DivaCAN: Detecting in-vehicle intrusion attacks on a controller area network using ensemble learning

Abstract

The controller area network (CAN) protocol is a critical communication mechanism in vehicular systems. However, the widespread adoption of this protocol has introduced vulnerabilities to in-vehicle communication channels, making them susceptible to various security threats, including denial-of-service, fuzzy, and impersonation attacks. There is thus an urgent need to develop effective security measures to counter these threats. Unfortunately, existing approaches to attack detection suffer from shortcomings such as suboptimal accuracy and high false-positive rates. Herein, we propose a novel methodology to address these limitations, DivaCAN. DivaCAN leverages an ensemble of classifiers, including deep neural networks, the multi-layer perceptron, the light gradient-boosting machine, extra trees, random forest, and Bagging, along with k-nearest neighbors, for intrusion-attack recognition on the CAN bus. The DivaCAN model was thoroughly evaluated, and its exceptional performance, which surpasses that of the latest methodologies, was demonstrated. It was found to achieve a precision of 94.93%, a recall of 94.98%, and an F1 score of 94.97%. One notable aspect of this research is the emphasis on achieving a low false-positive rate, which is often overlooked by other methodologies. Additionally, the DivaCAN model was found to exhibit an acceptable execution time of 406 s, highlighting the importance of considering both accuracy and efficiency when evaluating the performance of classification models. This study thus significantly enhances the security of in-vehicle communication on the CAN protocol. DivaCAN is a robust and accurate intrusion-detection system that addresses the pressing need for effective security measures in vehicular systems.