CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data
This addresses a critical security issue for automotive systems, offering a novel approach to intrusion detection, though it appears incremental as it builds on existing machine learning methods for CAN data.
The paper tackles the problem of detecting intrusions on the CAN bus in automobiles, which lacks security mechanisms, by proposing CANet, an unsupervised deep learning system that processes individual CAN messages in real-time and outperforms previous methods by a significant margin.
We propose a novel neural network architecture for detecting intrusions on the CAN bus. The Controller Area Network (CAN) is the standard communication method between the Electronic Control Units (ECUs) of automobiles. However, CAN lacks security mechanisms and it has recently been shown that it can be attacked remotely. Hence, it is desirable to monitor CAN traffic to detect intrusions. In order to detect both, known and unknown intrusion scenarios, we consider a novel unsupervised learning approach which we call CANet. To our knowledge, this is the first deep learning based intrusion detection system (IDS) that takes individual CAN messages with different IDs and evaluates them in the moment they are received. This is a significant advancement because messages with different IDs are typically sent at different times and with different frequencies. Our method is evaluated on real and synthetic CAN data. For reproducibility of the method, our synthetic data is publicly available. A comparison with previous machine learning based methods shows that CANet outperforms them by a significant margin.