Junchao Xiao,Lin Yang,Fuli Zhong,Hongbo Chen,Xiangxue Li

DOI: https://doi.org/10.1007/s10489-022-03412-8

IF: 5.3

2022-05-25

Applied Intelligence

Abstract:With the development of Internet of Vehicles (IoVs) techniques, many emerging technologies and their applications are integrated with IoVs. The application of these new technologies requires vehicles to communicate with external networks frequently, which makes the in-vehicle network more vulnerable to hacker attacks. It is imperative to detect hacker attacks on in-vehicle networks. A control area network graph attention networks (CAN-GAT) model is proposed to implement the anomaly detection of in-vehicle networks, and a graph neural network (GNN) anomaly-based detection framework using graph convolution, graph attention and CAN-GAT network model for in-vehicle network based on CAN bus is presented. In this detection framework, a graph is designed with the traffic on the CAN bus to capture the correlation between the change of the traffic bytes and the state of other traffic bytes effectively and help improve the detection accuracy and efficiency. Compared simulation experiments are conducted to test the proposed model, and the obtained model performance metrics results show that the CAN-GAT-2 model based on two-layer CAN-GAT achieves better performance. In addition, the visualization and quantitative analysis methods are used to explain how can the attention mechanism of CAN-GAT-2 improve the performance, which can help to construct better GNNs in anomaly detection of in-vehicle network. The model performance evaluation results show that CAN-GAT-2 achieved improved accuracy among the compared baseline methods, and has good detection speed performance.

computer science, artificial intelligence

Kai Wang,Qiguang Jiang,Bailing Wang,Yongzheng Zhang,Yulei Wu

DOI: https://doi.org/10.48550/arXiv.2311.07056

2023-11-13

Abstract:As an important component of internet of vehicles (IoV), intelligent connected vehicles (ICVs) have to communicate with external networks frequently. In this case, the resource-constrained in-vehicle network (IVN) is facing a wide variety of complex and changing external cyber-attacks, especially the masquerade attack with high difficulty of detection while serious damaging effects that few counter measures can identify successfully. Moreover, only coarse-grained recognition can be achieved in current mainstream intrusion detection mechanisms, i.e., whether a whole data flow observation window contains attack labels rather than fine-grained recognition on every single data item within this window. In this paper, we propose StatGraph: an Effective Multi-view Statistical Graph Learning Intrusion Detection to implement the fine-grained intrusion detection. Specifically, StatGraph generates two statistical graphs, timing correlation graph (TCG) and coupling relationship graph (CRG), based on data streams. In given message observation windows, edge attributes in TCGs represent temporal correlation between different message IDs, while edge attributes in CRGs denote the neighbour relationship and contextual similarity. Besides, a lightweight shallow layered GCN network is trained based graph property of TCGs and CRGs, which can learn the universal laws of various patterns more effectively and further enhance the performance of detection. To address the problem of insufficient attack types in previous intrusion detection, we select two real in-vehicle CAN datasets that cover four new attacks never investigated before. Experimental result shows StatGraph improves both detection granularity and detection performance over state-of-the-art intrusion detection methods.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security

Haoyu Ma,Jianqiu Cao,Bo Mi,Darong Huang,Yang Liu,Shaoqian Li

DOI: https://doi.org/10.1155/2022/5827056

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:With the rapid development of vehicular networking and intelligence, more interfaces are adopted by cars to interact with the external world. Accordingly, this also brings enormous security risks, which are potentially catastrophic due to communication loopholes. Since the Controller Area Network (CAN) is critical to the transmission of commands among vehicular components, it has become a prime target for hacker research and attack. Considering that the CAN bus is commonly used and its protocol is always flawed, how to efficiently detect the intrusions against it has become an evitable problem. In this paper, we presented an intrusion detection system that can be rapidly deployed inside the vehicle. Aiming at achieving the goal of real-time detection, we devised a feature extraction algorithm with low complexity and thoroughly exploited its advantages via a GRU-based lightweight neural network. The experiment was physically conducted on in-vehicle embedded devices using publicly available datasets. Experiment results illustrated that our intrusion detection system could be rapidly deployed with high classification and real-time performance. Moreover, we also discussed how an intrusion detection system could work with OTA services to improve the intelligence of vehicular operating systems and prevent potential attacks.

