Vehicle Security Research

In the field of vehicle security we focus on both in-vehicle and V2X communications. Regarding in-vehicle communications we focus on CAN networks. We implement synthetic and real life attacks against the CAN network to design and propely verify novel intrusion detection solutions. We also analyze the CAN data from a privacy point of view, including the potential for driver identification, location tracking and the inference of other sensitive information.

Datasets

We would like to boost international cooperation and encourage other research groups to start working on the vehicle security topics. For this reason we release some of our collected data.

CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks

Our latest dataset contains 26 recordings of benign network traffic, amounting to more than 2.5 hours of traffic. We performed two attacks (injection and modification aka fabrication and masquerade) with different configurations multiple times on each benign trace to create a comprehensive set of traffic logs. The dataset structure was explicitly designed with machine learning applications in mind.

Our journal paper on the dataset was published in Nature: Scientific Data.
A shorter description of the dataset is available in our blog post.
The dataset is available for download on Figshare.

If you use our dataset in your research, please cite the following paper:
Gazdag, A., Ferenc, R. & Buttyán, L. CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks. Sci Data 10, 903 (2023). https://doi.org/10.1038/s41597-023-02716-9

Previous dataset

Each trace data contains a csv file with CAN messages captured during the drive. For each message the capture time is also recorded in a Unix timestamp. The trace data also contains a gps log of the drive where we had access to an additional recorder.

Short traces

Trace-2
Driving with a constant speed of 30km/h.
Trace-5
Driving with a constant speed of 60km/h.
Trace-12
Driving with a speed of 40km/h then lane change then stop.
Trace-13
Driving with a speed of 40km/h then slow down then an obsticle avoidance.
Trace-14
Emergency braking from 60 km/h to 0.
Trace-15
Emergency braking from 60 km/h to 0.
Trace-16
Driving with a speed of 50km/h then a intensive braking with a left turn.

Long traces

Trace-17
25 minutes drive from Normafa park to Kelenföld. (Including small streets and highway as well.)

Related third party datasets

Open Source Projects

The tools and scripts used for our research results are released on github to help other research institues reproduce and build on our results.

Own projects

CAN Dataset Generator
Source code for the paper: CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks.
CAN Message Modification Detection
Source code for the papers: Supporting CAN Bus Anomaly Detection With Correlation Data and Improving CAN anomaly detection with correlation-based signal clustering.
CAN Log Infector
A python script to generate CAN logs with anomalies by modifying original messages.

Related third party projects

CAN Reverse Engineering by Brent Stone
Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol
opendbc by comma.ai
The project to democratize access to the decoder ring of your car.
Cabana by comma.ai
CAN visualizer and DBC maker.

Publications and presentations

Journal papers

B. Koltai, A. Gazdag, G. Ács - Improving CAN anomaly detection with correlation-based signal clustering - Infocommunications Journal, Vol. XV, No. 4., 2023.
A. Gazdag, R. Ferenc, L. Buttyán - CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks - Nature: Scientific Data, 2023.
A. Gazdag, Sz. Lestyán, M. Remeli, G. Ács, T. Holczer, G. Biczók - Privacy pitfalls of releasing in-vehicle network data - Vehicular Communications, 2023.
A. Gazdag, L. Buttyán, Zs. Szalay - Forensics aware lossless compression of CAN traffic logs - Scientific Letters of the University of Zilina, 2017.
J. P. Hubaux, A. Kung, F. Kargl, Z. Ma, M. Raya, J. Freudiger, E. Schoch, T. Holczer, L. Buttyán, P. Papadimitratos - Secure vehicular communication systems: design and architecture - IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 100-109.
J. P. Hubaux, A. Kung, A. Held, G. Calandriello, T. V. Thong, B. Wiedersheim, E. Schoch, M. Müter, L. Buttyán, P. Papadimitratos, F. Kargl - Secure vehicular communication systems: implementation, performance, and research challenges - IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 110-118.

Conference and workshop papers

B. Koltai, A. Gazdag, G. Ács - Supporting CAN Bus Anomaly Detection With Correlation Data - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, 2024.
C. Ploeg, J. Sluis, S. Gerres, Sz. Novaczki, A. Wippelhauser, E. Nassor, J. Sevin, A. Gazdag, G. Biczók - SECREDAS: Safe and (Cyber-) Secure Cooperative and Automated Mobility - Proceedings of IFAC World Congress, 2023.
I. Chiscop, A. Gazdag, J. Bosman, G. Biczók - Detecting Message Modification Attacks on the CAN Bus with Temporal Convolutional Networks - Proceedings of the 7th International Conference on Vehicle Technology and Intelligent Transport Systems, 2021.
A. Gazdag, Gy. Lupták, L. Buttyán - Correlation-based Anomaly Detection for the CAN Bus - Euro-CYBERSEC, Nice, France, 2021.
A. Gazdag, Cs. Ferenczi, L. Buttyán - Development of a Man-in-the-Middle Attack Device for the CAN Bus - Proceedings of the 1st Conference on Information Technology and Data Science, 2020
M. Remeli, Sz. Lestyán, G. Ács, G. Biczók - Automatic Driver Identification from In-Vehicle Network Logs - 22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.
Sz. Lestyán, G. Ács, G. Biczók, Zs. Szalay - Extracting vehicle sensor signals from CAN logs for driver re-identification - 5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.
A. Gazdag, D. Neubrandt, L. Buttyán, Zs. Szalay - Detection of Injection Attacks in Compressed CAN Traffic Logs - International Workshop on Cyber Security for Intelligent Transportation Systems, Held in Conjunction with ESORICS 2018, Springer, 2018.
A. Gazdag, T. Holczer, L. Buttyán, Zs. Szalay - Vehicular Can Traffic Based Microtracking for Accident Reconstruction - Vehicle and Automotive Engineering 2, Lecture Notes in Mechanical Engineering, University of Miskolc, Miskolc, Hungary, 2018.
Zs. Szalay, L. Buttyán, A. Gazdag - Towards Efficient Compression of CAN Traffic Logs - 34th International Colloquium on Advanced Manufacturing and Repairing Technologies in Vehicle Industry: 17-19 May 2017, Visegrád, Hungary.
W. Whyte, A. Weimerskirch, T. Holczer, L. Buttyán - SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs - Proceedings of the IEEE Vehicular Networking Conference, IEEE, IEEE, Tokyo, Japan, October 28-29, 2009, pp. 1-8.
I. Vajda, T. Holczer, L. Buttyán - On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs - In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.
P. Papadimitratos, L. Buttyán, J. P. Hubaux, F. Kargl, A. Kung, M. Raya - Architecture for Secure and Private Vehicular Communications - Proceedings of the International Conference on ITS Telecommunications (ITST), -, Sophia Antipolis, France, June 6-8, , 2007, pp. 1-6.
I. Vajda, T. Holczer, L. Buttyán - On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs - In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.
T. Leinmueller, L. Buttyán, J. P. Hubaux, F. Kargl, P. Papadimitratos, M. Raya, E. Schoch - SEVECOM - Secure Vehicle Communication - IST Mobile Summit, June, 2006.

Contact

András Gazdag

BME, Department of Networked Systems and Services,
Laboratory of Cryptography and System Security (CrySyS Lab)
e-mail: agazdag (at) crysys.hu
tel: +36 1 463 2047