Research on Intrusion Detection for CAN/CAN-FD Protocol Based on Transformer Encoder

doi:10.3778/j.issn.1002-8331.2406-0009

Abstract

Abstract: The CAN/CAN-FD protocol of the automotive bus transmits information in a broadcast manner, the messages are easily intercepted and are extremely vulnerable to attacks. To address the issues of intrusion detection in intelligent connected vehicles, an improved Transformer encoder-based intrusion detection model is proposed. The accuracy, precision, recall and F1 of this model exceed 99.9% for various attacks on the public dataset CAN-FD intrusion. Compared with typical models on public dataset, the experimental results show that the improved Transformer encoder is better than the comparison model in all evaluation metrics. In order to verify the generalization of this model, a real vehicle dataset is created by injecting DoS and Fuzzing attacks into the CAN/CAN-FD bus of an intelligent connected vehicle, and the model is used to detect the dataset. The experimental results demonstrate that the model has a high detection rate and good generalizability.

Key words: CAN-FD, intrusion detection, Transformer encoder, DoS attack, Fuzzing attack

摘要： 汽车总线CAN/CAN-FD协议以广播的形式传播信息，报文容易被截取，极易受到攻击。为解决智能网联汽车CAN/CAN-FD总线的入侵攻击识别问题，提出了一种改进的Transformer编码器入侵检测模型。该模型在公开数据集CAN-FD Intrusion上进行各种攻击的入侵检测，检测率、精确率、召回率和F1均超过99.9%。通过在公开数据集上与典型模型的对比评测，实验结果表明改进的Transformer编码器模型在各项评价指标均优于对比模型。为了验证此模型的泛化性，通过在智能网联汽车实车CAN/CAN-FD总线上注入DoS和Fuzzing攻击制作实车数据集，并使用该模型对数据集进行检测，实验结果表明该模型具有较高的识别率和较好的泛化性。

关键词: CAN-FD, 入侵检测, Transformer编码器, DoS攻击, Fuzzing攻击

CAO Juyang, WANG Sishan, SI Huachao, ZHANG Guihai, WU Qi, WANG Tao, WANG Wentao. Research on Intrusion Detection for CAN/CAN-FD Protocol Based on Transformer Encoder[J]. Computer Engineering and Applications, 2025, 61(18): 300-308.

曹举阳, 王思山, 司华超, 张贵海, 吴奇, 汪涛, 王文涛. 基于Transformer编码器的CAN/CAN-FD协议入侵检测研究[J]. 计算机工程与应用, 2025, 61(18): 300-308.

