Unsupervised Deep Learning Approach for In-Vehicle Intrusion Detection System

Abstract

The controller area network (CAN) is a standard communication protocol used for sending messages between electronic control unit of a modern automotive system. CAN protocol does not have any in-built security mechanisms and, hence, various attacks can affect the vehicle and cause life threats to the passengers. This article presents an unsupervised deep learning architecture for detecting intrusions on a CAN bus. The CAN intrusion detection system (IDS) architecture has an autoencoder that helps to learn the optimal features from CAN packets to differentiate between the normal and attacks. The optimal features are passed as input to the Gaussian mixture model, which helps us to cluster the CAN network packet data samples into normal and attacks. A detailed analysis of the proposed architecture is done on the CAN IDS dataset. To develop a robust CAN IDS system and achieve generalization, the proposed method is evaluated on the other two computer network intrusion datasets and a wireless sensor network dataset. In all the experiments, the proposed method has performed better than the existing unsupervised method and mainly showed a performance gain of 6.4% on the CAN IDS dataset. This indicates that the proposed method is robust and generalizable across detecting various attacks in a CAN bus and most importantly, the method can be used in real time to effectively monitor the CAN network traffic to proactively alert possible attacks.