CAN-D A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data

Abstract: Controller area networks (CANs) are a broadcast protocol for real-timecommunication of critical vehicle subsystems. Manufacturers of passengervehicles hold secret their mappings of CAN data to vehicle signals, and thesedefinitions vary per make, model, and year. Without these mappings, the wealthof real-time vehicle information hidden in CAN packets is uninterpretable--severely impeding vehicle-related research including CAN cybersecurity,after-market tuning, efficiency and performance monitoring, and faultdiagnosis. Guided by the four-part CAN signal definition, we present CAN-D (CANDecoder), a modular, four-step pipeline for identifying each signal sboundaries (start bit and length), endianness (byte ordering), signedness(bit-to-integer encoding), and meaningful, physical interpretation (label,unit, scaling factors). En route to CAN-D, we provide a comprehensive review ofthe CAN signal reverse engineering research. All previous methods ignoreendianness and signedness, rendering them simply incapable of decoding manystandard CAN signal definitions. We formulate and provide an efficient solutionto an optimization problem, allowing identification of the optimal set ofsignal boundaries and byte orderings. In addition, we provide two novel,state-of-the-art signal boundary classifiers (both superior to previousapproaches in precision and recall) and the first signedness classificationalgorithm, which exhibits > 97 F-score. Overall, CAN-D is the only solutionwith the potential to extract any CAN signal and is the state of the art. Inevaluation on ten vehicles of different makes, CAN-D s average $ ell^1$ erroris 5 times better than all preceding methods and exhibits lower average erroreven when considering only signals that meet prior methods assumptions.Finally, CAN-D is implemented in lightweight hardware allowing OBD-II pluginfor real-time in-vehicle CAN decoding.

