Modern automobiles rely on CAN buses to connect Electronic Control Units (ECUs), but these connections introduce significant security vulnerabilities due to the lack of inherent security mechanisms. Intrusion Detection Systems (IDS) have become essential tools for securing CAN buses, but developing an effective IDS poses major challenges, such as achieving high detection accuracy across various attack types, ensuring real-time performance, and maintaining efficiency in resource-constrained automotive environments. To address these challenges, we propose a novel IDS based on eXtreme Gradient Boosting (XGBoost), specifically optimized for analyzing CAN bus data. Our approach incorporates tailored feature engineering techniques, including message timing analysis, arbitration priority, and payload evaluation, to effectively detect anomalies in CAN messages. The system is evaluated extensively on multiple datasets encompassing attack types such as Denial of Service (DoS), Fuzzy, Gear, and RPM manipulation. Experimental results demonstrate that our IDS achieves outstanding detection performance, with accuracy reaching up to 99% for all attack scenarios. Moreover, the IDS maintains low false positive rates and strongly generalizes unseen data. In terms of real-time performance, the system achieves detection latencies of under 35 ms for analyzing 1000 consecutive attacks and normal frames. The system operates efficiently on embedded hardware with a minimal computational overhead of 3.5% of the processing unit. These results validate the practicality and scalability of the proposed IDS for real-world automotive applications.
Ayat et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: