CAN bus intrusion detection based on auxiliary classifier GAN and out-of-distribution detectionShow others and affiliations
2022 (English)In: ACM Transactions on Embedded Computing Systems, ISSN 1539-9087, E-ISSN 1558-3465, Vol. 21, no 4, article id 45Article in journal (Refereed) Published
Abstract [en]
The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle's attack surface. We address the problem of Intrusion Detection on the CAN bus and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrates that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2022. Vol. 21, no 4, article id 45
Keywords [en]
Automotive security, controller area network, deep learning, GAN, intrusion detection
National Category
Computer Engineering Computer Sciences
Identifiers
URN: urn:nbn:se:umu:diva-201369DOI: 10.1145/3540198ISI: 000865883500011Scopus ID: 2-s2.0-85142213778OAI: oai:DiVA.org:umu-201369DiVA, id: diva2:1715279
2022-12-012022-12-012023-03-24Bibliographically approved