Open Access

CarDS - Controller Area Network and Automotive Ethernet Realistic Data Set

Thumbnail Image

Files

00_README.md (20.71 KB)
 Attack_Identifiers.pdf (177.1 KB)
 cards_architecture.png (174.5 KB)
 cards_measurement_setup.png (89.14 KB)
 DISCLAIMER.md (3.56 KB)

Date

2026-03-25

Type

Dataset

Authors

Hamborg, Jannis
Hellemans, Wouter
Lauser, Timm
Rabbani, Md Masoom
Preneel, Bart
Krauß, Christoph
Mentens, Nele

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Description

The CarDS dataset is a multi-protocol in-vehicle network dataset primarily targeted at the development of Intrusion Detection Systems (IDSs). It presents both benign traffic as well as advanced attacks launched against the in-vehicle network of a modern commercial electric vehicle from 2020 consisting of 10 internal CAN buses (i.e., domains) and 6 Automotive Ethernet buses. Specifically, the dataset covers 9h07m09s of real in-vehicle network data and features 397,383,125 CAN (CAN CC and CAN FD) and 180,604,377 Automotive Ethernet messages distributed over different scenarios in 258 traces. <p> If you find this useful in your research, please consider citing: @inproceedings{hellemans2025cards, title={CarDS-Controller Area Network and Automotive Ethernet Realistic Data Set}, author={Hellemans, Wouter and Hamborg, Jannis and Lauser, Timm and Rabbani, Md Masoom and Preneel, Bart and Krau{\ss}, Christoph and Mentens, Nele}, booktitle={2025 IEEE Annual Computer Security Applications Conference (ACSAC)}, pages={798--814}, year={2025}, organization={IEEE} } # Data Privacy and Intellectual Property Statement To ensure the ethical and legal publication of this dataset, we have implemented a multi-stage pseudonymization pipeline: - CAN and Ethernet Pseudonymization: The MAC and IP address-headers and all ICMP communications and metadata headers have been pseudonymized to hide specific network topology identifiers. - PII & Vehicle Identity: The Vehicle Identification Number (VIN) has been replaced with a synthetic identifier. While the data was recorded from a dedicated research vehicle, this step ensures compliance with global privacy standards regarding Personal Identifiable Information (PII). - Manufacturer De-identification: We have removed explicit references to the Original Equipment Manufacturer (OEM) to focus the research strictly on the underlying electronic control unit (ECU) behaviors and security protocols. - No Proprietary Interpretations: To respect Intellectual Property, we are not publishing any reverse-engineered documentation, signal definitions, or DBC files. The dataset consists purely of raw payloads. - Attack Payload Safety: Attack vectors included in the dataset have been modified. This ensures that while the security patterns are visible for research and detection modeling, the payloads cannot be directly replayed to execute critical functions on production vehicles. We believe these measures provide a high-fidelity dataset for the cybersecurity community while rigorously protecting the safety and IP of the automotive ecosystem. # Data Takedown & Ethical Use Policy ## 1. Our Commitment The authors of this dataset are committed to responsible open-science practices. While we have performed extensive pseudonymization to remove Personal Identifiable Information (PII) and proprietary manufacturer metadata, we recognize the complexity of automotive network traffic. Our goal is to support cybersecurity research without compromising vehicle safety or corporate Intellectual Property (IP). ## 2. Grounds for a Takedown Request We will review and act upon legitimate requests for data removal or further pseudonymization based on the following criteria: - Privacy Violations: Identification of previously undetected PII (e.g., a leaked VIN, GNSS coordinates, or user-specific data). - Safety Risks: Evidence that specific attack payloads in the dataset pose a direct, high-risk safety threat that exceeds the threshold for educational or defensive research. - Intellectual Property: Significant evidence that the raw data contains proprietary structures that constitute protected trade secrets, beyond standard protocol implementations. ## 3. How to Submit a Request If you represent an OEM, a Tier-1 supplier, or are an individual who has identified sensitive data within this set, please contact us at: - Contact Email: cards-dataset@fbi.h-da.de - Subject Line: Dataset Takedown Request - CarDS-Dataset Please include the following in your request: - The specific file(s) and timestamp/log-line references. - A brief description of the nature of the concern (Privacy, Safety, or IP). - Your affiliation and contact information. ## 4. Our Process Upon receipt of a valid concern, we will: - Acknowledge: Confirm receipt of your request within 5 business days. - Evaluate: Assess the identified data. During this period, we may temporarily set the dataset to "Private" or "Restricted Access" if the risk is deemed high. - Remediate: If the request is valid, we will scrub the sensitive portions and issue a new, sanitized version of the dataset, or remove the specific logs in question.

Keywords

Automotive, In-Vehicle Network, Cybersecurity, Intrusion Detection

Citation

Identifier

https://tudatalib.ulb.tu-darmstadt.de/handle/tudatalib/5080
 https://doi.org/10.48328/tudatalib-2179

Endorsement

Related Resources

Is Part Of
https://doi.org/10.1109/ACSAC67867.2025.00069

DFG Classification

4.43-03 Sicherheit und Verlässlichkeit, Betriebs-, Kommunikations- und verteilte Systeme

Project(s)

Faculty

Collections

Forschungsdaten

License

Except where otherwise noted, this license is described as CC-BY-SA-4.0 - Attribution-ShareAlike 4.0 International