<p>The Controller Area Network (CAN) is a multi-master protocol that enables automotive electronic control units (ECUs) to communicate with each other without a central framework, including in the context of autonomous vehicles. CAN uses a differential two-wire bus to exchange real-time oriented messages. Message transmission of this protocol is not encrypted or authenticated, so attackers can easily intercept it. Recent studies have proposed deep learning-based intrusion detection systems (IDS), but data leakage, limited vehicle evaluation, and poor real-time feasibility lead to overstated performance. We present a hybrid deep learning model that combines one-dimensional convolutional neural networks (CNNs) and gated recurrent units (GRUs). CNN layers collect local temporal-spatial characteristics from CAN data, while the GRU captures longer-term temporal dependencies with lower computational cost than long-short term memory (LSTM) or Bidirectional-LSTM. We use random forest analysis to highlight the datasets’ most discriminative features, thereby enhancing the study. We test the suggested model on the Car-Hacking, IVN-IDS challenge, and the newest CAN-traffic datasets, using unseen vehicle data and attack types. Three experimental situations are considered: in-distribution evaluation, cross-vehicle generalisation over known attacks, and cross-vehicle and cross-attack testing on unseen attacks. The model achieves near-perfect detection in distribution conditions and exhibits good performance across various vehicles for shared attack types. DoS remains the most reliably detected attack. Real-time evaluation using time-window simulation demonstrates the practicality of this approach, with inference time and memory footprint significantly lower than those of transformer-based and other spatio-temporal models from the literature.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Intrusion detection in CAN protocol using novel spatial-temporal deep learning model for secure autonomous vehicles communication

  • Maroua Ghamri,
  • Selma Boumerdassi,
  • Aissa Belmeguenai,
  • Salim Bitam

摘要

The Controller Area Network (CAN) is a multi-master protocol that enables automotive electronic control units (ECUs) to communicate with each other without a central framework, including in the context of autonomous vehicles. CAN uses a differential two-wire bus to exchange real-time oriented messages. Message transmission of this protocol is not encrypted or authenticated, so attackers can easily intercept it. Recent studies have proposed deep learning-based intrusion detection systems (IDS), but data leakage, limited vehicle evaluation, and poor real-time feasibility lead to overstated performance. We present a hybrid deep learning model that combines one-dimensional convolutional neural networks (CNNs) and gated recurrent units (GRUs). CNN layers collect local temporal-spatial characteristics from CAN data, while the GRU captures longer-term temporal dependencies with lower computational cost than long-short term memory (LSTM) or Bidirectional-LSTM. We use random forest analysis to highlight the datasets’ most discriminative features, thereby enhancing the study. We test the suggested model on the Car-Hacking, IVN-IDS challenge, and the newest CAN-traffic datasets, using unseen vehicle data and attack types. Three experimental situations are considered: in-distribution evaluation, cross-vehicle generalisation over known attacks, and cross-vehicle and cross-attack testing on unseen attacks. The model achieves near-perfect detection in distribution conditions and exhibits good performance across various vehicles for shared attack types. DoS remains the most reliably detected attack. Real-time evaluation using time-window simulation demonstrates the practicality of this approach, with inference time and memory footprint significantly lower than those of transformer-based and other spatio-temporal models from the literature.