Real-time Automotive Ethernet Intrusion Detection Using Sliding Window-Based Temporal Convolutional Residual Attention Networks

Abstract

As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.