Anomaly Detection in Intra-Vehicle Networks

TL;DR

This paper presents an AI-based intrusion detection system for intra-vehicle CAN bus networks, achieving over 99% accuracy in detecting known cyber-attacks by analyzing time-series data and attack frequency.

Contribution

It introduces a novel IDS leveraging multiple AI algorithms, emphasizing the importance of time-series features for high-accuracy attack detection in vehicle networks.

Findings

AI algorithms detect attacks with >99% accuracy when using attack frequency.

Inclusion of timestamps improves detection accuracy to 92-97%.

LSTM, Xgboost, and SVC are the top-performing classifiers.

Abstract

The progression of innovation and technology and ease of inter-connectivity among networks has allowed us to evolve towards one of the promising areas, the Internet of Vehicles. Nowadays, modern vehicles are connected to a range of networks, including intra-vehicle networks and external networks. However, a primary challenge in the automotive industry is to make the vehicle safe and reliable; particularly with the loopholes in the existing traditional protocols, cyber-attacks on the vehicle network are rising drastically. Practically every vehicle uses the universal Controller Area Network (CAN) bus protocol for the communication between electronic control units to transmit key vehicle functionality and messages related to driver safety. The CAN bus system, although its critical significance, lacks the key feature of any protocol authentication and authorization. Resulting in compromises of CAN bus security leads to serious issues to both car and driver safety. This paper discusses the security issues of the CAN bus protocol and proposes an Intrusion Detection System (IDS) that detects known attacks on in-vehicle networks. Multiple Artificial Intelligence (AI) algorithms are employed to provide recognition of known potential cyber-attacks based on messages, timestamps, and data packets traveling through the CAN. The main objective of this paper is to accurately detect cyberattacks by considering time-series features and attack frequency. The majority of the evaluated AI algorithms, when considering attack frequency, correctly identify known attacks with remarkable accuracy of more than 99%. However, these models achieve approximately 92% to 97% accuracy when timestamps are not taken into account. Long Short Term Memory (LSTM), Xgboost, and SVC have proved to the well-performing classifiers.