GAN生成模型生成车端CAN帧数据/时序数据

With the rapid development of the intelligent connected vehicle industry, the number of on-board ECUs has surged. As the core standard for on-board communication, the CAN protocol faces prominent security risks. Bus intrusion can easily lead to vehicle loss of control and other accidents, making the research and development of on-board network intrusion detection technology of great significance. This paper expounds on the structure of the CAN protocol, the classification of intrusion detection systems, and the core characteristics of CNN. Addressing the bottlenecks of data imbalance in datasets and unknown attack detection, we design a data generation network based on the associative attention mechanism, AAFormer-GAN. This network, with AAFormer as its backbone, employs a mean squared error loss function to alleviate the vanishing gradient problem in traditional GANs, generating time-series attack samples that closely resemble the real distribution. Experimental verification shows that its generation quality surpasses mainstream models such as WGAN-GP. The unknown attack detection model constructed based on this provides an innovative solution for onboard CAN bus intrusion detection, enhancing the ability to identify small samples and unknown attacks.

The growing abundance of electronic control units and peripheral devices loaded and connected to smart connected cars has resulted in a constant stream of cyber-attacks at various levels and dimensions. The CAN-FD bus plays a crucial role in smart connected cars. Currently, the majority of research efforts remain centered around the traditional CAN bus, with fewer studies addressing intrusion detection for the CAN-FD bus in smart connected vehicles. CAN-FD boasts a notable improvement in transmission speed, capable of reaching up to 8 Mbps compared to the 1 Mbps of the standard CAN bus. Utilizing intrusion detection systems designed for the CAN bus in high-speed CAN-FD applications could potentially hinder normal transmission and detection efficiency. Hence, we focus on the attack and intrusion detection of CAN-FD bus ID nodes to prevent unauthorized access and potential malicious attacks. We propose an ID intrusion detection system based on an improved Generative Adversarial Network (GAN) model, which consists of two parts: a data pre-processing module and a detection module. To apply the GAN model to the vehicle bus, we perform pre-processing of the bus data. We introduce the concept of dual discriminator to improve the detection rate and enable the handling of unknown attacks. With the output of dual discriminator, we can determine whether there are any anomalies in the detection data. First, we use a data pre-processing module to convert the ID segments of the automobile CAN-FD into binary image encoding to form ID images. Subsequently, these ID images are fed into an ID image feature extractor in the detection module to extract various auxiliary features. The discriminator receives these auxiliary features and calculates the probability of whether the received image is a normal ID image or not to determine the authenticity of the ID image. The experimental results show that the proposed intrusion detection system is able to detect a message within 0.15 ms, which fully meets the real-time detection requirements while the vehicle is in motion. The average detection rate of the proposed system for different types of attacks is 99.93%, which is an average of 1.2% improvement of the detection rate over the GIDS algorithm. The proposed system not only ensures the normal communication of CAN-FD bus but also realizes real-time and accurate intrusion detection.

Ensuring the cybersecurity of modern vehicles is paramount as connected and autonomous systems become increasingly prevalent. However, existing intrusion detection systems (IDS) often face challenges such as imbalanced datasets and high computational demands, limiting their practical deployment in automotive environments. To address these limitations, we employ spectral normalization GAN to synthesize anomalous data, achieving a balanced distribution across four attack categories and normal traffic. We further propose a lightweight classification model, named Depthwise Separable Convolutional Kolmogorov–Arnold network (DSC-KAN), which incorporates Kolmogorov–Arnold (K–A) theorem to enhance efficiency while maintaining high classification performance. Experimental results demonstrate that our approach outperforms existing methods in accuracy and computational efficiency, offering a robust and practical IDS solution. The proposed method has the potential to significantly improve vehicle network security, ensuring safer and more reliable deployment of connected and autonomous driving technologies.

As the de-facto standard for in-vehicle networks, the Controller Area Network (CAN) is exposed to different types of cyber-attacks due to the lack of security mechanisms. Intrusion Detection Systems (IDS) can be deployed to identify the attacks by monitoring host and network activities. However, there is little abnormal historical data that can be used to train deep learning models, resulting in data imbalance and biased trained model. Hence, we propose a prediction-based IDS framework for detecting the attacks on a CAN bus, which consists of two deep-learning models of the data augmentation module and the prediction module. Firstly, the Generative Adversarial Networks (GAN) was utilized as the data augmentation module to automatically generate high-quality attack data and balance the training set. Two networks were introduced as the prediction module, and the first one is a convolutional neural networks (CNN) that predicts correlated data of all CAN IDs, and the second one is an LSTM that predicts messages individually using times series data for each CAN ID. Furthermore, an intrusion detection equipment for the CAN bus was designed and the real vehicle test was conducted. The experimental results show that the proposed method can detect CAN attacks, with an average F1-score of 99.74% and an accuracy of 99.78%. Compared with the reference work, the F1-score of attack detection is improved by 15.25%, and also the detection time is reduced by 29.11%.