References

[1] RAJAPAKSHA S, KALUTARAGE H, AL-KADRI M O, et al. Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system[J]. Journal of Information Security and Applications, 2023, 77: 103570.
[2] MANSOURIAN P, ZHANG N, JAEKEL A, et al. Deep learning-based anomaly detection for connected autonomous vehicles using spatiotemporal information[J]. IEEE Transactions on Intelligent Transportation Systems, 2023, 24(12): 16006-16017.
[3] 罗峰, 胡强, 侯硕, 等. 基于支持向量机的CAN-FD网络异常入侵检测[J]. 同济大学学报 (自然科学版), 2020, 48(12): 1790-1796.
LUO F, HU Q, HOU S, et al. Anomaly intrusion detection for CAN-FD bus by support vector machine[J]. Journal of Tongji University (Natural Science), 2020, 48(12): 1790-1796.
[4] 关宇昕, 冀浩杰, 崔哲, 等. 智能网联汽车车载CAN网络入侵检测方法综述[J]. 汽车工程, 2023, 45(6): 922-935.
GUAN Y X, JI H J, CUI Z, et al. An overview of intrusion detection methods for in-vehicle CAN network of intelligent networked vehicles[J]. Automotive Engineering, 2023, 45(6): 922-935.
[5] ABU ELKHAIL A, REFAT R U D, HABRE R, et al. Vehicle security: a survey of security issues and vulnerabilities, malware attacks and defenses[J]. IEEE Access, 2021, 9: 162401-162437.
[6] BOZDAL M, SAMIE M, JENNIONS I. A survey on CAN bus protocol: attacks, challenges, and potential solutions[C]//Proceedings of the 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE). Piscataway: IEEE, 2018: 201-205.
[7] MUTTER A, BOSCH R P, HARTWICH F. Advantages of CAN FD Error detection mechanisms compared to Classical CAN[J]. CAN in Automation iCC, 2015 : 57991424.
[8] WOO S, JO H J, KIM I S, et al. A practical security architecture for in-vehicle CAN-FD[J]. IEEE Transactions on Intelligent Transportation Systems, 2016, 17(8): 2248-2261.
[9] 房杰. CAN-FD总线网络的入侵检测与容错控制研究[D]. 延吉: 延边大学, 2022.
FANG J. Intrusion detection and fault-tolerant control of CAN-FD bus networks[D]. Yanji: Yanbian University, 2022.
[10] 罗峰, 胡强, 刘宇. 基于CAN-FD总线的车载网络安全通信[J]. 同济大学学报 (自然科学版), 2019, 47(3): 386-391.
LUO F, HU Q, LIU Y. Secure communication method for in-vehicle network based on CAN-FD bus[J]. Journal of Tongji University (Natural Science), 2019, 47(3): 386-391.
[11] 余奇. 车载CAN FD通信数据加密方法的研究[D]. 重庆: 重庆邮电大学, 2018.
YU Q. Research on in-vehicle CAN FD communication data encryption method[D]. Chongqing: Chongqing University of Posts and Telecommunications, 2018.
[12] DE ANDRADE R, SANTOS M M D, JUSTO J F, et al. Security architecture for automotive communication networks with CAN FD[J]. Computers & Security, 2023, 129: 103203.
[13] ZHAO R, LUO C, GAO F, et al. Application-layer anomaly detection leveraging time-series physical semantics in CAN-FD vehicle networks[J]. Electronics, 2024, 13(2): 377.
[14] RAJAPAKSHA S, KALUTARAGE H, MADZUDZO G, et al. CAN-MIRGU: a comprehensive CAN bus attack dataset from moving vehicles for intrusion detection system evaluation[C]//Proceedings Symposium on Vehicle Security & Privacy, 2024.
[15] Hacking and Countermeasure Research Lab(HCRL). CAN-FD intrusion dataset[EB/OL]. [2024?05?17].https://ocslab.hksecurity.net/Datasets/can-fd-intrusion-dataset.
[16] MITCHELL R, CHEN I R. A survey of intrusion detection techniques for cyber-physical systems[J]. ACM Computing Surveys, 2014, 46(4): 1-29.
[17] TIAN M Q, JIANG R B, XING C Q, et al. Exploiting temperature-varied ECU fingerprints for source identification in in-vehicle network intrusion detection[C]//Proceedings of the 2019 IEEE 38th International Performance Computing and Communications Conference. Piscataway: IEEE, 2019: 1-8.
[18] SHARMIN S, MANSOR H, KADIR A F A, et al. Benchmarking frameworks and comparative studies of controller area network (CAN) intrusion detection systems: a review[J]. arXiv:2402.06904, 2024.
[19] 毛智超, 吴黎兵, 马亚军, 等. 基于DBN与带注意力机制GRU的CAN总线入侵检测模型[J]. 武汉大学学报 (理学版), 2023, 69(5): 598-608.
MAO Z C, WU L B, MA Y J, et al. Intrusion detection model for CAN bus using DBN and attention-based GRU[J]. Journal of Wuhan University (Natural Science Edition), 2023, 69(5): 598-608.
[20] LEVI M, ALLOUCHE Y, KONTOROVICH A. Advanced analytics for connected car cybersecurity[C]//Proceedings of the 2018 IEEE 87th Vehicular Technology Conference. Piscataway: IEEE, 2018: 1-7.
[21] ALFARDUS A, RAWAT D B. Intrusion detection system for CAN bus in-vehicle network based on machine learning algorithms[C]//Proceedings of the 2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference. Piscataway: IEEE, 2021: 944-949.
[22] DESTA A K, OHIRA S, ARAI I, et al. Rec-CNN: in-vehicle networks intrusion detection using convolutional neural networks trained on recurrence plots[J]. Vehicular Communications, 2022, 35: 100470.
[23] DING D F, ZHU L, XIE J Y, et al. In-vehicle network intrusion detection system based on Bi-LSTM[C]//Proceedings of the 2022 7th International Conference on Intelligent Computing and Signal Processing. Piscataway: IEEE, 2022: 580-583.
[24] NAVYA V K, ADITHI J, RUDRAWAL D, et al. Intrusion detection system using deep neural networks (DNN)[C]//Proceedings of the 2021 International Conference on Advancements in Electrical, Electronics, Communication, Computing and Automation. Piscataway: IEEE, 2021: 1-6.
[25] XIE G Q, YANG L T, YANG Y D, et al. Threat analysis for automotive CAN networks: a GAN model-based intrusion detection technique[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(7): 4467-4477.
[26] VASWANI A. Attention is all you need[J]. arXiv:1706. 03762, 2017.
[27] 黄海彬, 万良, 褚堃. 基于Transformer的入侵检测方法研究[J]. 软件导刊, 2022, 21(9): 121-128.
HUANG H B, WAN L, CHU K. Research on intrusion detection method based on transformer[J]. Software Guide, 2022, 21(9): 121-128.
[28] WEN Q, ZHOU T, ZHANG C, et al. Transformers in time series: a survey[J]. arXiv:2202.07125, 2022.
[29] LO W, ALQAHTANI H, THAKUR K, et al. A hybrid deep learning based intrusion detection system using spatial-temporal representation of in-vehicle network traffic[J]. Vehicular Communications, 2022, 35: 100471.
[30] SUN H, CHEN M M, WENG J, et al. Anomaly detection for in-vehicle network using CNN-LSTM with attention mechanism[J]. IEEE Transactions on Vehicular Technology, 2021, 70(10): 10880-10893.