On the Resilience of Machine Learning-Based IDS for Automotive Networks

TL;DR

This paper examines the vulnerability of machine learning-based intrusion detection systems in automotive networks to adversarial attacks, highlighting their current limitations and assessing their readiness for real-world deployment.

Contribution

It provides a comprehensive analysis of adversarial sample vulnerabilities across four ML-based IDS solutions for automotive networks and evaluates potential mitigation strategies.

Findings

Adversarial samples significantly affect three out of four IDS solutions.

Transferability of adversarial samples exists between different systems.

Training with adversarial samples impacts detection performance and attack success rate.

Abstract

Modern automotive functions are controlled by a large number of small computers called electronic control units (ECUs). These functions span from safety-critical autonomous driving to comfort and infotainment. ECUs communicate with one another over multiple internal networks using different technologies. Some, such as Controller Area Network (CAN), are very simple and provide minimal or no security services. Machine learning techniques can be used to detect anomalous activities in such networks. However, it is necessary that these machine learning techniques are not prone to adversarial attacks. In this paper, we investigate adversarial sample vulnerabilities in four different machine learning-based intrusion detection systems for automotive networks. We show that adversarial samples negatively impact three of the four studied solutions. Furthermore, we analyze transferability of adversarial samples between different systems. We also investigate detection performance and the attack success rate after using adversarial samples in the training. After analyzing these results, we discuss whether current solutions are mature enough for a use in modern vehicles.