Hengrun Zhang,Shuai Lin,K. Zeng

DOI: https://doi.org/10.1109/TIFS.2023.3240291

IF: 7.231

IEEE Transactions on Information Forensics and Security

Abstract:Due to the lack of CAN frame encryption and authentication, CAN bus is vulnerable to various attacks, which can in general be divided into message injection, suspension, and falsification. Existing CAN bus anomaly detection mechanisms either can only detect one or two of these attacks, or require numerous CAN messages during predictions, which can hardly realize real-time performance. In this paper, we propose a CAN bus anomaly detection system that can detect all these attacks simultaneously in as short as 3 milliseconds (ms) based on Graph Neural Network (GNN). This work generates directed attributed graphs based on CAN message streams in given message intervals. Node attributes denote data contents in CAN messages while each edge attribute represents the frequency of a typical CAN ID pair in the given interval. Afterwards, a GNN is trained based on generated CAN message graphs. Considering highly imbalanced training data, a two-stage classifier cascade is developed in this paper, which is composed of a one-class classifier for anomaly detection and a multi-class classifier for attack classification. An openmax layer is further introduced to the multi-class classifier to tackle new anomalies from unknown classes. To take advantage of crowdsourcing while protecting user data privacy, we adopt federated learning to train a universal model that covers different driving scenarios and vehicle states. Extensive experiment results show the effectiveness and efficiency of our methodology.

Computer Science,Engineering

Jingwen Wei,Ye Chen,Yingxu Lai,Yuhang Wang,Zhaoyi Zhang

DOI: https://doi.org/10.1109/lcomm.2022.3195486

IF: 3.5529

2022-11-12

IEEE Communications Letters

Abstract:A controller area network (CAN) bus that controls real-time communication and data transmission of electronic control units in vehicles lacks security mechanisms and is highly vulnerable to attacks. The detection effectiveness of existing In-Vehicle network intrusion detection systems (IDSs) is usually reliant on training samples of known attacks. Owing to the simple structure of the CAN bus protocol, attackers can easily create variants based on known attacks. In this study, we propose a CAN bus IDS based on a domain adversarial neural network, which can achieve high detection performance on unlearned variant attack data. In addition, we used feature fusion techniques to synthetically extract the features of the attack data to improve detection capability. The experimental results demonstrate that our proposed model has high performance and generalization ability in attack detection.

telecommunications

Fei Gao,Jinshuo Liu,Yingqi Liu,Zhenhai Gao,Rui Zhao

DOI: https://doi.org/10.3390/s24113461

IF: 3.9

2024-05-28

Sensors

Abstract:As an enhanced version of standard CAN, the Controller Area Network with Flexible Data (CAN-FD) rate is vulnerable to attacks due to its lack of information security measures. However, although anomaly detection is an effective method to prevent attacks, the accuracy of detection needs further improvement. In this paper, we propose a novel intrusion detection model for the CAN-FD bus, comprising two sub-models: Anomaly Data Detection Model (ADDM) for spotting anomalies and Anomaly Classification Detection Model (ACDM) for identifying and classifying anomaly types. ADDM employs Long Short-Term Memory (LSTM) layers to capture the long-range dependencies and temporal patterns within CAN-FD frame data, thus identifying frames that deviate from established norms. ACDM is enhanced with the attention mechanism that weights LSTM outputs, further improving the identification of sequence-based relationships and facilitating multi-attack classification. The method is evaluated on two datasets: a real-vehicle dataset including frames designed by us based on known attack patterns, and the CAN-FD Intrusion Dataset, developed by the Hacking and Countermeasure Research Lab. Our method offers broader applicability and more refined classification in anomaly detection. Compared with existing advanced LSTM-based and CNN-LSTM-based methods, our method exhibits superior performance in detection, achieving an improvement in accuracy of 1.44% and 1.01%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Maloy Kumar Devnath

2023-09-24

Abstract:The Controller Area Network (CAN) bus serves as a standard protocol for facilitating communication among various electronic control units (ECUs) within contemporary vehicles. However, it has been demonstrated that the CAN bus is susceptible to remote attacks, which pose risks to the vehicle's safety and functionality. To tackle this concern, researchers have introduced intrusion detection systems (IDSs) to identify and thwart such attacks. In this paper, we present an innovative approach to intruder detection within the CAN bus, leveraging Graph Convolutional Network (GCN) techniques as introduced by Zhang, Tong, Xu, and Maciejewski in 2019. By harnessing the capabilities of deep learning, we aim to enhance attack detection accuracy while minimizing the requirement for manual feature engineering. Our experimental findings substantiate that the proposed GCN-based method surpasses existing IDSs in terms of accuracy, precision, and recall. Additionally, our approach demonstrates efficacy in detecting mixed attacks, which are more challenging to identify than single attacks. Furthermore, it reduces the necessity for extensive feature engineering and is particularly well-suited for real-time detection systems. To the best of our knowledge, this represents the pioneering application of GCN to CAN data for intrusion detection. Our proposed approach holds significant potential in fortifying the security and safety of modern vehicles, safeguarding against attacks and preventing them from undermining vehicle functionality.

