CAN bus intrusion detection based on auxiliary classifier GAN and out-of-distribution detectionVisa övriga samt affilieringar
2022 (Engelska)Ingår i: ACM Transactions on Embedded Computing Systems, ISSN 1539-9087, E-ISSN 1558-3465, Vol. 21, nr 4, artikel-id 45Artikel i tidskrift (Refereegranskat) Published
Abstract [en]
The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle's attack surface. We address the problem of Intrusion Detection on the CAN bus and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrates that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.
Ort, förlag, år, upplaga, sidor
Association for Computing Machinery (ACM), 2022. Vol. 21, nr 4, artikel-id 45
Nyckelord [en]
Automotive security, controller area network, deep learning, GAN, intrusion detection
Nationell ämneskategori
Datorteknik Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:umu:diva-201369DOI: 10.1145/3540198ISI: 000865883500011Scopus ID: 2-s2.0-85142213778OAI: oai:DiVA.org:umu-201369DiVA, id: diva2:1715279
2022-12-012022-12-012023-03-24Bibliografiskt granskad