A GRU-Based Lightweight System for CAN Intrusion Detection in Real Time

Ma, Haoyu; Cao, Jianqiu; Mi, Bo; Huang, Darong; Liu, Yang; Li, Shaoqian

doi:10.1155/2022/5827056

Cited by 18 publications

(17 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, Deep Learning(DL)-based methods have been proposed with outstanding performance. Ma et al [26] proposed a supervised learning model, by combining a Gated Recurrent Unit(GRU)-based network and a low complexity feature extraction algorithm to detect automotive network attacks. Ale et al [27] developed an IDS using Deep Bayesian Learning (DBL) to detect and analyze automobile hacking attacks.…”

Section: Machine-learning-based Intrusion Detection Systems For In-ve...mentioning

confidence: 99%

“…However, most of them are only designed for a specific network environment as they are trained on a benchmark dataset that was generated under a designed circumstance and lack generalization ability for tasks from various attack scenarios. [21], [22], [24], [25], [26], [29]. Additionally, the huge computational resources and time cost needed by them to train a model [22] No High High High Moulahi et al [24] No Low High High Fenzl et al [25] No Low High High Ma et al [26] No High High High Ale et al [27] No Low High High Xiao et al [28] No High High High Shi et al [29] No Low High Low Desta et al [30] No Low High Low Ashraf et al [31] No Low High Low Yang et al [ on a high-volume dataset cannot be ignored.…”

Section: Literature Comparisonmentioning

confidence: 99%

See 1 more Smart Citation

Meta-IDS: Meta-Learning Automotive Intrusion Detection Systems with Adaptive and Learnable

Wang,

Li,

Huang

et al. 2024

Preprint

View full text Add to dashboard Cite

In the rapidly evolving landscape of vehicular communications, the widespread use of the Controller Area Network (CAN) in modern vehicles has revealed significant security vulnerabilities. However, existing Intrusion Detection Systems (IDS) struggle to adapt to varied attack scenarios and precisely detect low-volume attacks. In this paper, we introduce a novel IDS that employs meta-learning via the Meta-SGD algorithm, enhancing adaptability across a diverse spectrum of cyber threats, called Meta-IDS. Specifically, our methodology includes a bi-level optimization technique where the inner level focuses on optimizing detection accuracy for specific attack scenarios, and the outer level adjusts meta-parameters to ensure generalizability across different scenarios. For modeling low-volume attacks, we devise the Attack Prominence Score (APS), identifying subtle attack patterns with a threshold of APS \(\textgreater\) 7, allowing for precise differentiation of these attacks. The extensive experiment results show that the proposed method facilitates efficient tuning and rapid adaptation for different modeling paradigms in few-shot scenarios. The detection performance is exceptional, with F1-scores reaching 100% across most attack scenarios, including low-volume attacks. Also, the real-time vehicle-level evaluations demonstrate its adaptability for the vehicular networks.

show abstract

Section: Machine-learning-based Intrusion Detection Systems For In-ve...mentioning

confidence: 99%

Section: Literature Comparisonmentioning

confidence: 99%

Meta-IDS: Meta-Learning Automotive Intrusion Detection Systems with Adaptive and Learnable

Wang,

Li,

Huang

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Input Features Used GIDS [30] CAN ID DCNN [13] CAN ID Rec-CNN [38] CAN ID G-IDCS [28] CAN ID TAN-IDS [29] CAN ID iForest [35] Data Field MLIDS [36] CAN ID + Data Field NovelADS [32] CAN ID + Data Field TCAN-IDS [31] CAN ID + Data Field MTH-IDS [37] CAN ID + Data Field HyDL-IDS [33] CAN ID + Data Field + DLC GRU [34] CAN ID + Data Field + DLC CQMLP-IDS (proposed) CAN ID + Data Field IDS using deep convolutional neural networks. They achieve over 99% accuracy for DoS, fuzzing & spoofing attacks.…”

Section: Modelsmentioning

confidence: 99%

“…In [30], the authors propose a GAN-based IDS and achieve an average accuracy of 97.5% for the same attacks. More complex ML architectures like temporal convolution with global attention [31], a combination of convolutional neural networks (CNN) and long short-term memory (LSTM) cells using both supervised and unsupervised approaches [32], [33], gated recurrent units (GRU) networks [34] have been shown to improve detection accuracy. In [35], the authors use an iForest anomaly detection algorithm as an intrusion prevention system (IPS) to detect fuzzing and spoofing (RPM & Gear) attacks and mark the message as an error preventing its propagation to other ECUs; however, this can cause multiple messages to be dropped from the bus in case of false positives or DoS attacks.…”

Section: Modelsmentioning

confidence: 99%

“…The key challenge of ML-based approaches is their deployment as an in-vehicle ECU. Most approaches rely on high-performance GPUs to meet the inference deadlines [13], [30]- [32], [34], [36], while others rely on dedicating full ECUs for IDS [35], [37]; both approaches incur additional overheads in energy budget and weight, making them less suited for distributing IDS among different network segments. Similarly, almost all methods presented in the literature require multiple uniquely trained models to detect all possible threat vectors, which incur much higher resources and energy than a singular model which can classify multiple threat vectors.…”

Section: Modelsmentioning

confidence: 99%

See 1 more Smart Citation

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN

Khandelwal,

Shreejith

2023

2023 33rd International Conference on Field-Programmable Logic and Applications (FPL)

View full text Add to dashboard Cite

Vehicles today comprise intelligent systems like connected autonomous driving and advanced driving assistance systems (ADAS) to enhance the driving experience, which is enabled through increased connectivity to infrastructure and fusion of information from different sensing modes. However, the rising connectivity coupled with the legacy network architecture within vehicles can be exploited for launching active and passive attacks on critical vehicle systems and directly affecting the safety of passengers. Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors in recent literature, whose deployments are enabled through quantised neural networks targeting low-power platforms. Multiple models are often required to simultaneously detect multiple attack vectors, increasing the area, (resource) cost, and energy consumption. In this paper, we present a case for utilising custom-quantised MLP's (CQMLP) as a multi-class classification model, capable of detecting multiple attacks from the benign flow of controller area network (CAN) messages. The specific quantisation and neural architecture are determined through a joint design space exploration, resulting in our choice of the 2-bit precision and the n-layer MLP. Our 2-bit version is trained using Brevitas and optimised as a dataflow hardware model through the FINN toolflow from AMD/Xilinx, targeting an XCZU7EV device. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages (DoS, fuzzing, and spoofing attack) with a very high accuracy of 99.9%, on par with the state-of-the-art methods in the literature. Furthermore, the dataflow model can perform line rate detection at a latency of 0.11 ms from message reception while consuming 0.23 mJ/inference, making it ideally suited for integration with an ECU in critical CAN networks.

show abstract