M-CAN Intrusion Dataset
1. Dataset Release
This dataset is a M-CAN normal dataset and abnormal dataset containing attack messages. M-CAN is a bus-type topology in which various modules for interworking with navigation and in-vehicle multimedia communication devices communicate.
The normal dataset was extracted from the Genesis g80 during about 36 minutes. The attack dataset used the extracted normal dataset to inject DoS and Fuzzing attacks. The attack dataset is not extracted while directly injected into the vehicle, but packets are injected in the local computer.
2-1. data attributes
Timestamp: record time
ID: Identifier of CAN message in HEX (ex. 0x0000043f)
DLC: The number of data bytes, from 0 to 8
Payload: Data value (byte). If the value of DLC is 8, it means that the length of the payload is 8 bytes. In this case, the payload example is "7F 00 00 00 00 00 1F FF ".
Label: 1.0 or 0.0, 1.0 represents injected message while 0.0 represents normal message.
2-2. Attack type
Two attacks are provided: DoS, and Fuzzing. A DoS attack is an attack that denials service what the CAN bus protocol with meaningless messages by sending the fixed AID and payload. A fuzzing attack is an attack that causes unexpected behavior by sending a message with random AID, DLC, and payload values.
DoS: Injecting message of '0x00000000' CAN ID every 0.25 millisecond during 4 seconds. A total of 25 attacks were injected.
Fuzzing: Injects a message with random AID, DLC, and Payload values every 0.1 milliseconds during 1 seconds. A total of 10 attacks were injected.
2-3 Driving route
The normal dataset drive a round-trip one hour course around Korea University. We drive in the city, and one driver performed the dataset extraction. It is a one-hour course in total, and some were used to collect M-CAN and some B-CAN.
Download Link: Download
Huy Kang Kim (cenda at korea.ac.kr)
5. see also
Please see the page [HCRL/Datasets] to find out more in-vehicle IDS datasets or other datasets that we have.