Abstract
<div>The increased connectivity of vehicles expands the attack surface of in-vehicle networks, enabling attackers to infiltrate through external interfaces and inject malicious traffic. These malicious flows often contain anomalous semantic information, potentially leading to misleading control instructions or erroneous decisions. While most semantic-based anomaly detection methods for in-vehicle networks focus on extracting semantic context, they often overlook interactions and associations between multiple semantics, resulting in a high false positive rate (FPR). To address these challenges, the Adaptive Structure Graph Attention Network Model (AS-GAT) is proposed for in-vehicle network anomaly detection. Our approach combines a semantic extractor with a continuously updated graph structure learning method based on attention weight similarity constraints. The semantic extractor identifies semantic features within messages, while the graph structure learning module adaptively updates the graph structure based on attention weights between semantics. This model effectively learns relationships between multiple semantics in in-vehicle network packets, thereby enhancing anomaly detection accuracy. A case study on a CAN-FD dataset from real vehicles demonstrates that using AS-GAT achieves an F1 score of 97.56% in anomaly detection, outperforming baseline methods by effectively identifying attack packets causing abnormal semantic time series changes, such as fuzzing, spoofing, and replay attacks. Additional experiments on two public datasets, SWaT and WADI, further validate AS-GAT’s superior anomaly detection performance compared to baseline models, highlighting the universal applicability of our approach.</div>
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call