车辆CAN总线入侵检测 将CAN帧数据转换为图像并使用GAN

The growing abundance of electronic control units and peripheral devices loaded and connected to smart connected cars has resulted in a constant stream of cyber-attacks at various levels and dimensions. The CAN-FD bus plays a crucial role in smart connected cars. Currently, the majority of research efforts remain centered around the traditional CAN bus, with fewer studies addressing intrusion detection for the CAN-FD bus in smart connected vehicles. CAN-FD boasts a notable improvement in transmission speed, capable of reaching up to 8 Mbps compared to the 1 Mbps of the standard CAN bus. Utilizing intrusion detection systems designed for the CAN bus in high-speed CAN-FD applications could potentially hinder normal transmission and detection efficiency. Hence, we focus on the attack and intrusion detection of CAN-FD bus ID nodes to prevent unauthorized access and potential malicious attacks. We propose an ID intrusion detection system based on an improved Generative Adversarial Network (GAN) model, which consists of two parts: a data pre-processing module and a detection module. To apply the GAN model to the vehicle bus, we perform pre-processing of the bus data. We introduce the concept of dual discriminator to improve the detection rate and enable the handling of unknown attacks. With the output of dual discriminator, we can determine whether there are any anomalies in the detection data. First, we use a data pre-processing module to convert the ID segments of the automobile CAN-FD into binary image encoding to form ID images. Subsequently, these ID images are fed into an ID image feature extractor in the detection module to extract various auxiliary features. The discriminator receives these auxiliary features and calculates the probability of whether the received image is a normal ID image or not to determine the authenticity of the ID image. The experimental results show that the proposed intrusion detection system is able to detect a message within 0.15 ms, which fully meets the real-time detection requirements while the vehicle is in motion. The average detection rate of the proposed system for different types of attacks is 99.93%, which is an average of 1.2% improvement of the detection rate over the GIDS algorithm. The proposed system not only ensures the normal communication of CAN-FD bus but also realizes real-time and accurate intrusion detection.

Ensuring the cybersecurity of modern vehicles is paramount as connected and autonomous systems become increasingly prevalent. However, existing intrusion detection systems (IDS) often face challenges such as imbalanced datasets and high computational demands, limiting their practical deployment in automotive environments. To address these limitations, we employ spectral normalization GAN to synthesize anomalous data, achieving a balanced distribution across four attack categories and normal traffic. We further propose a lightweight classification model, named Depthwise Separable Convolutional Kolmogorov–Arnold network (DSC-KAN), which incorporates Kolmogorov–Arnold (K–A) theorem to enhance efficiency while maintaining high classification performance. Experimental results demonstrate that our approach outperforms existing methods in accuracy and computational efficiency, offering a robust and practical IDS solution. The proposed method has the potential to significantly improve vehicle network security, ensuring safer and more reliable deployment of connected and autonomous driving technologies.

As electronic systems become increasingly complex and prevalent in modern vehicles, securing onboard networks is crucial, particularly as many of these systems are safety-critical. Researchers have demonstrated that modern vehicles are susceptible to various types of attacks, enabling attackers to gain control and compromise safety-critical electronic systems. Consequently, several Intrusion Detection Systems (IDSs) have been proposed in the literature to detect such cyber-attacks on vehicles. This paper introduces a novel generative classifier-based Intrusion Detection System (IDS) designed for anomaly detection in automotive networks, specifically focusing on the Controller Area Network (CAN). Leveraging variational Bayes, our proposed IDS utilizes a deep latent variable model to construct a causal graph for conditional probabilities. An auto-encoder architecture is utilized to build the classifier to estimate conditional probabilities, which contribute to the final prediction probabilities through Bayesian inference. Comparative evaluations against state-of-the-art IDSs on a public Car-hacking dataset highlight our proposed classifier's superior performance in improving detection accuracy and F1-score. The proposed IDS demonstrates its efficacy by outperforming existing models with limited training data, providing enhanced security assurance for automotive systems.

Ensuring vehicle security and preventing unauthorized driving are critical in modern transportation. Traditional driver identification methods, such as biometric authentication, require additional hardware and may not adapt well to changing driving behaviors. This study proposes a real-time driver identification system leveraging a Machine Learning Operations (MLOps)-based platform that continuously re-trains a deep learning model using vehicle Controller Area Network (CAN) data. The system collects CAN data, converts them into Markov Transition Field (MTF) images, and classifies drivers using a ResNet-18 model deployed on the Google Cloud Platform (GCP). An automated pipeline utilizing Pub/Sub, GCP Composer, and Vertex AI ensures continuous model updates based on newly uploaded driving data. Our experimental results demonstrate that models trained only on recent data significantly outperform those incorporating historical data, highlighting the necessity of frequent retraining. The intruder detection system effectively identifies unregistered drivers, further enhancing vehicle security. By automating model retraining and deployment, this system provides an adaptive solution that accommodates evolving driving behaviors, reducing reliance on static models. These findings emphasize the importance of real-time data adaptation in driver authentication systems, contributing to enhanced vehicle security and safety.

