Shashwat Khandelwal,Shreejith Shanker

DOI: https://doi.org/10.1109/ICFPT56656.2022.9974508

2024-01-19

Abstract:Recent years have seen an exponential rise in complex software-driven functionality in vehicles, leading to a rising number of electronic control units (ECUs), network capabilities, and interfaces. These expanded capabilities also bring-in new planes of vulnerabilities making intrusion detection and management a critical capability; however, this can often result in more ECUs and network elements due to the high computational overheads. In this paper, we present a consolidated ECU architecture incorporating an Intrusion Detection System (IDS) for Automotive Controller Area Network (CAN) along with traditional ECU functionality on an off-the-shelf hybrid FPGA device, with near-zero overhead for the ECU functionality. We propose two quantised multi-layer perceptrons (QMLP's) as isolated IDSs for detecting a range of attack vectors including Denial-of-Service, Fuzzing and Spoofing, which are accelerated using off-the-shelf deep-learning processing unit (DPU) IP block from Xilinx, operating fully transparently to the software on the ECU. The proposed models achieve the state-of-the-art classification accuracy for all the attacks, while we observed a 15x reduction in power consumption when compared against the GPU-based implementation of the same models quantised using Nvidia libraries. We also achieved a 2.3x speed up in per-message processing latency (at 0.24 ms from the arrival of a CAN message) to meet the strict end-to-end latency on critical CAN nodes and a 2.6x reduction in power consumption for inference when compared to the state-of-the-art IDS models on embedded IDS and loosely coupled IDS accelerators (GPUs) discussed in the literature.

Hardware Architecture,Cryptography and Security,Machine Learning,Systems and Control

Shashwat Khandelwal,Shreejith Shanker

DOI: https://doi.org/10.1109/ASAP57973.2023.00033

2024-01-19

Abstract:Increasing automation in vehicles enabled by increased connectivity to the outside world has exposed vulnerabilities in previously siloed automotive networks like controller area networks (CAN). Attributes of CAN such as broadcast-based communication among electronic control units (ECUs) that lowered deployment costs are now being exploited to carry out active injection attacks like denial of service (DoS), fuzzing, and spoofing attacks. Research literature has proposed multiple supervised machine learning models deployed as Intrusion detection systems (IDSs) to detect such malicious activity; however, these are largely limited to identifying previously known attack vectors. With the ever-increasing complexity of active injection attacks, detecting zero-day (novel) attacks in these networks in real-time (to prevent propagation) becomes a problem of particular interest. This paper presents an unsupervised-learning-based convolutional autoencoder architecture for detecting zero-day attacks, which is trained only on benign (attack-free) CAN messages. We quantise the model using Vitis-AI tools from AMD/Xilinx targeting a resource-constrained Zynq Ultrascale platform as our IDS-ECU system for integration. The proposed model successfully achieves equal or higher classification accuracy (> 99.5%) on unseen DoS, fuzzing, and spoofing attacks from a publicly available attack dataset when compared to the state-of-the-art unsupervised learning-based IDSs. Additionally, by cleverly overlapping IDS operation on a window of CAN messages with the reception, the model is able to meet line-rate detection (0.43 ms per window) of high-speed CAN, which when coupled with the low energy consumption per inference, makes this architecture ideally suited for detecting zero-day attacks on critical CAN networks.

Cryptography and Security,Machine Learning,Systems and Control

Shashwat Khandelwal,Eashan Wadhwa,Shreejith Shanker

DOI: https://doi.org/10.1109/ASAP54787.2022.00023

2024-01-19

Abstract:Rising complexity of in-vehicle electronics is enabling new capabilities like autonomous driving and active safety. However, rising automation also increases risk of security threats which is compounded by lack of in-built security measures in legacy networks like CAN, allowing attackers to observe, tamper and modify information shared over such broadcast networks. Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective. However, deploying machine learning models will require high processing power through high-end processors or GPUs to perform them close to line rate. In this paper, we propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator that implements a deep-CNN intrusion detection model. Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates while consuming 94% less energy and achieving 51.8% reduction in per-message processing latency when compared to IDS implementations on GPUs.

Cryptography and Security,Machine Learning

Shashwat Khandelwal,Anneliese Walsh,Shanker Shreejith

DOI: https://doi.org/10.23919/DATE56975.2023.10137016

2024-01-20

Abstract:In this paper, we explore low-power custom quantised Multi-Layer Perceptrons (MLPs) as an Intrusion Detection System (IDS) for automotive controller area network (CAN). We utilise the FINN framework from AMD/Xilinx to quantise, train and generate hardware IP of our MLP to detect denial of service (DoS) and fuzzying attacks on CAN network, using ZCU104 (XCZU7EV) FPGA as our target ECU architecture with integrated IDS capabilities. Our approach achieves significant improvements in latency (0.12 ms per-message processing latency) and inference energy consumption (0.25 mJ per inference) while achieving similar classification performance as state-of-the-art approaches in the literature.

