CANSecure: CNN-LSTM Approach for Controller Area Network (CAN) Intrusion Detection
摘要
The Controller Area Network (CAN) finds its application within the automotive and general industrial environment as a communication protocol for exchanging messages between Electronic Control Units (ECUs). However, the security of such systems has become very much a concern in today’s day, where these systems are faced with increasing instances of attacks targeting them. To address this, we propose CANSecure, a novel intrusion detection system based on CNN-LSTM used in CAN. Specifically, this architecture was designed for real-time deployment on microcontrollers. The model was developed based on a comprehensive database comprising Denial-of-Service (DoS), spoofing, and fuzzing attacks. For practical real-time purposes, the model was implemented on a Texas Instruments C2000 F280049C 16-bit microcontroller equipped with an onboard CAN interface. In the experimental setup, two microcontrollers were employed—one for attack simulation (DoS and spoofing), while the other deployed the machine learning (ML) model using TensorFlow Lite to detect intrusions. When an attack is detected, the system activates a light emitting diode (LED) indicator, confirming that the system operates in real time. The model achieved an accuracy of 94.81% precision of 99.87%. The results provide clear evidence of the capability of lightweight machine learning detection, rendering CANSecure a practical solution for addressing automotive cybersecurity challenges.