No abstract available

As modern vehicles become more connected and dependent on the Controller Area Network (CAN) for essential in-vehicle communications, the threat of cyber intrusions has grown substantially. Conventional security solutions fail to offer real-time intrusion detection in high-speed automotive environments because of their computational overhead and inefficiency. This paper proposes a novel Intrusion Detection System (IDS) based on a hybrid deep learning architecture that involves MobileNetV2 for extracting features and FastGRNN for processing sequences. The lightweight design of MobileNetV2 makes it efficient for spatial feature extraction, while temporal dependencies are addressed by FastGRNN, providing real-time detection of anomalies in vehicular networks. Experimental evaluations prove that the new IDS is superior to the traditional CNN + GRU-based models in aspects of computational complexity, accuracy, and inference time. This work advances automotive cybersecurity through the provision of an optimized, low-latency intrusion detection solution that can be deployed in real-time within contemporary intelligent vehicles.

Image anomaly detection is an important and practically significant research area. Methods such as reconstruction and feature extraction are mainly utilized. For reconstruction methods, purely normal input images should be provided, which is close to supervised learning. For feature extraction methods, unsupervised learning ones without a designated feature learning orientation perform much worse than supervised learning ones. In this paper, the goal is to achieve anomaly detection based on unsupervised learning. Generative Adversarial Network (GAN) is used as the approach, similar to unsupervised learning feature extraction methods, but it focuses more on the feature variation rate rather than using the feature outputs for further classification. The results show an innovative phenomenon in the GAN training process and achieve clear anomaly detection in unsupervised learning. The feature variations reflect the learning state of the model. The feature variations of similar images will converge in the certain learning state, while anomalies will appear as outliers. This phenomenon reveals how the model is learning, particularly about the details. The learning process of the model is intermittent and tries to learn the main features before the details. A more difficult task makes the fluctuations more significant.

Fault is extremely destructive in industrial process, and imbalanced data greatly affect the accuracy of fault diagnosis. Many methods have been proposed to deal with imbalanced data, but the concern for improving the performance of fault diagnostic networks is not enough. Therefore, novel modified conditional generative adversarial network (MCGAN) based on memristive hyperchaotic sequences and mixed-dimensional convolutional neural network (MCNN) is proposed. The 2-D data are obtained by fast Fourier transform and piecewise reconstruction of vibration signals. A novel tanh-input-type memristive hyperchaotic map is utilized to obtain chaos-based random noises. MCGAN can generate synthetic samples for augmenting the fault sample and reducing the imbalanced rate, and chaos-based random noises are used as the noise variable of MCGAN to generate high-quality synthetic samples. By cascading convolution layers with different dimensions, the lightweight MCNN is designed to improve accuracy of motor fault diagnosis. Experiments are implemented using the Case Western Reserve University and practical laboratory platform. The results show that the accuracy of the proposed method is higher than that of some diagnostic networks under imbalanced data.

The increasing connectivity of in-vehicle electronic control systems has intensified the need for robust cybersecurity solutions, especially for the Controller Area Network (CAN) bus. This study proposes a deep learning–based Intrusion Detection System (IDS) utilizing a Generative Adversarial Network (GAN) architecture to detect anomalous CAN bus traffic in real time. The GAN model is trained solely on legitimate CAN messages, enabling it to learn the underlying statistical patterns of normal communication without relying on predefined attack signatures. The proposed GAN-IDS demonstrates strong detection performance, achieving an accuracy of 98.7% and an F1-Score of 98.5%, outperforming conventional deep learning baselines. To assess deployment feasibility, the discriminator is optimized using TensorFlow Lite (TFLite) and deployed on a Raspberry Pi 4 integrated with a PiCAN2 interface. Hardware evaluation confirms real-time operation with a low detection latency of 2.9 milliseconds per message sequence. System interpretability is further enhanced through SHapley Additive exPlanations (SHAP), which identify CAN ID, engine torque, and RPM as the most influential features contributing to anomaly classification. The proposed GAN-based IDS offer a scalable, manufacturer-independent, and non-intrusive cybersecurity solution for modern Electric Vehicles. Its combination of high detection performance, real-time hardware deployment, and interpretable decision-making marks a significant step toward more intelligent and resilient security mechanisms for future connected and autonomous vehicles.