Cryptography and Security,Hardware Architecture,Machine Learning,Systems and Control

Shashwat Khandelwal,Shreejith Shanker

DOI: https://doi.org/10.1109/FPL60245.2023.00040

2024-01-20

Abstract:Vehicles today comprise intelligent systems like connected autonomous driving and advanced driving assistance systems (ADAS) to enhance the driving experience, which is enabled through increased connectivity to infrastructure and fusion of information from different sensing modes. However, the rising connectivity coupled with the legacy network architecture within vehicles can be exploited for launching active and passive attacks on critical vehicle systems and directly affecting the safety of passengers. Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors in recent literature, whose deployments are enabled through quantised neural networks targeting low-power platforms. Multiple models are often required to simultaneously detect multiple attack vectors, increasing the area, (resource) cost, and energy consumption. In this paper, we present a case for utilising custom-quantised MLP's (CQMLP) as a multi-class classification model, capable of detecting multiple attacks from the benign flow of controller area network (CAN) messages. The specific quantisation and neural architecture are determined through a joint design space exploration, resulting in our choice of the 2-bit precision and the n-layer MLP. Our 2-bit version is trained using Brevitas and optimised as a dataflow hardware model through the FINN toolflow from AMD/Xilinx, targeting an XCZU7EV device. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages (DoS, fuzzing, and spoofing attack) with a very high accuracy of 99.9%, on par with the state-of-the-art methods in the literature. Furthermore, the dataflow model can perform line rate detection at a latency of 0.11 ms from message reception while consuming 0.23 mJ/inference, making it ideally suited for integration with an ECU in critical CAN networks.

Cryptography and Security,Hardware Architecture,Machine Learning,Systems and Control

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Md Hasan Shahriar,Yang Xiao,Pablo Moriano,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/JIOT.2023.3303271

2023-10-08

Abstract:Modern vehicles rely on a fleet of electronic control units (ECUs) connected through controller area network (CAN) buses for critical vehicular control. With the expansion of advanced connectivity features in automobiles and the elevated risks of internal system exposure, the CAN bus is increasingly prone to intrusions and injection attacks. As ordinary injection attacks disrupt the typical timing properties of the CAN data stream, rule-based intrusion detection systems (IDS) can easily detect them. However, advanced attackers can inject false data to the signal/semantic level, while looking innocuous by the pattern/frequency of the CAN messages. The rule-based IDS, as well as the anomaly-based IDS, are built merely on the sequence of CAN messages IDs or just the binary payload data and are less effective in detecting such attacks. Therefore, to detect such intelligent attacks, we propose CANShield, a deep learning-based signal-level intrusion detection framework for the CAN bus. CANShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level and parses them into time series suitable for a deep learning model; a data analyzer module consisting of multiple deep autoencoder (AE) networks, each analyzing the time-series data from a different temporal scale and granularity, and finally an attack detection module that uses an ensemble method to make the final decision. Evaluation results on two high-fidelity signal-based CAN attack datasets show the high accuracy and responsiveness of CANShield in detecting advanced intrusion attacks.

Cryptography and Security,Machine Learning

Dheeraj Basavaraj,Shahab Tayeb

DOI: https://doi.org/10.3390/jsan11010006

2022-01-10

Journal of Sensor and Actuator Networks

Abstract:With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

Seonghoon Jeong,Sangho Lee,Hwejae Lee,Huy Kang Kim

DOI: https://doi.org/10.1109/TVT.2023.3327275

2024-03-14

Abstract:Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Cryptography and Security,Signal Processing

