In-Vehicle Network Intrusion Detection System Using CAN Frame-Aware Features

Yeonseon Jeong, Hyunghoon Kim, Seyoung Lee, Wonsuk Choi, Dong Hoon Lee, Hyo Jin Jo

Research output: Contribution to journalArticlepeer-review


With the advancement of connected and automated vehicles (CAVs), drivers now have access to convenient features such as lane-keeping, cruise control, and more. The electronic control units (ECUs) equipped within vehicles communicate with each other through the controller area network (CAN). However, since the CAN does not possess any security mechanisms, it becomes a target for adversaries to attack. In light of this, a significant amount of research regarding intrusion detection systems (IDSs) has focused on detecting such maliciously injected CAN packets. Nevertheless, most existing machine learning-based IDSs neither calculate the exact time intervals of the CAN packets nor utilize the counter information. Precise timing intervals are a crucial feature for detecting spoofing, fuzzing, and replay attacks, and counter information is also a significant feature that can detect fuzzing and replay attacks. Therefore, in this paper, we propose a methodology for extracting two detection features that are aware of CAN frame characteristics: the interframe space (IFS) between two consecutive CAN packets, and the counter information of a CAN data payload (i.e., data field). Using these features, we introduce decision tree-based IDS. We evaluate the proposed features with popular decision tree-based models such as random forest and extreme gradient boosting (XGBoost). The results show that our proposed IDS can detect maliciously injected CAN packets with an F1 score of 99.54% in binary classification and 97.99% in multi-class classification, which are higher scores than what existing machine/deep learning-based IDSs achieve. Additionally, we measure the detection time of our proposed IDS in both online and offline testing environments.

Original languageEnglish
Pages (from-to)1-11
Number of pages11
JournalIEEE Transactions on Intelligent Transportation Systems
Publication statusAccepted/In press - 2023

Bibliographical note

Publisher Copyright:


  • Boosting
  • Controller area network
  • Decision trees
  • Feature extraction
  • Fuzzing
  • in-vehicle network
  • intrusion detection system
  • machine learning
  • Random forests
  • Standards
  • Vehicles

ASJC Scopus subject areas

  • Automotive Engineering
  • Mechanical Engineering
  • Computer Science Applications


Dive into the research topics of 'In-Vehicle Network Intrusion Detection System Using CAN Frame-Aware Features'. Together they form a unique fingerprint.

Cite this