Communications - Scientific Letters of the University of Zilina 2017, 19(4):105-110 | DOI: 10.26552/com.C.2017.4.105-110
Forensics Aware Lossless Compression of CAN Traffic Logs
- 1 Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, Hungary
- 2 Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Faculty of Electrical Engineering and Informatics, Budapest University of Technology and Economics, Hungary
- 3 Department of Automotive Technologies, Faculty of Transportation Engineering and Vehicle Engineering, Budapest University of Technology and Economics, Hungary
In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.
Keywords: CAN; network traffic capture; semantic compression; forensic analysis
Published: December 31, 2017 Show citation
| ACS | AIP | APA | ASA | Harvard | Chicago | Chicago Notes | IEEE | ISO690 | MLA | NLM | Turabian | Vancouver |
References
- KOSCHER, K., CZESKIS, A., ROESNER, F., PATEL, S., KOHNO, T., CHECKOWAY, S., MCCOY, D., KANTOR, B., ANDERSON, D., SHACHAM, H., SAVAGE, S.: Experimental Security Analysis of a Modern Automobile. IEEE Symposium on Security and Privacy, 2010.
Go to original source... - CHECKOWAY, S., MCCOY, D., KANTOR, B., ANDERSON, D., SHACHAM, H., SAVAGE, S., KOSCHER, K., CZESKIS, A., ROESNER, F., KOHNO, T.: Comprehensive Experimental Analyses of Automotive Attack Surfaces. Usenix Security Symposium, 2011.
- GREENBERG, A.: Hackers Remotely Kill a Jeep on the Highway - With Me in It. Wired Magazin, July 21, 2015.
- JAGADISH, H. V., NG, R. T., OOI, B. CH, TUNG, A. K. H.: ItCompress: An Iterative Semantic Compression Algorithm. Proceedings of 20th International Conference on Data Engineering, 646-657, 2004. Go to original source...
- MEI, T., TANG, L., TANG, J., HUA, X.: Near-Lossless Semantic Video Summarization and its Applications to Video Analysis. ACM Transactions on Multimedia Computing, Communications, and Applications, 9(3), article 16, 2013. Go to original source...
- RAI, A., RAMJEE, R., ANAND, A., PADMANABHAN, V., VARGHESE, G.: MiG: Efficient Migration of Desktop VMs Using Semantic Compression. USENIX Annual Technical Conference, 2013.
- MILLER, C., VALASEK, C.: Adventures in Automotive Networks and Control Units [online]. 2014. Available: http://bit.ly/IOAresources.
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.