An Anomaly Detection Method Based on Multiple LSTM-Autoencoder Models for In-Vehicle Network
Taeguen Kim, Jiyoon Kim, Ilsun You- Electrical and Electronic Engineering
- Computer Networks and Communications
- Hardware and Architecture
- Signal Processing
- Control and Systems Engineering
The CAN (Controller Area Network) protocol is widely adopted for in-vehicle networks due to its cost efficiency and reliable transmission. However, despite its popularity, the protocol lacks built-in security mechanisms, making it vulnerable to attacks such as flooding, fuzzing, and DoS. These attacks can exploit vulnerabilities and disrupt the expected behavior of the in-vehicle network. One of the main reasons for these security concerns is that the protocol relies on broadcast frames for communication between ECUs (Electronic Control Units) within the network. To tackle this issue, we present an intrusion detection system that leverages multiple LSTM-Autoencoders. The proposed system utilizes diverse features, including transmission interval and payload value changes, to capture various characteristics of normal network behavior. The system effectively detects anomalies by analyzing different types of features separately using the LSTM-Autoencoder model. In our evaluation, we conducted experiments using real vehicle network traffic, and the results demonstrated the system’s high precision with a 99% detection rate in identifying anomalies.