G-IDCS: Graph-Based Intrusion Detection and Classification System for CAN Protocol

Sung Bum Park, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)


The security of in-vehicle networks has become an important issue as automobiles become more connected and automated. In this paper, we propose a graph-based intrusion detection and classification system, named G-IDCS, which aims to enhance the security of the in-vehicle controller area network (CAN) protocol. Existing intrusion detection systems (IDSs) using graph theory suffer from limitations, such as requiring a large number of CAN messages for detection and being unable to classify attack types despite analyzing numerous messages. Meanwhile, machine learning or deep learning-based systems have limited sensitivity to environmental changes such as attack type change due to model overfitting, and are unable to provide explanations for classification decisions. Using various graph features, our threshold-based intrusion detection method overcomes these limitations by integrating a threshold-based IDS and a machine learning-based attack type classifier. Our threshold-based intrusion detection method of G-IDCS reduces the number of CAN messages required for detection by more than 1/30 and improves the accuracy of combined attack detection by over 9% compared to an existing intrusion detection method that uses graph theory. Furthermore, unlike existing machine learning and deep learning-based intrusion detection systems, our threshold classifier is robust to changes in attack types and can provide explanations for the features used in attack detection. In addition, our machine learning-based attack type classifier outperforms existing techniques in all performance metrics and can serve as a digital forensic tool for investigating cyber attacks on in-vehicle networks. Using the classifier to identify attack types can facilitate the design of corresponding protection methods, thereby enhancing the security of in-vehicle networks.

Original languageEnglish
Pages (from-to)39213-39227
Number of pages15
JournalIEEE Access
Publication statusPublished - 2023

Bibliographical note

Publisher Copyright:
© 2013 IEEE.


  • Attack type classification
  • controller area network
  • graph theory
  • in-vehicle CAN security
  • intrusion detection system

ASJC Scopus subject areas

  • General Engineering
  • General Materials Science
  • General Computer Science


Dive into the research topics of 'G-IDCS: Graph-Based Intrusion Detection and Classification System for CAN Protocol'. Together they form a unique fingerprint.

Cite this