As the de-facto standard for in-vehicle networks, the Controller Area Network (CAN) is exposed to different types of cyber-attacks due to the lack of security mechanisms. Intrusion Detection Systems (IDS) can be deployed to identify the attacks by monitoring host and network activities. However, there is little abnormal historical data that can be used to train deep learning models, resulting in data imbalance and biased trained model. Hence, we propose a prediction-based IDS framework for detecting the attacks on a CAN bus, which consists of two deep-learning models of the data augmentation module and the prediction module. Firstly, the Generative Adversarial Networks (GAN) was utilized as the data augmentation module to automatically generate high-quality attack data and balance the training set. Two networks were introduced as the prediction module, and the first one is a convolutional neural networks (CNN) that predicts correlated data of all CAN IDs, and the second one is an LSTM that predicts messages individually using times series data for each CAN ID. Furthermore, an intrusion detection equipment for the CAN bus was designed and the real vehicle test was conducted. The experimental results show that the proposed method can detect CAN attacks, with an average F1-score of 99.74% and an accuracy of 99.78%. Compared with the reference work, the F1-score of attack detection is improved by 15.25%, and also the detection time is reduced by 29.11%.

The intelligent connected vehicle (ICV) has garnered considerable attention in recent years due to developments in vehicle-to-everything (V2X) technology, 5G communication networks, and more. However, the connection between the in-vehicle network (IVN) and external network exposes vehicles to potential intrusion risks. In particular, the controller area network (CAN) protocol, a typical IVN responsible for electronic control unit cooperation, lacks defense mechanisms like encryption or authentication, further making vehicles vulnerable to intrusion. Therefore, many scholars propose countermeasures to address the weakness of CAN, namely message authentication and intrusion detection systems (IDS). Given that the former may occupy extra bandwidth and computational resources, we prioritize IDS in this paper. Thus, we propose a generative adversarial network assisted contextual pattern-aware IDS (GPIDS) against several typical vehicle attacks, including bus-off, spoofing, masquerade, replay, fuzzy, and same origin method execution (SOME). The SOME attack stems from the Internet of Things field and possesses high disguise property, which can mimic physical features as normal messages in IVN, like clock skew, traffic, voltage, and so on. Notably, to the best of our knowledge, we are the first to present an IDS capable of effectively addressing SOME attacks. Extensive experiments have been conducted on four real vehicles, demonstrating that GPIDS can accurately detect the aforementioned attacks with low latency.

With the rapid advancement of digitalization and automation, modern vehicles, especially in the light commercial segment, have evolved into complex, interconnected platforms resembling mobile computing systems. This transformation has increased the dependency on in-vehicle communication networks and, as a result, exposed them to a wider range of cybersecurity threats. A fundamental aspect of the proposed method is the use of a lightweight CNN model specific for deployment in embedded automotive environments with limited computational resources and optimized for efficiency. Operating on low-power hardware platforms such as edge ECUs, the tiny device developed in this study works effectively unlike conventional deep learning architectures seeking high processing power and memory. Despite its minimal computational footprint, the model is capable of accurately distinguishing between legitimate and spoofed communication traffic, as well as detecting a variety of attack forms that target different CAN protocol components. The performance metrics of the model further highlight its effectiveness, achieving a ROC AUC Score of 0.9887, an Accuracy of 0.9887, a Precision of 0.9825, a Recall of 0.9952, and an F1-Score of 0.9888. Particularly for real-time on-vehicle intrusion detection systems, this harmony between performance and efficiency makes the strategy especially important. Just as importantly is the introduction of a specifically produced hybrid dataset, which is fundamental for system evaluation and training. The dataset aggregates synthetic generated attack scenarios with real-world spoofing, injection, and denial-of- service (DoS) conditions using actual CAN traffic acquired from a J1939-compliant light commercial vehicle. Standard 11-bit identities combined with industrial communication protocols help the dataset to reflect real-world vehicle dynamics across several ECUs under various scenarios. The model can learn fine-grained patterns often missed by conventional rule-based or manually engineered approaches by means of the image-like transformation of CAN messages—preserving bit-level and temporal information. In intelligent transportation systems, the lightweight CNN architecture and the strong dataset combine to create a scalable and deployable IDS framework that can improve in-vehicle cybersecurity.

