Automotive Ethernet Intrusion Dataset
This dataset was created for the following paper: Seonghoon Jeong, Boosun Jeon, Boheung Chung, and Huy Kang Kim, "Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks," Vehicular Communications, will be available soon.
This dataset contains benign Audio Video Transport Protocol (AVTP) packet captures from our physical automotive Ethernet testbed. Also, we demonstrate a replay attack on the automotive Ethernet to achieve the intrusion dataset.
The following devices are connected to the automotive Ethernet testbed:
- a RAD-Galaxy: BroadR-Reach switch
- two neoECU AVB/TSN (AVB/TSN Endpoint Simulation): configured as an AVB talker and an AVB listener, respectively
- a RAD-Moon: a media converter (between BroadR-Reach and Ethernet)
- an USB Camera connected to the AVB talker
The dataset contains four benign (attack-free) packet captures.
- driving_01_original.pcap (about 10 min)
- driving_02_original.pcap (about 16 min)
- indoors_01_original.pcap (about 24 min)
- indoors_02_original.pcap (about 21 min)
We suppose that an attacker injects arbitrary stream AVTP data units (AVTPDUs) into the IVN. The goal of the attacker is to output a single video frame, at a terminal application connected to the AVB listener, by injecting previously generated AVTPDUs during a certain period. To demonstrate the attack, we extract 36 continuous stream AVTPDUs (single-MPEG-frame.pcap) from one of our AVB datasets; the extracted AVTPDUs constitute one video frame. Then, the attacker performs a replay attack by sending the 36 stream AVTPDUs repeatedly. Check *_injected.pcap files for the result of the replay attack.
To open the packet captures, we recommend researchers use Wireshark and the following plug-ins:
- Dissector for IEEE1722 (AVTP) IEC61883/IIDC Subtype MPEG2-TS: https://gist.github.com/oro350/8321451
- (Optional) MPEG video parser https://wiki.wireshark.org/mpeg_dump.lua
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2018-0-00312, Developing technologies to predict, detect, respond, and automatically diagnose security threats to automotive Ethernet-based vehicle).