Vehicle Security Research

In the field of vehicle security we focus on both in-vehicle and V2X communications. Regarding in-vehicle communications we focus on CAN networks. We implement synthetic and real life attacks against the CAN network to design and propely verify novel intrusion detection solutions. We also analyze the CAN data from a privacy point of view, including the potential for driver identification, location tracking and the inference of other sensitive information.

Datasets

We would like to boost international cooperation and encourage other research groups to start working on the vehicle security topics. For this reason we release some of our collected data.

CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks

Our latest dataset contains 26 recordings of benign network traffic, amounting to more than 2.5 hours of traffic. We performed two attacks (injection and modification aka fabrication and masquerade) with different configurations multiple times on each benign trace to create a comprehensive set of traffic logs. The dataset structure was explicitly designed with machine learning applications in mind.

Our journal paper on the dataset was published in Nature: Scientific Data.
A shorter description of the dataset is available in our blog post.
The dataset is available for download on Figshare.

If you use our dataset in your research, please cite the following paper:
Gazdag, A., Ferenc, R. & Buttyán, L. CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks. Sci Data 10, 903 (2023). https://doi.org/10.1038/s41597-023-02716-9

Previous dataset

Each trace data contains a csv file with CAN messages captured during the drive. For each message the capture time is also recorded in a Unix timestamp. The trace data also contains a gps log of the drive where we had access to an additional recorder.

Short traces

  • Trace-2
    Driving with a constant speed of 30km/h.
  • Trace-5
    Driving with a constant speed of 60km/h.
  • Trace-12
    Driving with a speed of 40km/h then lane change then stop.
  • Trace-13
    Driving with a speed of 40km/h then slow down then an obsticle avoidance.
  • Trace-14
    Emergency braking from 60 km/h to 0.
  • Trace-15
    Emergency braking from 60 km/h to 0.
  • Trace-16
    Driving with a speed of 50km/h then a intensive braking with a left turn.

Long traces

  • Trace-17
    25 minutes drive from Normafa park to Kelenföld. (Including small streets and highway as well.)

Related third party datasets

Open Source Projects

The tools and scripts used for our research results are released on github to help other research institues reproduce and build on our results.

Own projects

  • CAN Dataset Generator
    Source code for the paper: CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks.
  • CAN Message Modification Detection
    Source code for the papers: Supporting CAN Bus Anomaly Detection With Correlation Data and Improving CAN anomaly detection with correlation-based signal clustering.
  • CAN Log Infector
    A python script to generate CAN logs with anomalies by modifying original messages.

Related third party projects

  • CAN Reverse Engineering by Brent Stone
    Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol
  • opendbc by comma.ai
    The project to democratize access to the decoder ring of your car.
  • Cabana by comma.ai
    CAN visualizer and DBC maker.

Publications and presentations

Journal papers

Conference and workshop papers

Contact

András Gazdag

BME, Department of Networked Systems and Services,
Laboratory of Cryptography and System Security (CrySyS Lab)
e-mail: agazdag (at) crysys.hu
tel: +36 1 463 2047