Based on long short-term memory (LSTM), our study develops an intrusion detection system (IDS). Due to the growing dependence on Controller Area Network (CAN) bus systems and Vehicle-to-Everything (V2X) connectivity, AVs are becoming vulnerable to attacks, including Denial-of-Service (DoS), Fuzzy, and spoofing attacks. To precisely identify malicious activity, the suggested technique examines sequential AV communication data. Two LSTM layers, a dropout layer to avoid overfitting, and a Softmax classifier for multi-class classification make up the model architecture. The IDS outperforms traditional models for machine learning, such as random forest and SVM, achieving 94% accuracy, 94.5% precision, and 94.5% recall in experimental evaluation on real-world datasets. Strong anomaly detection with few false positives is ensured by the system's scalability, low latency, and suitability for implementation in real-time antivirus environments. Future studies will examine reinforcement learning for adaptive threat response mechanisms in next-generation malware cybersecurity systems, federated learning for decentralized data privacy, and GAN-based attack simulation for increased robustness.

No abstract available

Abstract: The rapid evolution of Advanced Autonomous and Connected Vehicles (AACVs) has redefinedthe future intelligenttransportation,bringingforthsignificantbenefitsintermsofsafety,efficiency,anduserconvenience.However,thisincreasedi nterconnectivityhasalsointroducedawiderangeofcybersecuritychallenges.AACVsdependheavilyoncomplexarchitecturesinvolvingElect ronic Control Units (ECUs), onboard sensors, and communication protocols such as Vehicle-to-Vehicle (V2V), Vehicle-toInfrastructure (V2I), and Vehicle-to-Grid (V2G) networks. These components make the system vulnerable to numerous cyberattacks, including GPS spoofing, Replay Attacks, Man-in-the- Middle (MITM) Attacks, Denial-of-Service (DoS) attacks, and unauthorized remote access via Software Defined Radio (SDR) devices like HackRF One. Inthisstudy,wepresentarobustmachinelearning(ML)-drivencybersecurityframeworkspecifically designed to safeguard AACVs against these sophisticated threats. Our approach integrates a multi- layered Intrusion Detection System (IDS) combining rulebased filtering with real-time anomaly detection using decision trees, ensemble methods, and Generative Adversarial Networks (GANs). To address data privacy concerns, we employ federated learning techniques that facilitate decentralized modeltrainingwithoutexposingsensitivevehiculardata. Further,oursystemarchitectureincorporatessecurediagnostics,biometricauthenticationprotocols,and advanced encryption mechanisms to defend against zero-day vulnerabilities and internal threats. Experimentalsimulationsconductedonsynthetic CANbustrafficdemonstratetheproposedmodel'sabilitytodetectandrespondtothreatswithhighaccuracyandlowlatency. Byleveragingartificialintelligence,thisresearchaimstoestablishanadaptive,scalable,andresilientcybersecurityframeworkthatevolve swithemergingthreats.Ourfindingsunderlinethecriticalroleof ML in enhancing vehicular cybersecurity and serve as a foundation for future innovations in safe, intelligent transportation systems

There has been remarkable progress in the field of deep learning, particularly in areas such as image classification, object detection, speech recognition, and natural language processing. Convolutional Neural Networks (CNNs) have emerged as a dominant model of computation in this domain, delivering exceptional accuracy in image recognition tasks. Inspired by their success, researchers have explored the application of CNNs to tabular data. However, CNNs trained on structured tabular data often yield subpar results. Hence, there has been a demonstrated gap between the performance of deep learning models and shallow models on tabular data. To that end, Tabular-to-Image (T2I) algorithms have been introduced to convert tabular data into an unstructured image format. T2I algorithms enable the encoding of spatial information into the image, which CNN models can effectively utilize for classification. In this work, we propose two novel T2I algorithms, Binary Image Encoding (BIE) and correlated Binary Image Encoding (cBIE), which preserve complex relationships in the generated image by leveraging the native binary representation of the data. Additionally, cBIE captures more spatial information by reordering columns based on their correlation to a feature. To evaluate the performance of our algorithms, we conducted experiments using four benchmark datasets, employing ResNet-50 as the deep learning model. Our results show that the ResNet-50 models trained with images generated using BIE and cBIE consistently outperformed or matched models trained on images created using the previous State of the Art method, Image Generator for Tabular Data (IGTD).

