or close-to-real environments.

Publications

2024

Supporting CAN Bus Anomaly Detection With Correlation Data

B. Koltai and A. Gazdag and G. Ács

Proceedings of the 10th International Conference on Information Systems Security and Privacy, 2024.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Beatrix Koltai and András Gazdag and Gergely Ács},
   title = {Supporting CAN Bus Anomaly Detection With Correlation Data},
   booktitle = {Proceedings of the 10th International Conference on Information Systems Security and Privacy},
   year = {2024}
}

Keywords

CAN, Anomaly Detection, TCN, Correlation

Abstract

Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.

2023

Anomaly detection in CAN with TCN

B. Koltai and A. Gazdag

Hungarian Machine Learning Workshop, 2023.

Bibtex | PDF

@conference {
   author = {Beatrix Koltai and András Gazdag},
   title = {Anomaly detection in CAN with TCN},
   publisher = {Hungarian Machine Learning Workshop},
   year = {2023}
}

Abstract

Improving CAN anomaly detection with correlation-based signal clustering

B. Koltai and A. Gazdag and G. Ács

Infocommunications Journal, Vol. XV, No. 4., 2023.

Bibtex | Abstract | PDF | Link

@article {
   author = {Beatrix Koltai and András Gazdag and Gergely Ács},
   title = {Improving CAN anomaly detection with correlation-based signal clustering},
   journal = {Infocommunications Journal, Vol. XV, No. 4.},
   year = {2023},
   howpublished = "\url{https://www.infocommunications.hu/2023_4_3}"
}

Keywords

CAN, Anomaly Detection, TCN, Correlation

Abstract

Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to remote attacks. These cyberattacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. Identifying these intrusions could be done by monitoring the CAN traffic and detecting abnormalities in sensor measurements. To achieve this, we propose integrating time-series forecasting and signal correlation analysis to improve the detection accuracy of an onboard intrusion detection system (IDS). We predict sets of correlated signals collectively and report anomaly if their combined prediction error surpasses a predefined threshold. We show that this integrated approach enables the identification of a broader spectrum of attacks and significantly outperforms existing state-of-the-art solutions.