CAN-FD Intrusion Dataset

1. Dataset Release

Because modern vehicles have a lot of connectivity, it is important to protect the in-vehicle network from cyberattacks. Due to the limitations of the data transmission capability of CAN (Controller Area Network), CAN-FD (CAN with Flexible Data rate) with enhanced data transmission capability has emerged. CAN-FD is already widely used in the market and will be used more in the future. We publish the dataset we created in the hopes of improving automotive security. We only collected about 1 hour of normal CAN-FD packets and injected attack messages.


2. Dataset


2-1. data attributes

            • Timestamp: record time

            • Arbitration ID: identifier of CAN message in HEX (ex. 043f)

            • DLC: number of data bytes, from 0 to 64

            • Data[0] ~ Data[64]: data value (byte)

            • Label: T or R, T represents injected message while R represents normal message


2-2. Attack type

Three attacks are provided: Flooding, Fuzzing, and Malfunction. A flooding attack is an attack that occupies the CAN bus with meaningless messages by sending the highest priority AID message. A fuzzing attack is an attack that causes unexpected behavior by sending a message with random AID, DLC, and payload values. Malfunction attack is an attack that triggers actions as intended by the attacker when the attacker knows specific AID information. The time the attack was performed was 500 seconds, and the attack and rest were random within 3-5 seconds


            • Flooding: Injecting messages of ‘0x000’ CAN ID every 0.1 milliseconds.

            • Fuzzing: Injects a message with random AID, DLC, and Payload values every 0.2 milliseconds.

            • Malfunction: Injecting messages of ‘0x125’ CAN ID every 1 milliseconds.


2-3. Summary of dataset

3. download

Dataset Download Link : //


4. Contact

Huy Kang Kim (cenda at korea.ac.kr)