The advancement of the Internet of Vehicles (IoV) has facilitated the integration of intelligent vehicles with Internet connectivity, providing access to a wide range of services that significantly enhance vehicular applications. However, this connectivity also brings about an increased vulnerability to cyber attacks from the internet. Given the limited computing and communication resources available in vehicles, existing intrusion detection methods are ill-suited for vehicular networks. In this paper, we propose a lightweight vehicular intrusion detection method based on Edge Intelligence. The proposed method utilizes edge intelligence to achieve real-time intrusion detection in vehicles. To ensure efficient intrusion detection, we design a lightweight Convolutional Neural Networks (CNN) intrusion detection model and incorporate Auxiliary Classifier Generative Adversarial Networks (ACGAN) for model training. The CNN component will be offloaded to the Edge Cloud to further enhance intrusion detection performance. To address the task offloading optimization problem in edge computing, we introduce a deep reinforcement learning-based task offloading algorithm to allocate the resources of edge cloud for vehicles with limited computing resources. Simulation experiments demonstrate the superiority of proposed vehicular intrusion detection method over existing state-of-the-art methods. The simulation experiments by Veins also show the efficiency of the proposed vehicular intrusion detection.

Machine learning (ML) and deep learning (DL) advancements have greatly enhanced anomaly detection of network intrusion detection systems (NIDS) by empowering them to analyze Big Data and extract patterns. ML/DL-based NIDS are trained using either flow-based or packet-based features. Flow-based NIDS are suitable for offline traffic analysis, while packet-based NIDS can analyze traffic and detect attacks in real-time. Current packet-based approaches analyze packets independently, overlooking the sequential nature of network communication. This results in biased models that exhibit increased false negatives and positives. Additionally, most literature-proposed packet-based NIDS capture only payload data, neglecting crucial information from packet headers. This oversight can impair the ability to identify header-level attacks, such as denial-of-service attacks. To address these limitations, we propose a novel artificial intelligence-enabled methodological framework for packet-based NIDS that effectively analyzes header and payload data and considers temporal connections among packets. Our framework transforms sequential packets into two-dimensional images. It then develops a convolutional neural network-based intrusion detection model to process these images and detect malicious activities. Through experiments using publicly available big datasets, we demonstrate that our framework is able to achieve high detection rates of 97.7% to 99% across different attack types and displays promising resilience against adversarial examples.

The traditional vehicular ad hoc network (VANET) gradually evolved into the Internet of Vehicles (IoV), which has also become a potential target for attacks and faces security challenges in an open network environment. Intrusion detection systems (IDS) based on machine learning (ML) and deep learning (DL) are introduced to mitigate security threats. However, existing ML/DL-based IDS suffer from challenges in IoV environments. First, due to the limitations of ML/DL-based methods, classification performance is unsatisfactory when they extract only unidirectional contextual features or spatial characteristics. Second, existing research on in-vehicle network IDS often limits validation and testing to a static dataset of a single vehicle model. This approach may not adequately address diverse potential attacks in a dynamic environment. Third, few studies of hybrid IDS can simultaneously implement in-vehicle and extra-vehicle network intrusion detection. Large language models (LLM) have shown outstanding applications in fields such as natural language processing (NLP) and computer vision (CV). In particular, bidirectional encoder representations from transformers (BERT) obtain new state-of-the-art results on eleven famous NLP tasks. Consequently, this paper introduces a hybrid network IDS in IoV utilising LLM, denoted as IoV-BERT-IDS. This framework encompasses four modules: semantic extractor (SE), input embedding, IoV-BERT-IDS pre-training, and IoV-BERT-IDS fine-tuning. To conform to the BERT model, the semantic extractor is introduced to transform traffic data devoid of apparent semantics into contextual semantics, comprising bidirectional and unidirectional SE. Through SE, controller area network (CAN) data is transformed into a CAN byte sentence (CBS), while extra-vehicle network traffic data is transformed into a traffic byte sentence (TBS). Additionally, two pre-training tasks, the masked byte word model (MBWM) and next byte sentence prediction (NBSP) are proposed to acquire bidirectional contextual features from contextual semantics. These features can be adapted to downstream tasks in both in-vehicle and extra-vehicle networks through fine-tuning. Experiments demonstrate that IoV-BERT-IDS outperforms in CICIDS, BoT-IoT, Car-Hacking, and In-vehicle network intrusion detection challenge (IVN-IDS) datasets and shows good generalisation capabilities to in-vehicle networks of different vehicles.

