hh.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
ZeroCAN: Anomaly-Based Zero-Day Attack Detection in Vehicular CAN Bus Networks
Halmstad University, School of Information Technology. (CERES)
Halmstad University, School of Information Technology. (CERES)
(CISTER/ISEP, Polytechnic Institute of Porto, Portugal)ORCID iD: 0000-0002-1270-1213
Halmstad University, School of Information Technology. (CERES)ORCID iD: 0000-0003-1342-4227
Show others and affiliations
2025 (English)In: 2025 33rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP), Turin, Italy: IEEE, 2025, p. 121-128Conference paper, Published paper (Refereed)
Abstract [en]

Zero-day attacks present a significant security threat to vehicular networks, exploiting vulnerabilities at both software and hardware levels within such systems that remain undiscovered. Mitigating these threats is essential to ensuring the safety and security of vehicular systems. Support Vector Machine (SVM) is a good candidate for anomaly detection of zero-day attacks within vehicular networks because it can handle highdimensional data and effectively distinguish between normal and abnormal patterns in complex and dynamic environments. A trained SVM on the normal operation data of in-vehicular network can identify flag deviations, thus making it effective in the detection of any previously unknown attack patterns, which is a common behaviour of zero-day attacks. In this paper, we introduce an anomaly detection method called “ZeroCAN” which models the behaviour of every single electronic control unit on the network with a separate SVM and a set of high-level features that capture the timing and data payload aspects of CANbus traffic. This approach achieves an anomaly detection rate of over $\mathbf9 9 %$ and a false positive rate below $\mathbf0. 0 1 %$ during normal operation in most cases.
Place, publisher, year, edition, pages
Turin, Italy: IEEE, 2025. p. 121-128
Keywords [en]
Anomaly detection;CAN bus IDS;Feature engineering;Zero-day
National Category
Artificial Intelligence Computer Sciences Computer Engineering Security, Privacy and Cryptography Algorithms
Research subject
Smart Cities and Communities, Future industry
Identifiers
URN: urn:nbn:se:hh:diva-55938DOI: 10.1109/PDP66500.2025.00025ISBN: 979-8-3315-2494-4 (print)ISBN: 979-8-3315-2493-7 (electronic)OAI: oai:DiVA.org:hh-55938DiVA, id: diva2:1955631
Conference
33rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)
Available from: 2025-04-30 Created: 2025-04-30 Last updated: 2025-04-30

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full texthttps://ieeexplore.ieee.org/document/10974811

Authority records

Ali, HazemOurique de Morais, WagnerFazeli, Mahdi

Search in DiVA

By author/editor
Kurunathan, HarrisonAli, HazemRoque, Alexandre Dos SantosOurique de Morais, WagnerFazeli, Mahdi
By organisation
School of Information Technology
Artificial IntelligenceComputer SciencesComputer EngineeringSecurity, Privacy and CryptographyAlgorithms

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 4 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Halmstad University Library
|
Info for students
|
Info for researchers
|
Log in