X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network

Seonghoon Jeong, Sangho Lee, Hwejae Lee, Huy Kang Kim

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)

Abstract

Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Original languageEnglish
Pages (from-to)3230-3246
Number of pages17
JournalIEEE Transactions on Vehicular Technology
Volume73
Issue number3
DOIs
Publication statusPublished - 2023 Mar 1

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

  • CAN database
  • UN Regulation No. 155 (UNR 155)
  • explainability
  • in-vehicleintrusion detection
  • self-supervised anomaly detection

ASJC Scopus subject areas

  • Aerospace Engineering
  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Automotive Engineering

Fingerprint

Dive into the research topics of 'X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network'. Together they form a unique fingerprint.

Cite this