The Controller Area Network (CAN) bus protocol is the essential communication backbone in vehicles within the Intelligent Transportation System (ITS), enabling interaction between electronic control units (ECUs). However, CAN messages lack authentication and security, making the system vulnerable to attacks such as DoS, fuzzing, impersonation, and spoofing. This paper evaluates deep learning methods to detect intrusions in the CAN bus network. Using the Car Hacking, Survival Analysis, and OTIDS datasets, we train and test models to identify automotive cyber threats. We explore recurrent neural network (RNN) variants, including LSTM, GRU, and VGG-16, to analyze temporal and spatial features in the data. LSTMs and GRUs handle long-term dependencies in sequential data, making them suitable for analyzing CAN messages. Bi-LSTMs enhance this by processing sequences in both directions, learning from past and future contexts to improve anomaly detection. Our results show that LSTM achieves 99.89% accuracy in binary classification, while VGG-16 reaches 100% accuracy in multiclass classification. These findings demonstrate the potential of deep learning techniques in improving the security and resilience of ITS by effectively detecting and mitigating CAN bus network attacks.

No abstract available

Recently, various intrusion detection systems (IDSs) have been proposed for in-vehicle networks. However, as vehicle network attacks become increasingly sophisticated, existing IDSs have shown limitations in effectively detecting new threats. In particular, supervised learning-based IDSs are incapable of detecting previously unseen attacks. On the other hand, while unsupervised learning-based IDSs can detect such attacks, they often suffer from relatively low detection performance. To address these limitations, we propose a semi-supervised generative adversarial network (SGAN)-based IDS for in-vehicle networks. In our proposed SGAN, the adversarially trained discriminator serves as an anomaly detector. Furthermore, we enhance the discriminator’s detection capability by incorporating labeled attack data during training. For instance, a discriminator trained on three distinct types of attacks can effectively detect unknown attack type. This approach enables more accurate and robust distinction between normal and attack data. Experimental results demonstrate that our proposed approach is suitable for in-vehicle network security, achieving an average detection accuracy of 99.63% and a precision of 99.52% for unknown attack types.

Vehicle-to-Everything (V2X) communication enables vehicles to communicate with other vehicles and roadside infrastructure, enhancing traffic management and improving road safety. However, the open and decentralized nature of V2X networks exposes them to various security threats, necessitating a robust misbehavior detection system (MBDS). While machine learning (ML) has proved effective in different anomaly detection applications, the existing ML-based MBDSs have shown limitations in generalizing due to the dynamic nature of V2X and insufficient and imbalanced training data. Moreover, they are known to be vulnerable to adversarial ML attacks. On the other hand, generative adversarial networks (GAN) possess the potential to mitigate such issues and improve detection performance by synthesizing unseen samples of minority classes and utilizing them during their model training. Therefore, we propose the first application of GAN to design an MBDS. Our contributions are manifold. In the pursuit of an effective GAN-based MBDS, we train and evaluate a diverse set of Wasserstein GAN (WGAN) models and present VEhicular GAN (VEHIGAN), an ensemble of multiple top-performing WGANs, which transcends the limitations of individual models and improves detection performance and adversarial robustness. We present a physics-guided data preprocessing technique that generates effective features for ML-based misbehavior detection. To evaluate the adversarial robustness, we formulate two categories of adversarial attacks against the WGAN-based MBDS. In the evaluation, we leverage the state-of-the-art V2X attack simulation tool VASP to create a comprehensive dataset of V2X messages with diverse misbehaviors. Evaluation results show that in 20 out of 35 misbehaviors, VehigAnoutperforms the baselines and exhibits comparable detection performance in other scenarios. Particularly, VehigAnexcels in detecting advanced misbehaviors that manipulate multiple fields in V2X messages simultaneously, replicating unique maneuvers. Moreover, VehigAnprovides approximately 92% improvement in false positive rates under powerful adaptive adversarial attacks and possesses intrinsic robustness against other adversarial attacks that target false negative rates. Finally, we make the data and code available for reproducibility and future benchmarking, available at https://eithub.com/shahriar0651/VehiGAN.

The fast expansion of the Internet of Vehicles (IoV) ecosystem provides new possibilities for high-speed, lowlatency connectivity using the V2X communication framework but also entails new risks and challenges, especially in security. Malicious and/or compromised nodes that provide false and fraudulent information pose a serious threat to the coordination and safety of vehicles. This article focuses on the comparative study of three prominent generative deep learning models, namely Generative Adversarial Networks (GAN), Variational Autoencoders (VAE), and Denoising Diffusion Models, in the context of real-time anomaly detection on the Internet of Vehicles (IoV) domain. We analyze the VeReMi dataset and performed simulations of the VANET scenarios in terms of detection accuracy, precision and recall, false positive rate, and inference delay. The results of the experiment show that the diffusion models provide the peak accuracy (93.7%) paired with the lowest false positive rate. However, the VAEs real-time efficiency and accuracy balance makes them the most practical candidates for edge deployment. Although the GANs are the most unstable during training, they provide remarkable recall. This article addresses the operational trade-offs of the various models and their practical viability in the deployment of safetyrelated vehicular networks.

