Unsupervised Time Series Extraction from Controller Area Network Payloads
This addresses the need for reliable data extraction in vehicle CAN systems where manufacturers may withhold or misconfigure documentation, crucial for security auditing and intrusion detection.
The paper tackles the problem of extracting individual time series from concatenated Controller Area Network (CAN) data payloads without supervision, using bit-level transition analysis and a greedy grouping strategy, enabling robust third-party security auditing and intrusion detection.
This paper introduces a method for unsupervised tokenization of Controller Area Network (CAN) data payloads using bit level transition analysis and a greedy grouping strategy. The primary goal of this proposal is to extract individual time series which have been concatenated together before transmission onto a vehicle's CAN bus. This process is necessary because the documentation for how to properly extract data from a network may not always be available; passenger vehicle CAN configurations are protected as trade secrets. At least one major manufacturer has also been found to deliberately misconfigure their documented extraction methods. Thus, this proposal serves as a critical enabler for robust third-party security auditing and intrusion detection systems which do not rely on manufacturers sharing confidential information.