DST-IDS: Dynamic spatial-temporal graph-transformer network for in-vehicle network intrusion detection system

IF 6.5 2区计算机科学 Q1 TELECOMMUNICATIONS

Vehicular Communications Pub Date : 2025-08-05 DOI:10.1016/j.vehcom.2025.100962

Gaber A. Al-Absi , Yong Fang , Adnan A. Qaseem , Huda Al-Absi

{"title":"DST-IDS: Dynamic spatial-temporal graph-transformer network for in-vehicle network intrusion detection system","authors":"Gaber A. Al-Absi , Yong Fang , Adnan A. Qaseem , Huda Al-Absi","doi":"10.1016/j.vehcom.2025.100962","DOIUrl":null,"url":null,"abstract":"<div><div>The development of the Internet of Vehicles (IoV) has greatly increased connectivity, making the In-Vehicle Network (IVN) more susceptible to intrusions. Furthermore, the utilization of Electronic Control Units (ECUs) in current vehicles has experienced a significant increase, establishing the Controller Area Network (CAN) as the widely used standard in the automotive field. However, it lacks provisions for authentication. The attackers have exploited these weaknesses to launch various attacks on CAN-based IVN. Sequential data approaches such as Recurrent Neural Networks (RNNs) and Long Short-Term Memory (LSTM) have emerged as prominent approaches in this domain, contributing significantly to the evolution of the Intrusion Detection System (IDS). However, these methods are limited in feature extraction as they depend solely on previously interacted hidden states, potentially overlooking critical features. Additionally, capturing the complex spatial-temporal dynamics of CAN messages remains a significant challenge.</div><div>In response to these challenges, we propose the Dynamic Spatial-Temporal Graph-Transformer Network for In-vehicle Network Intrusion Detection System, denoted as the “DST-IDS”. It comprises three modules: a graph spatial-temporal embedding module that converts the row CAN messages correlation into latent graph representations, a spatial-temporal learning module, and a classification module. The second module utilizes a graph-transformer network to capture and learn the dynamic spatial-temporal dependencies between CAN messages. The last module classifies the learnt features into either normal or attack messages. The model was evaluated on two publicly available datasets (CAR-Hacking and IVN-IDS), achieving exceptionally high accuracy scores of 0.999999 and 0.9996, respectively. These results demonstrate that the proposed model significantly outperforms state-of-the-art methods in detection accuracy and false alarm rate for in-vehicle network intrusion detection.</div></div>","PeriodicalId":54346,"journal":{"name":"Vehicular Communications","volume":"55 ","pages":"Article 100962"},"PeriodicalIF":6.5000,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vehicular Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214209625000890","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

The development of the Internet of Vehicles (IoV) has greatly increased connectivity, making the In-Vehicle Network (IVN) more susceptible to intrusions. Furthermore, the utilization of Electronic Control Units (ECUs) in current vehicles has experienced a significant increase, establishing the Controller Area Network (CAN) as the widely used standard in the automotive field. However, it lacks provisions for authentication. The attackers have exploited these weaknesses to launch various attacks on CAN-based IVN. Sequential data approaches such as Recurrent Neural Networks (RNNs) and Long Short-Term Memory (LSTM) have emerged as prominent approaches in this domain, contributing significantly to the evolution of the Intrusion Detection System (IDS). However, these methods are limited in feature extraction as they depend solely on previously interacted hidden states, potentially overlooking critical features. Additionally, capturing the complex spatial-temporal dynamics of CAN messages remains a significant challenge.

In response to these challenges, we propose the Dynamic Spatial-Temporal Graph-Transformer Network for In-vehicle Network Intrusion Detection System, denoted as the “DST-IDS”. It comprises three modules: a graph spatial-temporal embedding module that converts the row CAN messages correlation into latent graph representations, a spatial-temporal learning module, and a classification module. The second module utilizes a graph-transformer network to capture and learn the dynamic spatial-temporal dependencies between CAN messages. The last module classifies the learnt features into either normal or attack messages. The model was evaluated on two publicly available datasets (CAR-Hacking and IVN-IDS), achieving exceptionally high accuracy scores of 0.999999 and 0.9996, respectively. These results demonstrate that the proposed model significantly outperforms state-of-the-art methods in detection accuracy and false alarm rate for in-vehicle network intrusion detection.

Abstract Image

查看原文本刊更多论文

用于车载网络入侵检测系统的动态时空图变换网络

车联网（IoV）的发展极大地增加了连接，使车载网络（IVN）更容易受到入侵。此外，电子控制单元（ecu）在当前车辆中的使用率也有了显著的提高，使控制器局域网（CAN）成为汽车领域广泛使用的标准。但是，它缺乏认证的规定。攻击者利用这些弱点对基于can的IVN发起各种攻击。序列数据方法如循环神经网络（rnn）和长短期记忆（LSTM）已成为该领域的突出方法，对入侵检测系统（IDS）的发展做出了重大贡献。然而，这些方法在特征提取方面受到限制，因为它们仅仅依赖于先前交互的隐藏状态，可能会忽略关键特征。此外，捕获CAN消息的复杂时空动态仍然是一个重大挑战。针对这些挑战，我们提出了用于车载网络入侵检测系统的动态时空图变换网络，简称“DST-IDS”。它包括三个模块：将行CAN消息相关性转换为潜在图表示的图时空嵌入模块、时空学习模块和分类模块。第二个模块利用图形转换器网络来捕获和学习CAN消息之间的动态时空依赖关系。最后一个模块将学习到的特征分为正常信息和攻击信息。该模型在两个公开可用的数据集（CAR-Hacking和IVN-IDS）上进行了评估，分别获得了0.999999和0.9996的极高准确率分数。这些结果表明，该模型在检测精度和误报率方面明显优于当前的车载网络入侵检测方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Vehicular Communications Engineering-Electrical and Electronic Engineering

CiteScore

12.70

自引率

10.40%

发文量

审稿时长

62 days

期刊介绍： Vehicular communications is a growing area of communications between vehicles and including roadside communication infrastructure. Advances in wireless communications are making possible sharing of information through real time communications between vehicles and infrastructure. This has led to applications to increase safety of vehicles and communication between passengers and the Internet. Standardization efforts on vehicular communication are also underway to make vehicular transportation safer, greener and easier. The aim of the journal is to publish high quality peer–reviewed papers in the area of vehicular communications. The scope encompasses all types of communications involving vehicles, including vehicle–to–vehicle and vehicle–to–infrastructure. The scope includes (but not limited to) the following topics related to vehicular communications: Vehicle to vehicle and vehicle to infrastructure communications Channel modelling, modulating and coding Congestion Control and scalability issues Protocol design, testing and verification Routing in vehicular networks Security issues and countermeasures Deployment and field testing Reducing energy consumption and enhancing safety of vehicles Wireless in–car networks Data collection and dissemination methods Mobility and handover issues Safety and driver assistance applications UAV Underwater communications Autonomous cooperative driving Social networks Internet of vehicles Standardization of protocols.