In recent years, the increased application of controller area network (CAN) protocols has made it the de facto standard for communication between electronic control units (ECUs) in the automotive and transportation fields. This widely used protocol was designed as a reliable and straightforward broadcast-based protocol that connects ECUs without considering security concerns such as node authentication or traffic encryption. Despite its efficiency, this tradeoff makes the CAN bus vulnerable to attacks. Implementing intrusion detection systems (IDSs) based on machine learning (ML) can address these security challenges effectively. However, existing ML-based IDSs have limited classification capabilities, lack adaptability and time sensitivity, incomprehensive analysis, and produce high false-negative rates (FNR), while attack schemes are becoming increasingly complex, resulting in insufficient capability of intrusion detection in real-time and insufficient ability to offer reliable protection. Therefore, our study proposes a novel in-vehicle IDS for multiclass classification using both packet- and sequence-level characteristics extracted from an autoencoder and a variant transformer (Time-embedded Transformer) with an improved position encoding mechanism, which analyses CAN traffic in-depth from various perspectives to overcome the existing challenges above. Both standard (Car-Hacking) and advanced (ROAD) datasets are used to evaluate the capabilities of our proposed IDS. The evaluation results demonstrated 100 % detection accuracy and 0 % FNR for both the Car-Hacking and ROAD Masquerade datasets, which also peaked at the highest F1 score for the ROAD Fabrication dataset, emphasizing superior intrusion detection to minimize FNR of the proposed model with high adaptability through its multi-dimensional analysis at packet- and sequence-level.
Read full abstract