Software-defined vehicles (SDVs) make automotive systems more intelligent and adaptable, and this transformation relies on hybrid automotive in-vehicle networks that refer to multiple protocols using automotive Ethernet (AE) or a controller area network (CAN). Numerous researchers have developed specific intrusion-detection systems (IDSs) based on ResNet18, VGG16, and Inception for AE or CANs, to improve confidentiality and integrity. Although these IDSs can be extended to hybrid automotive in-vehicle networks, these methods often overlook the requirements of real-time processing and minimizing of the false positive rate (FPR), which can lead to safety and reliability issues. Therefore, we introduced an IDS based on the Swin Transformer to bolster hybrid automotive in-vehicle network reliability and security. First, multiple messages from the traffic assembly are transformed into images and compressed via two-dimensional wavelet discrete transform (2D DWT) to minimize parameters. Second, the Swin Transformer is deployed to extract spatial and sequential features to identify anomalous patterns with its attention mechanism. To compare fairly, we re-implemented up-to-date conventional network models, including ResNet18, VGG16, and Inception. The results showed that our method could detect attacks with 99.82% accuracy and 0 FPR, which saved 14.32% in time costs and improved the accuracy by 1.60% compared to VGG16 when processing 512 messages.

With the popularity of intelligent vehicles, there are numerous concerns regarding the security of the in-vehicle networks. The Controller Area Network (CAN) is a serial communication network with simple structure while connecting Electronic Control Units (ECUs) with high reliability. However, CAN is vulnerable to cyber-attacks due to the lack of security mechanisms, so an efficient intrusion detection system (IDS) is required. In this paper, we proposed a novel intrusion detection model named C3Net. Our model consists of Convolutional Neural Network (CNN), Long Short-Term Memory (ConvLSTM) network and Convolutional Block Attention Module (CBAM). A method converting CAN messages to images is designed to enhance data robustness while encoding potential pattern information into spatial features. CAN image sequences are then fed as input of the model and Fully Connected (FC) subnetwork is used to make classification in the end. Experiments on varying key hyperparameter values were conducted using real-vehicle datasets. Our proposed C3Net achieved excellent results with the highest F1 value of 0.9677 and an average AUC value close to 1.

The Internet of Things (IoT) has gained widespread importance in recent time. However, the related issues of security and privacy persist in such IoT networks. Owing to device limitations in terms of computational power and storage, standard protection approaches cannot be deployed. In this article, we propose a lightweight distributed intrusion detection system (IDS) framework, called FCAFE‐BNET (Fog based Context Aware Feature Extraction using BranchyNET). The proposed FCAFE‐BNET approach considers versatile network conditions, such as varying bandwidths and data loads, while allocating inference tasks to cloud/edge resources. FCAFE‐BNET is able to adjust to dynamic network conditions. This can be advantageous for applications with particular quality of service requirements, such as video streaming or real‐time communication, ensuring a steady and reliable performance. Early exit deep neural networks (DNNs) have been employed for faster inference generation at the edge. Often, the weights that the model learns in the initial layer may be sufficiently qualified to perform the required classification tasks. Instead of using subsequent layers of DNNs for generating the inference, we have employed the early‐exit mechanism in the DNNs. Such DNNs help to predict a wide range of testing samples through these early‐exit branches, upon crossing a threshold. This method maintains the confidence values corresponding to the inference. Employing this approach, we achieved a faster inference, with significantly high accuracy. Comparative studies exploit manual feature extraction techniques, that can potentially overlook certain valuable patterns, thus degrading classification performance. The proposed framework converts textual/tabular data into 2‐D images, allowing the DNN model to autonomously learns its own features. This conversion scheme facilitated the identification of various intrusion types, ranging from 5 to 14 different categories. FCAFE‐BNET works for both network‐based and host‐based IDS: NIDS and HIDS. Our experiments demonstrate that, in comparison with recent approaches, FCAFE‐BNET achieves a 39.12%–50.23% reduction in the total inference time on benchmark real‐world datasets, such as: NSL‐KDD, UNSW‐NB 15, ToN_IoT, and ADFA_LD.

