DivaCAN: Detecting in-vehicle intrusion attacks on a controller area network using ensemble learning

Muneeb Hassan Khan, Abdul Rehman Javed, Zafar Iqbal, Muhammad Asim, Ali Ismail Awad

Research output: Contribution to journalArticlepeer-review

Abstract

The controller area network (CAN) protocol is a critical communication mechanism in vehicular systems. However, the widespread adoption of this protocol has introduced vulnerabilities to in-vehicle communication channels, making them susceptible to various security threats, including denial-of-service, fuzzy, and impersonation attacks. There is thus an urgent need to develop effective security measures to counter these threats. Unfortunately, existing approaches to attack detection suffer from shortcomings such as suboptimal accuracy and high false-positive rates. Herein, we propose a novel methodology to address these limitations, DivaCAN. DivaCAN leverages an ensemble of classifiers, including deep neural networks, the multi-layer perceptron, the light gradient-boosting machine, extra trees, random forest, and Bagging, along with k-nearest neighbors, for intrusion-attack recognition on the CAN bus. The DivaCAN model was thoroughly evaluated, and its exceptional performance, which surpasses that of the latest methodologies, was demonstrated. It was found to achieve a precision of 94.93%, a recall of 94.98%, and an F1 score of 94.97%. One notable aspect of this research is the emphasis on achieving a low false-positive rate, which is often overlooked by other methodologies. Additionally, the DivaCAN model was found to exhibit an acceptable execution time of 406 s, highlighting the importance of considering both accuracy and efficiency when evaluating the performance of classification models. This study thus significantly enhances the security of in-vehicle communication on the CAN protocol. DivaCAN is a robust and accurate intrusion-detection system that addresses the pressing need for effective security measures in vehicular systems.

Original languageEnglish
Article number103712
JournalComputers and Security
Volume139
DOIs
Publication statusPublished - Apr 2024

Keywords

  • Automotive security
  • Autonomous vehicle security
  • Controller area network security
  • Cyber threat attacks
  • Intrusion-detection systems
  • Network traffic analysis

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'DivaCAN: Detecting in-vehicle intrusion attacks on a controller area network using ensemble learning'. Together they form a unique fingerprint.

Cite this