Cryptography and Security

Junchao Xiao,Hao Wu,Xiangxue Li,Yuan Linghu

DOI: https://doi.org/10.1007/978-3-030-38961-1_40

2020-01-01

Abstract:A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

Tianqi Yu,Jianling Hu,Jianfeng Yang

DOI: https://doi.org/10.3390/electronics12112510

IF: 2.9

2023-06-02

Electronics

Abstract:The Internet of Vehicles (IoV) empowers intelligent and tailored services for intelligent connected vehicles (ICVs). However, with the increasing number of onboard external communication interfaces, ICVs face the challenges of malicious network intrusions. The closure of traditional vehicles had led to in-vehicle communication protocols, including the most commonly applied controller area network (CAN), and a lack of security and privacy protection mechanisms. Therefore, to protect the connected vehicles and IoV systems from being attacked, an intrusion-detection method is proposed based on the features extracted from the arbitration identifier (ID) field of CAN messages. Specifically, a sliding window is used to continuously extract a frame of streaming CAN messages first. Afterward, the weighted self-information of the CAN message ID is defined, and both the weighted self-information and the normalized value of an ID are extracted as features. Based on the extracted features, a lightweight one-class classifier, the local outlier factor (LOF), is used to identify the outliers and detect malicious network intrusion attacks. Simulation experiments were conducted based on the public CAN dataset provided by the HCR Lab. The proposed method, using four different one-class classifiers, was analyzed, and it is also benchmarked with three information entropy-based intrusion-detection methods in the literature. The experimental results indicate that, compared to the benchmarks, the proposed method dramatically improves the detection accuracy for injection attacks, namely denial-of-service (DoS) and spoofing, especially when the number of injected messages is low.

engineering, electrical & electronic,computer science, information systems,physics, applied

Trieu Phong Nguyen,Heungwoo Nam,Daehee Kim

DOI: https://doi.org/10.1109/access.2023.3282110

IF: 3.9

2023-06-09

IEEE Access

Abstract:Despite the significant advantages of communication systems between electronic control units, the controller area network (CAN) protocol is vulnerable to attacks owing to its weak security structure. The persistent development of intrusion detection systems (IDS) is geared toward preventing vehicles from being targeted by malicious attacks. Recurrent neural networks (RNNs) have emerged as a prominent approach in this domain, contributing significantly to the evolution of IDS. Nonetheless, RNN-based methods have certain limitations in step-by-step processing. Their feature extraction at any given point in time only relies on the hidden state of previously observed information, possibly resulting in missing features in the context vector. In this paper, we propose a novel multi-class IDS using a transformer-based attention network (TAN) for an in-vehicle CAN bus. Our model builds on the self-attention mechanism, removing RNNs and classifying attacks into multiple categories. Furthermore, the proposed models can detect replay attacks by aggregating sequential CAN IDs. The experimental results indicate that the TAN is more efficient than the baselines for different input data types and datasets. The highlight is that, although sequential CAN IDs are used, our model can identify intrusion messages without requiring message labeling. Finally, by inheriting the advantages of transformers, TAN employs transfer learning to improve the performance of models trained on small data from other car models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hyun Min Song,Jiyoung Woo,Huy Kang Kim

DOI: https://doi.org/10.1016/j.vehcom.2019.100198

IF: 6.7

2020-01-01

Vehicular Communications

Abstract:<p>The implementation of electronics in modern vehicles has resulted in an increase in attacks targeting in-vehicle networks; thus, attack detection models have caught the attention of the automotive industry and its researchers. Vehicle network security is an urgent and significant problem because the malfunctioning of vehicles can directly affect human and road safety. The controller area network (CAN), which is used as a de facto standard for in-vehicle networks, does not have sufficient security features, such as message encryption and sender authentication, to protect the network from cyber-attacks. In this paper, we propose an intrusion detection system (IDS) based on a deep convolutional neural network (DCNN) to protect the CAN bus of the vehicle. The DCNN learns the network traffic patterns and detects malicious traffic without hand-designed features. We designed the DCNN model, which was optimized for the data traffic of the CAN bus, to achieve high detection performance while reducing the unnecessary complexity in the architecture of the Inception-ResNet model. We performed an experimental study using the datasets we built with a real vehicle to evaluate our detection system. The experimental results demonstrate that the proposed IDS has significantly low false negative rates and error rates when compared to the conventional machine-learning algorithms.</p>

