Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks

Author

Brent C. Stone

Date of Award

12-3-2018

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

The goal of this dissertation is to provide automated methods for security researchers to overcome ‘security through obscurity’ used by manufacturers of proprietary Industrial Control Systems (ICS). `White hat' security analysts waste significant time reverse engineering these systems' opaque network configurations instead of performing meaningful security auditing tasks. Automating the process of documenting proprietary protocol configurations is intended to improve independent security auditing of ICS networks. The major contributions of this dissertation are a novel approach for unsupervised lexical analysis of binary network data flows and analysis of the time series data extracted as a result. We demonstrate the utility of these methods using Controller Area Network (CAN) data sampled from passenger vehicles.

AFIT Designator

AFIT-ENG-DS-18-D-003

DTIC Accession Number

AD1067742

Recommended Citation

Stone, Brent C., "Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks" (2018). Theses and Dissertations. 1940.
https://scholar.afit.edu/etd/1940