A unified threat-scoring detection algorithm for cybersecurity attacks in automotive CAN networks

Authors

  • Ivan Ivanov Technical university of Varna

DOI:

https://doi.org/10.29114/ajtuv.vol9.iss2.350

Keywords:

CAN bus; in-vehicle network security; threat modeling; intrusion detection

Abstract

Controller Area Network (CAN) is the primary in-vehicle communication backbone but provides no built-in security, leaving vehicles susceptible to message-injection attacks. This study presents a novel algorithm that (1) systematically classifies CAN attack types, (2) computes an impact-weighted probabilistic risk score per attack instance, (3) supplies an on-bus simulation environment for controlled injections, and (4) embeds a lightweight hybrid detector combining an ensemble classifier for known patterns with anomaly scoring for unknown activity. The main contribution is a compact, interpretable scoring model (likelihood × impact × weight) integrated with a reproducible evaluation protocol and reference implementation for benchmarking on public CAN corpora.

Downloads

Download data is not yet available.

References

Bari, B. S., Yelamarthi, K., & Ghafoor, S. (2023). Intrusion detection in vehicle Controller Area Network (CAN) bus using machine learning: A comparative performance study. Sensors, 23(7), 3610.

https://doi.org/10.3390/s23073610

Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czes-kis, A., Roesner, F., & Kohno, T. (2011). Comprehensive experimental analyses of automotive at-tack surfaces. Proceedings of the 20th USENIX Security Symposium, 77–92.

https://dl.acm.org/doi/10.5555/2028067.2028073

International Organization for Standardization. (2015). ISO 11898-1: Road vehicles — Controller area network (CAN) — Part 1: Data link layer and physical signalling. ISO.

https://www.iso.org/standard/63648.html

Kidmose, B., & Meng, W. (2024). can-sleuth: Investigating and evaluating automotive intrusion detection datasets. Proceedings of the European Interdisciplinary Cybersecurity Conference (EICC), 2024. https://doi.org/10.1145/3655693.3655696

Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., & Savage, S. (2010). Experimental security analysis of a modern auto-mobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, 447–462.

https://doi.org/10.1109/SP.2010.34

Lampe, B., & Meng, W. (2024). can-train-and-test: A curated CAN dataset for automotive intrusion detection. Computers & Security, 140, Article 103777.

https://doi.org/10.1016/j.cose.2024.103777

Miller, C., & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA, 1–91.

https://www.scirp.org/reference/referencespapers?referenceid=2387001

Müter, M., Groll, A., & Freiling, F. C. (2011). A structured approach to anomaly detection for in-vehicle networks. Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security, 237–242.

https://doi.org/10.1109/isias.2010.5604050

Pinto, A., Herrera, L.-C., Donoso, Y., & Gutiérrez, J. A. (2023). Survey on intrusion detection sys-tems based on machine learning techniques for the protection of critical infrastructure. Sensors, 23(5), 2415.

https://doi.org/10.3390/s23052415

Qin, H., Yan, M., & Ji, H. (2021). Application of Controller Area Network (CAN) bus anomaly de-tection based on time series prediction. Vehicular Communications, 27, Article 100291.

https://doi.org/10.1016/j.vehcom.2020.100291

Downloads

Published

2025-12-30

How to Cite

Ivanov, I. (2025). A unified threat-scoring detection algorithm for cybersecurity attacks in automotive CAN networks. ANNUAL JOURNAL OF TECHNICAL UNIVERSITY OF VARNA, BULGARIA, 9(2), 61–69. https://doi.org/10.29114/ajtuv.vol9.iss2.350

Issue

Vol. 9 No. 2 (2025): Annual Journal of Technical University of Varna

Section

INFORMATION TECHNOLOGIES, COMMUNICATION AND COMPUTER EQUIPMENT

License

Copyright (c) 2025 Ivan Ivanov

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

            PUBLICATION AGREEMENT

           Annual Journal of Technical university of Varna (AJTUV) aims to guarantee that original material is published while at the same time giving significant freedom to our authors. For that matter, we uphold a flexible copyright policy meaning that there is no transfer of copyright to the publisher and authors retain exclusive copyright to their work.

           When submitting a manuscript the Corresponding Author is required to accept the terms and conditions set forth in our Publication Agreement as follows:

            CORRESPONDING AUTHOR'S GRANT OF RIGHTS
            The Corresponding Author grants to AJTUV, during the full term of copyright and any extensions or renewals of that term the following:
      • An irrevocable non-exclusive right to publish, reproduce, republish, transmit, distribute and otherwise use the Work in electronic and print editions of the publication and in derivative works throughout the world, in all languages, and in all media now known or later developed.
      • An irrevocable non-exclusive right to create and store electronic archival copies of the Work, including the right to deposit the Work in open access digital repositories.
      • An irrevocable non-exclusive right to license others to reproduce, translate, republish, transmit and distribute the Work under the condition that the Authors are attributed (Currently this is carried out by publishing the Work under a Creative Commons Attribution 4.0 Unported License).
           Copyright in the Work remains with the Authors. Authors retain patent, trademark and other intellectual property rights.

           CORRESPONDING AUTHOR'S DUTIES
           When distributing or re-publishing the Work, the Corresponding Author agrees to credit the AJTUV in which the Work is published as the source of first publication. Corresponding Author warrants that Co-authors will also credit the AJTUV in which the Work is published as the source of first publication when they are distributing or re-publishing the Work. 

           CORRESPONDING AUTHOR'S WARRANTY
           The Corresponding Author represents and warrants that the Work does not violate or infringe the law or the rights of any third party and, specifically, that the Work contains no matter that is defamatory or that infringes any literary or proprietary rights, intellectual property rights, or any rights of privacy. The Corresponding Author warrants that the Work is original, has not been formally published in any other peer-reviewed journal or in a book or edited collection, and is not under consideration for any such publication. The Corresponding Author also warrants that he or she has the full power to make this agreement. If the Work was prepared jointly the Corresponding Author warrants that all Co-authors consent to the submission and publication of the Work.

            The Corresponding Author agrees to hold AJTUV harmless from any breach of the aforestated representations and warranties.

           AJTUV DUTIES AND RIGHTS
AJTUV agrees to publish the Work attributing it to its Authors. AJTUV is granted the authority to enforce the rights from this agreement, on behalf of the authors, against third parties (for example in cases of plagiarism or copyright infringements).

           AJTUV's Privacy Statement
       The names and email addresses entered in the AJTUV website will be used only and exclusively for the stated purposes of this annual journal and will not be made available for any other purpose or to any other party.
       All personal information supplied will remain within publisher and will not be shared with any external entity unless prior permission is given.
       Your personal information will not be sold, distributed or published in any manner whatsoever.

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.