telecommunications,transportation science & technology

Haojie Ji,Liyong Wang,Hongmao Qin,Yinghui Wang,Junjie Zhang,Biao Chen

DOI: https://doi.org/10.1007/s42154-023-00273-w

2024-01-01

Automotive Innovation

Abstract:Detecting abnormal data generated from cyberattacks has emerged as a crucial approach for identifying security threats within in-vehicle networks. The transmission of information through in-vehicle networks needs to follow specific data formats and communication protocols regulations. Typically, statistical algorithms are employed to learn these variation rules and facilitate the identification of abnormal data. However, the effectiveness of anomaly detection outcomes often falls short when confronted with highly deceptive in-vehicle network attacks. In this study, seven representative classification algorithms are selected to detect common in-vehicle network attacks, and a comparative analysis is employed to identify the most suitable and favorable detection method. In consideration of the communication protocol characteristics of in-vehicle networks, an optimal convolutional neural network (CNN) detection algorithm is proposed that uses data field characteristics and classifier selection, and its comprehensive performance is tested. In addition, the concept of Hamming distance between two adjacent packets within the in-vehicle network is introduced, enabling the proposal of an enhanced CNN algorithm that achieves robust detection of challenging-to-identify abnormal data. This paper also presents the proposed CNN classification algorithm that effectively addresses the issue of high false negative rate (FNR) in abnormal data detection based on the timestamp feature of data packets. The experimental results validate the efficacy of the proposed abnormal data detection algorithm, highlighting its strong detection performance and its potential to provide an effective solution for safeguarding the security of in-vehicle network information.

Reek Majumder,Gurcan Comert,David Werth,Adrian Gale,Mashrur Chowdhury,M Sabbir Salek

2024-12-04

Abstract:The network of services, including delivery, farming, and environmental monitoring, has experienced exponential expansion in the past decade with Unmanned Aerial Vehicles (UAVs). Yet, UAVs are not robust enough against cyberattacks, especially on the Controller Area Network (CAN) bus. The CAN bus is a general-purpose vehicle-bus standard to enable microcontrollers and in-vehicle computers to interact, primarily connecting different Electronic Control Units (ECUs). In this study, we focus on solving some of the most critical security weaknesses in UAVs by developing a novel graph-based intrusion detection system (IDS) leveraging the Uncomplicated Application-level Vehicular Communication and Networking (UAVCAN) protocol. First, we decode CAN messages based on UAVCAN protocol specification; second, we present a comprehensive method of transforming tabular UAVCAN messages into graph structures. Lastly, we apply various graph-based machine learning models for detecting cyber-attacks on the CAN bus, including graph convolutional neural networks (GCNNs), graph attention networks (GATs), Graph Sample and Aggregate Networks (GraphSAGE), and graph structure-based transformers. Our findings show that inductive models such as GATs, GraphSAGE, and graph-based transformers can achieve competitive and even better accuracy than transductive models like GCNNs in detecting various types of intrusions, with minimum information on protocol specification, thus providing a generic robust solution for CAN bus security for the UAVs. We also compared our results with baseline single-layer Long Short-Term Memory (LSTM) and found that all our graph-based models perform better without using any decoded features based on the UAVCAN protocol, highlighting higher detection performance with protocol-independent capability.

Artificial Intelligence

Markus Hanselmann,Thilo Strauss,Katharina Dormann,Holger Ulmer

DOI: https://doi.org/10.1109/access.2020.2982544

IF: 3.9

2020-01-01

IEEE Access

Abstract:We propose a neural network architecture for detecting intrusions on the controller area network (CAN). The latter is the standard communication method between the electronic control units (ECUs) of automobiles. However, CAN lacks security mechanisms and it has recently been shown that it can be attacked remotely. Hence, it is desirable to monitor CAN traffic to detect intrusions. In order to find both, known and unknown intrusion scenarios, we consider a novel unsupervised learning approach which we call CANet. To our knowledge, this is the first deep learning based intrusion detection system (IDS) that naturally handles the data structure of the high dimensional CAN bus, where different message types are sent at different times. Our method is evaluated on real and synthetic CAN data. A comparison with previous machine learning based methods shows that CANet outperforms them by a significant margin. For reproducibility of the method, our synthetic data is publicly available.

