Forensics Aware Lossless Compression of CAN Traffic Logs
Forensics Aware Lossless Compression of CAN Traffic Logs
Author(s): Andras Gazdag, Levente Buttyan, Zsolt SzalaySubject(s): Methodology and research technology, ICT Information and Communications Technologies
Published by: Žilinská univerzita v Žilině
Keywords: CAN; network traffic capture; semantic compression; forensic analysis;
Summary/Abstract: In this paper, we propose a compression method that allows for the efficient storage of large amounts of CAN traffic data, which is needed for the forensic investigations of accidents caused by the cyber-attacks on vehicles. Compression of recorded CAN traffic also reduces the time (or bandwidth) needed to off-load that data from the vehicle. In addition, our compression method allows analysts to perform log analysis on the compressed data. It is shown that the proposed compression format is a powerful tool to find traces of a cyber-attack. We achieve this by performing semantic compression on the CAN traffic logs, rather than the simple syntactic compression. Our compression method is lossless, thus preserving all information for later analysis. Besides all the above advantages, the compression ratio that we achieve is better than the compression ratio of the state-of-the-art syntactic compression methods, such as zip.
Journal: Komunikácie - vedecké listy Žilinskej univerzity v Žiline
- Issue Year: 19/2017
- Issue No: 4
- Page Range: 105-110
- Page Count: 6
- Language: English
