X-CANIDS Dataset (In-Vehicle Signal Dataset)

X-CANIDS Dataset (In-Vehicle Signal Dataset)In March 2024, one of our recent research "X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network" was published in IEEE Transactions on Vehicular Technology. Here we publish the dataset used in the article. We hope our dataset facilitates further research using deserialized signals as well as raw CAN messages.Real-world data collection. Our benign driving dataset is unique in that it has been collected from real-world environments.Signal deserialization. We offer our dataset in two formats, i.e., raw CAN messages and deserialized signals, enabling development of either message- and signal-based models and comparison of their performance.For more specifications regarding this dataset, please refer to ReadMe.md in DOCUMENTATION. Benign driving dataset (raw/dump*.parquet)The dataset contains CAN messages from Hyundai LF Sonata 2017 e-VGT. Our interface Kvaser Memorator Professional HS/HS (with built-in clock; 1 μs resolution) was connected with our vehicle via the OBD-II port.Six driving dataset + one idling dataset.Each dump consists of 62-64 arbitration IDs. As our dataset was collected from a real commercial vehicle, it contains more numerous arbitration IDs than other public datasets that were made synthetically.What makes our dataset especially special? We could maximize the potential of our dataset with open-source CAN databases! CAN database is a formal description for payload deserialization (or dissection). Using hyundai_ccan_2015.dbc (kindly visit https://github.com/commaai/opendbc/blob/master/hyundai_2015_ccan.dbc), you could obtain 688 signals from the raw payloads in the CAN messages. Intrusion dataset (raw/dump6-*.parquet)The intrusion dataset is made from Dump 6 dataset. We conducted attack simulations in the period 480-1440 s, half of the capture period of the dataset, to obtain label-balanced data.Attack type descriptionFuzzing Attack (fuzz): It manipulates various ECUs with random payloads and it can be performed with CAN messages that contain random AIDs and payloads. The attack can cause a malfunction of the target vehicle even if the adversary does not have prior knowledge of the in-vehicle communications.Fabrication Attack (fabr): A specific ECU is manipulated as the intention of the adversary, and it can be performed using well-crafted CAN messages with a specific AID and payload. As a legitimate ECU periodically transmits CAN messages with the same AID, an adversary can transmit their CAN message directly after every benign message.Suspension Attack (susp): It neutralizes an ECU by exploiting the error-handling mechanism of the CAN. A target ECU does not transmit any CAN messages during the attack.Masquerade Attack (masq): It is a combination of the fabrication and suspension attacks. A stream from a specific ECU is replaced with arbitrary messages that are generated by the adversary during the attack.Replay Attack (repl): An adversary captures legitimate CAN messages in a certain period. Then, they transmit the CAN messages within the CAN bus. The attack can cause a certain malfunction that the target vehicle have performed in the capture duration.For more information regarding this intrusion dataset, a reader is referred to the original manuscript of our paper, X-CANIDS. Signal dataset (sig/*.parquet)We also provide the data that contains deserialized signals from every Benign driving dataset and Intrusion datasetfiles.The payloads were deserialized using hyundai_ccan_2015.dbc(https://github.com/commaai/opendbc/blob/master/hyundai_2015_ccan.dbc).Each dataset contains 688 signal columns and one label column. CitationWhen this dataset helps your research, please consider citing this dataset as well as the original article X-CANIDS.@ARTICLE{JeongLLK24X-CANIDS, author={Jeong, Seonghoon and Lee, Sangho and Lee, Hwejae and Kim, Huy Kang}, journal={IEEE Transactions on Vehicular Technology}, title={X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network}, year={2024}, volume={73}, number={3}, pages={3230--3246}, doi={10.1109/TVT.2023.3327275}}

X-CANIDS 数据集（车载信号数据集） 2024年3月，我们近期的研究成果之一《X-CANIDS：基于控制器局域网络的车载网络信号感知可解释入侵检测系统》在《IEEE 交通运输技术杂志》上发表。在此，我们发布了该文章中使用的数据集。我们希望我们的数据集能促进利用反序列化信号以及原始CAN消息进行进一步的研究。 真实世界数据收集。我们的良性驾驶数据集独具特色，因为它是从真实世界环境中收集的。 信号反序列化。我们提供的数据集以两种格式提供，即原始CAN消息和反序列化信号，这使开发基于消息和信号模型成为可能，并允许比较它们的性能。 关于该数据集的更多规格，请参阅文档中的ReadMe.md。 良性驾驶数据集（raw/dump*.parquet） 该数据集包含来自2017年Hyundai LF Sonata e-VGT的CAN消息。我们的接口Kvaser Memorator Professional HS/HS（内置时钟；1 μs分辨率）通过OBD-II端口与我们的车辆连接。 六个驾驶数据集加一个怠速数据集。每个数据包包含62-64个仲裁ID。由于我们的数据集是从真实商用车辆收集的，它包含的仲裁ID比其他合成数据集更多。 我们的数据集的独特之处在于？我们能够利用开源的CAN数据库最大化数据集的潜力！CAN数据库是对有效载荷反序列化（或剖析）的正式描述。使用hyundai_ccan_2015.dbc（请访问https://github.com/commaai/opendbc/blob/master/hyundai_2015_ccan.dbc），您可以从CAN消息的原始有效载荷中获得688个信号。 入侵数据集（raw/dump6-*.parquet） 入侵数据集由Dump 6数据集制作而成。我们在数据集捕获期间的480-1440秒内进行了攻击模拟，以获得标签平衡的数据。 攻击类型描述 模糊攻击（fuzz）：它通过随机有效载荷操纵各种ECU，可以使用包含随机AID和有效载荷的CAN消息执行。即使攻击者没有车载通信的先验知识，攻击也可能导致目标车辆发生故障。 伪造攻击（fabr）：攻击者有目的地操纵特定的ECU，并可以使用具有特定AID和有效载荷的精心制作的CAN消息执行。由于合法ECU会定期以相同的AID传输CAN消息，攻击者可以在每个良性消息之后直接传输他们的CAN消息。 中断攻击（susp）：它通过利用CAN的错误处理机制来使ECU失效。在攻击期间，目标ECU不传输任何CAN消息。 伪装攻击（masq）：它是伪造攻击和中断攻击的组合。将特定ECU的流替换为攻击者在攻击期间生成的任意消息。 重放攻击（repl）：攻击者捕获一定时间段内的合法CAN消息。然后，他们在CAN总线上传输这些CAN消息。攻击可能导致目标车辆在捕获期间执行的一定故障。 有关此入侵数据集的更多信息，请参阅我们论文《X-CANIDS》的原始稿件。 信号数据集（sig/*.parquet） 我们还提供了包含每个良性驾驶数据集和入侵数据集文件中反序列化信号的数 据。有效载荷使用hyundai_ccan_2015.dbc（请访问https://github.com/commaai/opendbc/blob/master/hyundai_2015_ccan.dbc）反序列化。 每个数据集包含688个信号列和一个标签列。 引用 当此数据集帮助您的研究时，请考虑引用该数据集以及原始文章《X-CANIDS》。@ARTICLE{JeongLLK24X-CANIDS，作者={Jeong, Seonghoon and Lee, Sangho and Lee, Hwejae and Kim, Huy Kang}，期刊={IEEE 交通运输技术杂志}，标题={X-CANIDS：基于控制器局域网络的车载网络信号感知可解释入侵检测系统}，年份={2024}，卷号={73}，期号={3}，页码={3230--3246}，DOI={10.1109/TVT.2023.3327275}}