Skip to main content

Single Threshold for CAN Networks

Adaptive Autoencoder-Based Intrusion Detection System with Single Threshold for CAN Networks


The controller area network (CAN) protocol, widely used for in-vehicle communication, lacks built-in security features and is inherently vulnerable to various attacks. Numerous attack techniques against CAN have been reported, leading to intrusion detection systems (IDSs) tailored for in-vehicle networks. In this study, we propose a novel lightweight unsupervised IDS for CAN networks, designed for real-time, on-device implementation. The proposed autoencoder model was trained exclusively on normal data. A portion of the attack data was utilized to determine the optimal detection threshold using a Gaussian kernel density estimation function, while the frame count was selected based on error rate analysis. Subsequently, the model was evaluated using four types of attack data that were not seen during training.

Notably, the model employs a single threshold across all attack types, enabling detection using a single model. Furthermore, the designed software model was optimized for hardware implementation and validated on an FPGA under a real-time CAN communication environment. When evaluated, the proposed system achieved an average accuracy of 99.2%, precision of 99.2%, recall of 99.1%, and F1-score of 99.2%. Furthermore, compared to existing FPGA-based IDS models, our model reduced the usage of LUTs, flip-flops, and power by average factors of 1/5, 1/6, and 1/11.

This study proposes an adaptive CAN IDS using an autoencoder model and a KDE function. As an unsupervised learning model, the autoencoder is trained exclusively on normal data. This characteristic allows the model to identify untrained attacks unlike supervised learning models. The trained autoencoder model distinguishes between normal and attack data based on the reconstruction loss, using a predefined threshold. In this study, a KDE function was applied to the loss values obtained from attack data that were not included in the test dataset, allowing a single threshold to be established for all four types of attacks.

This demonstrates that a single model can effectively detect multiple types of attacks. Additionally, by defining and comparing the ERE, the optimal number of frames for effectively distinguishing between normal and attack data was determined. The proposed model was tested using four types of attack data. The results showed average accuracy, precision, recall, and F1-score of 99.19%, 99.16%, 99.13%, and 99.14%, respectively. These findings demonstrate that the proposed model outperforms existing unsupervised learning-based IDS models. For hardware implementation, the parameters were quantized from 32-bit floating-point to 16-bit fixed-point representation, and the PLAN sigmoid approximation was adopted during the design process.

To ensure reliable validation, the FPGA board was configured with a Cortex-M3 processor, a CAN module, and the fully designed hardware model. A test environment was established by connecting a CAN transceiver chip, a PCAN interface, and the CAN bus, enabling the transmission of real-time CAN messages. Through this setup, the proposed IDS was verified to operate correctly and demonstrated reduced hardware resource usage compared to other IDS implementations. After hardware deployment, the system was tested using four types of attack data. The resulting performance metrics showed an average accuracy of 99.21%, precision of 99.18%, recall of 99.14%, and F1-score of 99.16%.

Future work will focus on improving the precision metric to 100% while maintaining the other performance indicators, with the goal of minimizing false positives and meeting the stringent reliability standards required for automotive safety systems.

temperature sensor, pressure sensor, motion sensor, proximity sensor, light sensor, gas sensor, humidity sensor, infrared sensor, touch sensor, accelerometer, gyroscope, ultrasonic sensor, biosensor, chemical sensor, optical sensor, magnetic sensor, RFID sensor, flow sensor, vibration sensor, IoT sensor

#TemperatureSensor, #PressureSensor, #MotionSensor, #ProximitySensor, #LightSensor, #GasSensor, #HumiditySensor, #InfraredSensor, #TouchSensor, #AccelerometerSensor, #GyroscopeSensor, #UltrasonicSensor, #Biosensor, #ChemicalSensor, #OpticalSensor, #MagneticSensor, #RFIDSensor, #FlowSensor, #VibrationSensor, #IoTSensor

Comments

Post a Comment

Popular posts from this blog

 How Network Polarization Shapes Our Politics! Network polarization amplifies political divisions by clustering like-minded individuals into echo chambers, where opposing views are rarely encountered. This reinforces biases, reduces dialogue, and deepens ideological rifts. Social media algorithms further intensify this divide, shaping public opinion and influencing political behavior in increasingly polarized and fragmented societies. Network polarization refers to the phenomenon where social networks—both offline and online—become ideologically homogenous, clustering individuals with similar political beliefs together. This segregation leads to the formation of echo chambers , where people are primarily exposed to information that reinforces their existing views and are shielded from opposing perspectives. In political contexts, such polarization has profound consequences: Reinforcement of Biases : When individuals only interact with like-minded peers, their existing beliefs bec...
Post a Comment
Read more

Quantum Network Nodes

An operating system for executing applications on quantum network nodes The goal of future quantum networks is to enable new internet applications that are impossible to achieve using only classical communication . Up to now, demonstrations of quantum network applications  and functionalities   on quantum processors have been performed in ad hoc software that was specific to the experimental setup, programmed to perform one single task (the application experiment) directly into low-level control devices using expertise in experimental physics.  Here we report on the design and implementation of an architecture capable of executing quantum network applications on quantum processors in platform-independent high-level software. We demonstrate the capability of the architecture to execute applications in high-level software by implementing it as a quantum network operating system-QNodeOS-and executing test programs, including a delegated computation from a client to a server ...
Post a Comment
Read more

Global Lighthouse Network

Smart, sustainable manufacturing: 3 lessons from the Global Lighthouse Network Launched in 2018, when more than 70% of factories struggled to scale digital transformation beyond isolated pilots, the Global Lighthouse Network set out to identify the world’s most advanced production sites and create a shared learning journey to up-level the global manufacturing community. In the past seven years, the network has grown from 16 to 201 industrial sites in more than 30 countries and 35 sectors, including the latest cohort of 13 new sites. This growing community of organizations is setting new standards for operational excellence, leveraging advanced technologies to drive growth, productivity, resilience and environmental sustainability. But what exactly is a Global Lighthouse and what has the network achieved? What is the Global Lighthouse Network? The Global Lighthouse Network is a community of operational facilities and value chains that harness digital technologies at scale to ac...
Post a Comment
Read more