Enhancing real-time intrusion detection system for in-vehicle networks by employing novel feature engineering techniques and lightweight modeling

Abstract

Autonomous vehicles are built using a variety of electronic control units (ECUs) that communicate over a controller area network (CAN). A CAN enables the communication of data between ECUs to guarantee safety, assist drivers, and perform different functions. Nevertheless, a CAN lacks built-in security measures, which makes it susceptible to cyberattacks. A significant amount of existing research on intrusion detection systems (IDSs) is aimed at enhancing the security of a CAN by identifying and detecting unauthorized packet injections. However, the majority of machine/deep learning-based IDSs have difficulty sufficiently addressing latency. To address this issue, we propose a novel IDS framework that introduces two distinctive features. The first feature is the utility of data entropy, which is dynamically recalculated as new data arrives to capture unpredictable variations in the data payload. The second feature is an anomaly score, combining data entropy and time interval entropy to detect abnormal patterns in CAN communication. We validated the significance of these features using SHapley Additive exPlanations (SHAP) analysis. These features are integrated into a lightweight deep learning-based IDS model, specifically designed for resource-constrained environments. This integration significantly improves detection accuracy and operational efficiency. Our approach is validated using two well-known public datasets, car hacking: attack & defense challenge and car-hacking datasets. It shows significant detection capabilities with accuracies of 0.9946 and 0.9995 and F1 scores of 0.9945 and 0.9995, respectively. Also, our IDS achieves an effectively low inference latency of only 0.17 milliseconds, surpassing the performance of existing machine/deep learning-based IDSs.