Skip to main content

Single Threshold for CAN Networks

Adaptive Autoencoder-Based Intrusion Detection System with Single Threshold for CAN Networks


The controller area network (CAN) protocol, widely used for in-vehicle communication, lacks built-in security features and is inherently vulnerable to various attacks. Numerous attack techniques against CAN have been reported, leading to intrusion detection systems (IDSs) tailored for in-vehicle networks. In this study, we propose a novel lightweight unsupervised IDS for CAN networks, designed for real-time, on-device implementation. The proposed autoencoder model was trained exclusively on normal data. A portion of the attack data was utilized to determine the optimal detection threshold using a Gaussian kernel density estimation function, while the frame count was selected based on error rate analysis. Subsequently, the model was evaluated using four types of attack data that were not seen during training.

Notably, the model employs a single threshold across all attack types, enabling detection using a single model. Furthermore, the designed software model was optimized for hardware implementation and validated on an FPGA under a real-time CAN communication environment. When evaluated, the proposed system achieved an average accuracy of 99.2%, precision of 99.2%, recall of 99.1%, and F1-score of 99.2%. Furthermore, compared to existing FPGA-based IDS models, our model reduced the usage of LUTs, flip-flops, and power by average factors of 1/5, 1/6, and 1/11.

This study proposes an adaptive CAN IDS using an autoencoder model and a KDE function. As an unsupervised learning model, the autoencoder is trained exclusively on normal data. This characteristic allows the model to identify untrained attacks unlike supervised learning models. The trained autoencoder model distinguishes between normal and attack data based on the reconstruction loss, using a predefined threshold. In this study, a KDE function was applied to the loss values obtained from attack data that were not included in the test dataset, allowing a single threshold to be established for all four types of attacks.

This demonstrates that a single model can effectively detect multiple types of attacks. Additionally, by defining and comparing the ERE, the optimal number of frames for effectively distinguishing between normal and attack data was determined. The proposed model was tested using four types of attack data. The results showed average accuracy, precision, recall, and F1-score of 99.19%, 99.16%, 99.13%, and 99.14%, respectively. These findings demonstrate that the proposed model outperforms existing unsupervised learning-based IDS models. For hardware implementation, the parameters were quantized from 32-bit floating-point to 16-bit fixed-point representation, and the PLAN sigmoid approximation was adopted during the design process.

To ensure reliable validation, the FPGA board was configured with a Cortex-M3 processor, a CAN module, and the fully designed hardware model. A test environment was established by connecting a CAN transceiver chip, a PCAN interface, and the CAN bus, enabling the transmission of real-time CAN messages. Through this setup, the proposed IDS was verified to operate correctly and demonstrated reduced hardware resource usage compared to other IDS implementations. After hardware deployment, the system was tested using four types of attack data. The resulting performance metrics showed an average accuracy of 99.21%, precision of 99.18%, recall of 99.14%, and F1-score of 99.16%.

Future work will focus on improving the precision metric to 100% while maintaining the other performance indicators, with the goal of minimizing false positives and meeting the stringent reliability standards required for automotive safety systems.

temperature sensor, pressure sensor, motion sensor, proximity sensor, light sensor, gas sensor, humidity sensor, infrared sensor, touch sensor, accelerometer, gyroscope, ultrasonic sensor, biosensor, chemical sensor, optical sensor, magnetic sensor, RFID sensor, flow sensor, vibration sensor, IoT sensor

#TemperatureSensor, #PressureSensor, #MotionSensor, #ProximitySensor, #LightSensor, #GasSensor, #HumiditySensor, #InfraredSensor, #TouchSensor, #AccelerometerSensor, #GyroscopeSensor, #UltrasonicSensor, #Biosensor, #ChemicalSensor, #OpticalSensor, #MagneticSensor, #RFIDSensor, #FlowSensor, #VibrationSensor, #IoTSensor

Comments

Post a Comment

Popular posts from this blog

HealthAIoT: Revolutionizing Smart Healthcare! HealthAIoT combines Artificial Intelligence and the Internet of Things to transform healthcare through real-time monitoring, predictive analytics, and personalized treatment. It enables smarter diagnostics, remote patient care, and proactive health management, enhancing efficiency and outcomes while reducing costs. HealthAIoT is the future of connected, intelligent, and patient-centric healthcare systems. What is HealthAIoT? HealthAIoT is the convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) in the healthcare industry. It integrates smart devices, sensors, and wearables with AI-powered software to monitor, diagnose, and manage health conditions in real-time. This fusion is enabling a new era of smart, connected, and intelligent healthcare systems . Key Components IoT Devices in Healthcare Wearables (e.g., smartwatches, fitness trackers) Medical devices (e.g., glucose monitors, heart rate sensors) Rem...
Post a Comment
Read more
Detecting Co-Resident Attacks in 5G Clouds! Detecting co-resident attacks in 5G clouds involves identifying malicious activities where attackers share physical cloud resources with victims to steal data or disrupt services. Techniques like machine learning, behavioral analysis, and resource monitoring help detect unusual patterns, ensuring stronger security and privacy in 5G cloud environments. Detecting Co-Resident Attacks in 5G Clouds In a 5G cloud environment, many different users (including businesses and individuals) share the same physical infrastructure through virtualization technologies like Virtual Machines (VMs) and containers. Co-resident attacks occur when a malicious user manages to place their VM or container on the same physical server as a target. Once co-residency is achieved, attackers can exploit shared resources like CPU caches, memory buses, or network interfaces to gather sensitive information or launch denial-of-service (DoS) attacks. Why are Co-Resident Attack...
Post a Comment
Read more
                        Neural Networks Neural networks are computing systems inspired by the human brain, consisting of layers of interconnected nodes (neurons). They process data by learning patterns from input, enabling tasks like image recognition, language translation, and decision-making. Neural networks power many AI applications by adjusting internal weights through training with large datasets.                                                    Structure of a Neural Network Input Layer : This is where the network receives data. Each neuron in this layer represents a feature in the dataset (e.g., pixels in an image or values in a spreadsheet). Hidden Layers : These layers sit between the input and output layers. They perform calculations and learn patterns. The more hidden layers a ne...
Post a Comment
Read more