The intelligent connected vehicle (ICV) has garnered considerable attention in recent years due to developments in vehicle-to-everything (V2X) technology, 5G communication networks, and more. However, the connection between the in-vehicle network (IVN) and external network exposes vehicles to potential intrusion risks. In particular, the controller area network (CAN) protocol, a typical IVN responsible for electronic control unit cooperation, lacks defense mechanisms like encryption or authentication, further making vehicles vulnerable to intrusion. Therefore, many scholars propose countermeasures to address the weakness of CAN, namely message authentication and intrusion detection systems (IDS). Given that the former may occupy extra bandwidth and computational resources, we prioritize IDS in this paper. Thus, we propose a generative adversarial network assisted contextual pattern-aware IDS (GPIDS) against several typical vehicle attacks, including bus-off, spoofing, masquerade, replay, fuzzy, and same origin method execution (SOME). The SOME attack stems from the Internet of Things field and possesses high disguise property, which can mimic physical features as normal messages in IVN, like clock skew, traffic, voltage, and so on. Notably, to the best of our knowledge, we are the first to present an IDS capable of effectively addressing SOME attacks. Extensive experiments have been conducted on four real vehicles, demonstrating that GPIDS can accurately detect the aforementioned attacks with low latency.

In recent years, significant research has occurred on developing various protocols for communication within an autonomous vehicle. Due to the simplicity and trustworthiness of a Controller Area Network (CAN) bus, it has become trendy and widely employed for in-vehicle communication. However, research indicates numerous network-level threats are possible owing to the CAN bus's lack of defense mechanisms. Messages are prone to attacks from third-party sources threatening the correctness of the CAN bus messages. In the last few years, machine learning and deep learning algorithms have effectively improved CAN security and developed various misbehavior, intrusion prevention, and detection systems. However, a large amount of data is required to train these algorithms. There are currently very few CAN datasets available, which has become a major barrier for researchers when developing new CAN security algorithms. Also, the nature of the data in question is tedious to accumulate, especially if there is a need for specific features. In this work, we proposed SCAN-GAN (Synthetic CAN), a generative adversarial Network (GAN) based technique to generate data using existing collected data and presented a synthetic CAN dataset. We also compared the original and generated dataset based on various parameters as well as on well-known classification algorithms, showing that various previous models deliver improved results on the generated dataset over the original dataset. The results exhibit the efficiency of using GANs for data production, which is on par with real data. The results of this work also suggest the adaptability of the GAN to work with varied datasets.

The increasing connectivity of in-vehicle electronic control systems has intensified the need for robust cybersecurity solutions, especially for the Controller Area Network (CAN) bus. This study proposes a deep learning–based Intrusion Detection System (IDS) utilizing a Generative Adversarial Network (GAN) architecture to detect anomalous CAN bus traffic in real time. The GAN model is trained solely on legitimate CAN messages, enabling it to learn the underlying statistical patterns of normal communication without relying on predefined attack signatures. The proposed GAN-IDS demonstrates strong detection performance, achieving an accuracy of 98.7% and an F1-Score of 98.5%, outperforming conventional deep learning baselines. To assess deployment feasibility, the discriminator is optimized using TensorFlow Lite (TFLite) and deployed on a Raspberry Pi 4 integrated with a PiCAN2 interface. Hardware evaluation confirms real-time operation with a low detection latency of 2.9 milliseconds per message sequence. System interpretability is further enhanced through SHapley Additive exPlanations (SHAP), which identify CAN ID, engine torque, and RPM as the most influential features contributing to anomaly classification. The proposed GAN-based IDS offer a scalable, manufacturer-independent, and non-intrusive cybersecurity solution for modern Electric Vehicles. Its combination of high detection performance, real-time hardware deployment, and interpretable decision-making marks a significant step toward more intelligent and resilient security mechanisms for future connected and autonomous vehicles.

The Controller Area Network (CAN) bus protocol is the essential communication backbone in vehicles within the Intelligent Transportation System (ITS), enabling interaction between electronic control units (ECUs). However, CAN messages lack authentication and security, making the system vulnerable to attacks such as DoS, fuzzing, impersonation, and spoofing. This paper evaluates deep learning methods to detect intrusions in the CAN bus network. Using the Car Hacking, Survival Analysis, and OTIDS datasets, we train and test models to identify automotive cyber threats. We explore recurrent neural network (RNN) variants, including LSTM, GRU, and VGG-16, to analyze temporal and spatial features in the data. LSTMs and GRUs handle long-term dependencies in sequential data, making them suitable for analyzing CAN messages. Bi-LSTMs enhance this by processing sequences in both directions, learning from past and future contexts to improve anomaly detection. Our results show that LSTM achieves 99.89% accuracy in binary classification, while VGG-16 reaches 100% accuracy in multiclass classification. These findings demonstrate the potential of deep learning techniques in improving the security and resilience of ITS by effectively detecting and mitigating CAN bus network attacks.

The Electric Vehicle (EV) industry has recently experienced notable technological progress in the field of Controller Area Network (CAN) protocol. The use of CAN bus protocol in EVs is exposed to intrinsic cybersecurity risks and consequently causing EV damages as a result of lack of authentication, authorization, and accounting mechanisms. This paper examines the vulnerabilities within the EVs’ CAN bus protocol and explores potential strategies for mitigating cyber threats (i.e. Denial of Service (DOS) and impersonation attacks). In particular, the paper proposes Adaptive Neuro Fuzzy Inference System (ANFIS) based detection techniques superimposed with Subtractive Clustering (SC) and Fuzzy C-Means clustering (FCM). Results demonstrate that the proposed ANFIS-SC and ANFIS-FCM detection model testing accuracy is 99.6%, TPR and TNR values are above 99.8%. In addition to the low FPR and FNR values are less than 0.2% of the proposed ANFIS-SC and ANFIS-FCM detection techniques. The overall F1 score is above 98.8%.

No abstract available