As the core communication protocol in modern vehicles, the security of the Controller Area Network (CAN) bus is crucial for ensuring normal operation and defending against external attacks. This paper proposes a model named FWTnet, a multi-feature fusion-based intrusion detection approach for the CAN bus, designed to enhance the classification performance of normal and attack messages. First, we employ the Fourier Transform and Wavelet Transform to extract features from CAN messages separately. A Long Short-Term Memory (LSTM) network with fully connected layers is used for classification based on Fourier Transform features, while a fully connected network is applied directly to the Wavelet Transform features. The extracted features from the fully connected layers of both pre-trained networks are then fed into a cross neural network for final training and classification. Experimental results demonstrate that our approach achieves an average accuracy of 99.98% with an F1-score of 99.93% on the CarHacking dataset and an average accuracy of 99.99% on the CANFD dataset. Furthermore, to evaluate the model’s generalization ability, we trained it on DoS attack data from the CANFD dataset and tested it on DoS attack samples from the CarHacking dataset, achieving an accuracy of 95.79%. These results validate the effectiveness and robustness of the proposed method.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Research on CAN Bus Intrusion Detection Method Based on Feature Fusion of Fourier Transform and Wavelet Transform

  • Zixin Liu,
  • Xiangsen Sun,
  • Daohua Liu

摘要

As the core communication protocol in modern vehicles, the security of the Controller Area Network (CAN) bus is crucial for ensuring normal operation and defending against external attacks. This paper proposes a model named FWTnet, a multi-feature fusion-based intrusion detection approach for the CAN bus, designed to enhance the classification performance of normal and attack messages. First, we employ the Fourier Transform and Wavelet Transform to extract features from CAN messages separately. A Long Short-Term Memory (LSTM) network with fully connected layers is used for classification based on Fourier Transform features, while a fully connected network is applied directly to the Wavelet Transform features. The extracted features from the fully connected layers of both pre-trained networks are then fed into a cross neural network for final training and classification. Experimental results demonstrate that our approach achieves an average accuracy of 99.98% with an F1-score of 99.93% on the CarHacking dataset and an average accuracy of 99.99% on the CANFD dataset. Furthermore, to evaluate the model’s generalization ability, we trained it on DoS attack data from the CANFD dataset and tested it on DoS attack samples from the CarHacking dataset, achieving an accuracy of 95.79%. These results validate the effectiveness and robustness of the proposed method.