Due to the recent increase in the number of connected devices, the need to promptly detect security issues is emerging. Moreover, the high number of communication flows creates the necessity of processing huge amounts of data. Furthermore, the connected devices are heterogeneous in nature, having different computational capacities. For this reason, in this work we propose an image-based representation of network traffic which allows to realize a compact summary of the current network conditions with 1-second time windows. The proposed representation highlights the presence of anomalies thus reducing the need for complex processing architectures. Finally, we present an unsupervised learning approach which effectively detects the presence of anomalies. The code and the dataset are available at https://github.com/michaelneri/image-based-network-traffic-anomaly-detection.

Rising connectivity in vehicles is enabling new capabilities like connected autonomous driving and advanced driver assistance systems (ADAS) for improving the safety and reliability of next-generation vehicles. This increased access to in-vehicle functions compromises critical capabilities that use legacy invehicle networks like Controller Area Network (CAN), which has no inherent security or authentication mechanism. Intrusion detection and mitigation approaches, particularly using machine learning models, have shown promising results in detecting multiple attack vectors in CAN through their ability to generalise to new vectors. However, most deployments require dedicated computing units like GPUs to perform line-rate detection, consuming much higher power. In this paper, we present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA, which is trained and validated using the public CAN Intrusion Detection dataset. The quantised model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature. The Intrusion Detection System (IDS) execution consumes just 2.0 W with software tasks running on the ECU and achieves a 25 % reduction in per-message processing latency over the state-of-the-art implementations. This deployment allows the ECU function to coexist with the IDS with minimal changes to the tasks, making it ideal for real-time IDS in in-vehicle systems.

Rising complexity of in-vehicle electronics is enabling new capabilities like autonomous driving and active safety. However, rising automation also increases risk of security threats which is compounded by lack of in-built security measures in legacy networks like CAN, allowing attackers to observe, tamper and modify information shared over such broadcast networks. Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective. However, deploying machine learning models will require high processing power through high-end processors or GPUs to perform them close to line rate. In this paper, we propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator that implements a deep-CNN intrusion detection model. Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates while consuming 94% less energy and achieving 51.8% reduction in per-message processing latency when compared to IDS implementations on GPUs.

The proliferation of IoT devices has significantly increased network vulnerabilities, creating an urgent need for effective Intrusion Detection Systems (IDS). Machine Learning-based IDS (ML-IDS) offer advanced detection capabilities but rely on labeled attack data, which limits their ability to identify unknown threats. Self-Supervised Learning (SSL) presents a promising solution by using only normal data to detect patterns and anomalies. This paper introduces SAFE, a novel framework that transforms tabular network intrusion data into an image-like format, enabling Masked Autoencoders (MAEs) to learn robust representations of network behavior. The features extracted by the MAEs are then incorporated into a lightweight novelty detector, enhancing the effectiveness of anomaly detection. Experimental results demonstrate that SAFE outperforms the state-of-the-art anomaly detection method, Scale Learning-based Deep Anomaly Detection method (SLAD), by up to 26.2% and surpasses the state-of-the-art SSL-based network intrusion detection approach, Anomal-E, by up to 23.5% in F1-score.

Recent research has highlighted the vulnerability of in-vehicle network protocols such as controller area networks (CAN) and proposed machine learning-based intrusion detection systems (IDSs) as an effective mitigation technique. However, their efficient integration into vehicular architecture is non-trivial, with existing methods relying on electronic control units (ECUs)-coupled IDS accelerators or dedicated ECUs as IDS accelerators. Here, initiating IDS requires complete reception of a CAN message from the controller, incurring data movement and software overheads. In this paper, we present SecCAN, a novel CAN controller architecture that embeds IDS capability within the datapath of the controller. This integration allows IDS to tap messages directly from within the CAN controller as they are received from the bus, removing overheads incurred by existing ML-based IDSs. A custom-quantised machine-learning accelerator is developed as the IDS engine and embedded into SecCAN's receive data path, with optimisations to overlap the IDS inference with the protocol's reception window. We implement SecCAN on AMD XCZU7EV FPGA to quantify its performance and benefits in hardware, using multiple attack datasets. We show that SecCAN can completely hide the IDS latency within the CAN reception window for all CAN packet sizes and detect multiple attacks with state-of-the-art accuracy with zero software overheads on the ECU and low energy overhead (73.7 uJ per message) for IDS inference. Also, SecCAN incurs limited resource overhead compared to a standard CAN controller (< 30% LUT, < 1% FF), making it ideally suited for automotive deployment.