A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder

Abstract

The attacks on in-vehicle Controller Area Network (CAN) bus messages severely disrupt normal communication between vehicles. Therefore, researches on intrusion detection models for CAN have positive business value for vehicle security, and the intrusion detection technology for CAN bus messages can effectively protect the in-vehicle network from unlawful attacks. Previous machine learning-based models are unable to effectively identify intrusive abnormal messages due to their inherent shortcomings. Hence, to address the shortcomings of the previous machine learning-based intrusion detection technique, we propose a novel method using Attention Mechanism and AutoEncoder for Intrusion Detection (AMAEID). The AMAEID model first converts the raw hexadecimal message data into binary format to obtain better input. Then the AMAEID model encodes and decodes the binary message data using a multi-layer denoising autoencoder model to obtain a hidden feature representation that can represent the potential features behind the message data at a deeper level. Finally, the AMAEID model uses the attention mechanism and the fully connected layer network to infer whether the message is an abnormal message or not. The experimental results with three evaluation metrics on a real in-vehicle CAN bus message dataset outperform some traditional machine learning algorithms, demonstrating the effectiveness of the AMAEID model.