Youngmi Baek,Seongjoo Shin

DOI: https://doi.org/10.3390/s22072636

2022-03-29

Abstract:Automotive cyber-physical systems are in transition from the closed-systems to open-networking systems. As a result, in-vehicle networks such as the controller area network (CAN) have become essential to connect to inter-vehicle networks through the various rich interfaces. Newly exposed security concerns derived from this requirement may cause in-vehicle networks to pose threats to automotive security and driver's safety. In this paper, to ensure a high level of security of the in-vehicle network for automotive CPS, we propose a novel lightweight and practical cyber defense platform, referred to as CANon (CAN with origin authentication and non-repudiation), to be enabled to detect cyber-attacks in real-time. CANon is designed based on the hierarchical approach of centralized-session management and distributed-origin authentication. In the former, a gateway node manages each initialization vector and session of origin-centric groups consisting of two more sending and receiving nodes. In the latter, the receiving nodes belonging to the given origin-centric group individually perform the symmetric key-based detection against cyber-attacks by verifying each message received from the sending node, namely origin authentication, in real-time. To improve the control security, CANon employs a one-time local key selected from a sequential hash chain (SHC) for authentication of an origin node in a distributed mode and exploits the iterative hash operations with randomness. Since the SHC can constantly generate and consume hash values regardless of their memory capacities, it is very effective for resource-limited nodes for in-vehicle networks. In addition, through implicit key synchronization within a given group, CANon addresses the challenges of a key exposure problem and a complex key distribution mechanism when performing symmetric key-based authentication. To achieve lightweight cyber-attack detection without imposing an additive load on CAN, CANon uses a keyed-message authentication code (KMAC) activated within a given group. The detection performance of CANon is evaluated under an actual node of Freescale S12XF and virtual nodes operating on the well-known CANoe tool. It is seen that the detection rate of CANon against brute-force and replay attacks reaches 100% when the length of KMAC is over 16 bits. It demonstrates that CANon ensures high security and is sufficient to operate in real-time even on low-performance ECUs. Moreover, CANon based on several software modules operates without an additive hardware security module at an upper layer of the CAN protocol and can be directly ported to CAN-FD (CAN with Flexible Data rate) so that it achieves the practical cyber defense platform.

Junchao Xiao,Hao Wu,Xiangxue Li,Yuan Linghu

DOI: https://doi.org/10.1007/978-3-030-38961-1_40

2020-01-01

Abstract:A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

Muzun Althunayyan,Amir Javed,Omer Rana

2024-08-16

Abstract:As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment.

Cryptography and Security

Efrat Levy,Asaf Shabtai,Bogdan Groza,Pal-Stefan Murvay,Yuval Elovici

DOI: https://doi.org/10.48550/arXiv.2106.07895

2021-06-15

Abstract:The Controller Area Network (CAN) is used for communication between in-vehicle devices. The CAN bus has been shown to be vulnerable to remote attacks. To harden vehicles against such attacks, vehicle manufacturers have divided in-vehicle networks into sub-networks, logically isolating critical devices. However, attackers may still have physical access to various sub-networks where they can connect a malicious device. This threat has not been adequately addressed, as methods proposed to determine physical intrusion points have shown weak results, emphasizing the need to develop more advanced techniques. To address this type of threat, we propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus. The first mechanism uses data augmentation and deep learning to detect and locate physical intrusions when the vehicle starts; this mechanism can detect and locate intrusions, even when the connected malicious devices are silent. This mechanism's effectiveness (100% accuracy) is demonstrated in a wide variety of insertion scenarios on a CAN bus prototype. The second mechanism is a continuous device authentication mechanism, which is also based on deep learning; this mechanism's robustness (99.8% accuracy) is demonstrated on a real moving vehicle.

Cryptography and Security,Machine Learning

Hyungchul Im,Donghyeon Lee,Seongsoo Lee

DOI: https://doi.org/10.3390/s24092807

IF: 3.9

2024-04-29

Sensors

Abstract:The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zachariah Tyree,Robert A. Bridges,Frank L. Combs,Michael R. Moore

DOI: https://doi.org/10.48550/arXiv.1808.10840

2018-08-28

Abstract:Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors--one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.

Cryptography and Security

Haoyu Ma,Jianqiu Cao,Bo Mi,Darong Huang,Yang Liu,Shaoqian Li

DOI: https://doi.org/10.1155/2022/5827056

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:With the rapid development of vehicular networking and intelligence, more interfaces are adopted by cars to interact with the external world. Accordingly, this also brings enormous security risks, which are potentially catastrophic due to communication loopholes. Since the Controller Area Network (CAN) is critical to the transmission of commands among vehicular components, it has become a prime target for hacker research and attack. Considering that the CAN bus is commonly used and its protocol is always flawed, how to efficiently detect the intrusions against it has become an evitable problem. In this paper, we presented an intrusion detection system that can be rapidly deployed inside the vehicle. Aiming at achieving the goal of real-time detection, we devised a feature extraction algorithm with low complexity and thoroughly exploited its advantages via a GRU-based lightweight neural network. The experiment was physically conducted on in-vehicle embedded devices using publicly available datasets. Experiment results illustrated that our intrusion detection system could be rapidly deployed with high classification and real-time performance. Moreover, we also discussed how an intrusion detection system could work with OTA services to improve the intelligence of vehicular operating systems and prevent potential attacks.

