AUTOMOTIVE ETHERNET INTRUSION DATASET

Description

This dataset contains benign Audio Video Transport Protocol (AVTP) packet captures from our physical automotive Ethernet testbed. Also, we demonstrate a replay attack on the automotive Ethernet to achieve the intrusion dataset.

We suppose that an attacker injects arbitrary stream AVTP data units (AVTPDUs) into the IVN. The goal of the attacker is to output a single video frame, at a terminal application connected to the AVB listener, by injecting previously generated AVTPDUs during a certain period. To demonstrate the attack, we extract 36 continuous stream AVTPDUs (single-MPEG-frame.pcap) from one of our AVB datasets; the extracted AVTPDUs constitute one video frame. Then, the attacker performs a replay attack by sending the 36 stream AVTPDUs repeatedly. Check *_injected.pcap files for the result of the replay attack.

Testbed

The following devices are connected to our automotive Ethernet testbed:

• a RAD-Galaxy: BroadR-Reach switch

• two neoECU AVB/TSN (AVB/TSN Endpoint Simulation): configured as an AVB talker and an AVB listener, respectively

• a RAD-Moon: a media converter (between BroadR-Reach and Ethernet)

• an USB Camera connected to the AVB talker

Dataset

The dataset contains four benign (attack-free) packet captures. 

• driving_01_original.pcap (about 10 min)

• driving_02_original.pcap (about 16 min)

• indoors_01_original.pcap (about 24 min)

• indoors_02_original.pcap (about 21 min)

Labeling the dataset

If you are willing to do some research for intrusion detection, you need to label packets in *_injected.pcap files. You can make packet-by-packet labels through the examination whether entire frame of each packet in *_injected.pcap is in single-MPEG-frame.pcap. Otherwise, you may want to refer to our example code in Jupyter Notebook (link). Thank you for your consideration. 

Suggestions

To analyze the packet captures, we recommend researchers use Wireshark and the following plug-ins:

• Dissector for IEEE1722 (AVTP) IEC61883/IIDC Subtype MPEG2-TS: https://gist.github.com/oro350/8321451

• (Optional) MPEG video parser https://wiki.wireshark.org/mpeg_dump.lua

Download the dataset

You can access the dataset via IEEE DataPort https://dx.doi.org/10.21227/1yr3-q009.

Publication

Seonghoon Jeong, Boosun Jeon, Boheung Chung, and Huy Kang Kim, "Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks," Vehicular Communications, DOI: 10.1016/j.vehcom.2021.100338.