Imran Ahmed,Gwanggil Jeon,Awais Ahmad

DOI: https://doi.org/10.1109/mce.2021.3139170

2021-01-01

IEEE Consumer Electronics Magazine

Abstract:The growth of the Internet of Things (IoT) has resulted in several revolutionary applications, such as smart cities, cyber-physical systems, and the Internet of vehicles (IoV). Within the IoV infrastructure, vehicles are comprised of various electronic intelligent sensors or devices used to obtain data and communicate the necessary information with their surroundings. One of the major concerns about the implementation of these sensors or devices is data vulnerability; thus, it is necessary to present a solution that provides security, trust, and privacy to communicating entities and to secure vehicle data from malicious entities. In modern vehicles, the controller area network (CAN) is a fundamental scheme for controlling the interaction among different in-vehicle network sensors. However, not enough security features are present that support data encryption, authorization, and authentication mechanisms to secure the network from cyber or malicious intrusions such as denial of service and fuzzy attacks. An intrusion detection system is presented in this work based on the deep learning architecture to protect the CAN bus in vehicles. The VGG architecture is used and trained for different network intrusion patterns in order to detect malicious attacks. The experiments are performed using the CAN-intrusion-dataset. The experimental findings demonstrate that the presented deep learning system significantly reduces the false positive rate (FPR) compared to the conventional machine learning techniques. The overall accuracy of the system is 96 with FPR of 0.6.

telecommunications,engineering, electrical & electronic,computer science, hardware & architecture

Chen Dong,Hao Wu,Qingyuan Li

DOI: https://doi.org/10.1109/access.2023.3265018

IF: 3.9

2023-04-14

IEEE Access

Abstract:As modern vehicles become more intelligent and connected, the number of ECUs and communication interfaces with external networks (such as 3G/4G and Bluetooth) has increased significantly, which raises potential network security risks. Due to the absence of effective security measures, there is a frequent occurrence of cybersecurity incidents targeting vehicles, particularly the in-vehicle CAN bus network. As the main bus in the vehicle, the CAN bus faces important challenges in its safety due to the lack of security mechanisms. Therefore, we propose a CAN bus intrusion detection system based on multiple observation HMM for in-vehicle networks to enhance the security of the vehicle. Specifically, the proposed algorithm builds a multiple observation HMM-based on the ID and data fields of normal CAN bus traffic. According to the established HMMs, we calculate the existence probability of the frame under the defined time window as the detection threshold. When the existence probability of the frame to be detected exceeds the normal threshold range, it is considered abnormal. Furthermore, we establish four common attack models based on the collected real vehicle data and evaluate the performance of the proposed algorithm in these attack scenarios. The experimental results show that the proposed method has better detection performance than other frame-by-frame anomaly detection methods in four attack scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ping Deng,Yong Huang

DOI: https://doi.org/10.1016/j.cose.2024.104132

IF: 5.105

2024-09-28

Computers & Security

Abstract:With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an E dge-featured M ulti-hop A ttention Graph Neural Network for I ntrusion D etection S ystem (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.

computer science, information systems

Sk. Tanzir Mehedi,Adnan Anwar,Ziaur Rahman,Kawsar Ahmed

DOI: https://doi.org/10.48550/arXiv.2107.05172

2021-07-12

Cryptography and Security

Abstract:The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

Shaoqiang Wang,Baosen Zheng,Zhaoyuan Liu,Ziyao Fan,Yubao Liu,Yinfei Dai

DOI: https://doi.org/10.1109/access.2024.3445498

IF: 3.9

2024-01-01

IEEE Access

Abstract:As the connectivity between Electronic Control Units (ECUs) and the external environment intensifies, the security and safeguarding of In-Vehicle Networks (IVNs) have become pressing issues. The Controller Area Network (CAN) bus, the most commonly employed vehicular network protocol, is particularly vulnerable due to its inherent lack of security measures, making it susceptible to various attacks. In this paper, we introduce a novel intrusion detection model for CAN networks, named IVN-ViT. The proposed IVN-ViT model utilizes an enhanced Vision Transformer architecture (Edge-ViT), incorporating self-supervised learning with Cutout data augmentation, Particle Swarm Optimization (PSO) for feature selection, and a fine-tuning strategy that merges Parameter Instance Discrimination (PID) with supervised loss. This not only enhances the model’s convergence speed and predictive accuracy but also meets the lightweight requirements of CAN networks. Experimental results on the "HCRL-car hacking" dataset and the "X-CANIDS" dataset demonstrate that our model achieves over 99% accuracy across all types of attacks. In a simulated vehicular environment, the detection latency for each message averages approximately 1.04ms, fully meeting the first-time requirements of CAN networks. The experiments validate that our proposed method significantly improves model accuracy while ensuring efficient operation within the limited computational resources available in vehicle systems.