Junge Xu,Fan Zhang,Wenguang Jin,Kun Yang,Zeke Wang,Weixiong Jiang,Yajun Ha

DOI: https://doi.org/10.1109/tcad.2024.3426364

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:With increasing computation of various applications, dynamic voltage and frequency scaling (DVFS) is gradually deployed on FPGAs to improve performance and save energy. However, its reliability and security have not been sufficiently evaluated, which incurs quite many concerns. In this paper, we propose an evaluation framework for deep investigation of stealthy DVFS fault injection attacks on the state-of-the-art deep neural networks (DNNs) deployed on modern FPGAs. The evaluation framework mainly consists of a DVFS attack striker and a time-to-digital converter (TDC) based hardware profiler. Two modes of evaluation are derived, and their effectiveness is demonstrated on a platform composed of a SkyNet accelerator and three ImageNet models built on a Xilinx deep learning processor unit (DPU). Experimental results show that more than 99% detection accuracy loss can be measured targeting at all tested DNN models under prospective operation mode but without any performance degradation in frame per second (FPS). In our investigation of sensitive layer mode, more than 93% average accuracy loss with 84.7% fault probability can be measured on a single bundle of the SkyNet. We characterize the vulnerabilities of different DNN layers subject to DVFS attacks through leveraging the TDC-based hardware profiler to precisely control the timing of fault injection.

Pengzhou Cheng,Mu Han,Gongshen Liu

DOI: https://doi.org/10.1016/j.future.2022.10.020

2023-01-01

Abstract:Controller area network (CAN) is a widely used communication protocol for in-vehicle networks. With the up-gradation of traditional vehicle ad-hoc networks (VANETs) to the internet of vehicles (IoV), the connectivity is incremental between the vehicular network and the outside world, making cyber-security become a stringent problem. Although existing machine learning-based methods for automotive intrusion detection are powerful, there are still limitations in detection performance and resistance attack types during the unsupervised learning process that lacks massive amounts of labels. Therefore, this paper proposes an in-vehicle intrusion detection system that incorporates a combination of sparse regularization convolutional auto-encoder (SRCAE) and streams clustering to construct a deep evolving stream clustering model, namely DESC-IDS. Specifically, the method encodes continuous messages as 2-D data frames, which are fed into the SRCAE built by the temporal convolutional network (TCN) to obtain a low-dimensional non-linear spatial–temporal mapping of the high-dimensional data. Thereafter, the stream clustering model can describe a contour baseline of normal communication messages by the spatial–temporal features. Based on this baseline, DESC-IDS can detect any abnormal changes in vehicular communication. In particular, this paper exploits the SRCAE to reconstruct message matrices, which are considered as variants of known attacks due to reconstruction deviation. The extensive evaluation results illustrate that the proposed model provides enough performance and real-time competitiveness in anomaly detection, with 96.44% accuracy on the HCRL intrusion dataset and 98.80% accuracy on the ORNL intrusion dataset. For the mixed attack of fabrication and masquerade, the proposed model achieves stable F1-scores of 93.48% and 86.99%, respectively. Moreover, the performance in unknown attacks is righteous with 98.43% accuracy and 97.15% F1-scores.

Shaoqiang Wang,Baosen Zheng,Zhaoyuan Liu,Ziyao Fan,Yubao Liu,Yinfei Dai

DOI: https://doi.org/10.1109/access.2024.3445498

IF: 3.9

2024-01-01

IEEE Access

Abstract:As the connectivity between Electronic Control Units (ECUs) and the external environment intensifies, the security and safeguarding of In-Vehicle Networks (IVNs) have become pressing issues. The Controller Area Network (CAN) bus, the most commonly employed vehicular network protocol, is particularly vulnerable due to its inherent lack of security measures, making it susceptible to various attacks. In this paper, we introduce a novel intrusion detection model for CAN networks, named IVN-ViT. The proposed IVN-ViT model utilizes an enhanced Vision Transformer architecture (Edge-ViT), incorporating self-supervised learning with Cutout data augmentation, Particle Swarm Optimization (PSO) for feature selection, and a fine-tuning strategy that merges Parameter Instance Discrimination (PID) with supervised loss. This not only enhances the model’s convergence speed and predictive accuracy but also meets the lightweight requirements of CAN networks. Experimental results on the "HCRL-car hacking" dataset and the "X-CANIDS" dataset demonstrate that our model achieves over 99% accuracy across all types of attacks. In a simulated vehicular environment, the detection latency for each message averages approximately 1.04ms, fully meeting the first-time requirements of CAN networks. The experiments validate that our proposed method significantly improves model accuracy while ensuring efficient operation within the limited computational resources available in vehicle systems.