Multi-class intrusion detection system for in-vehicle networks using few-shot learning and convolutional anomaly transformer network

Modern vehicles depend on the Controller Area Network (CAN) for electronic control unit (ECU) communication, but its inherent vulnerabilities necessitate robust intrusion detection systems (IDS). Current machine learning and deep learning IDS solutions struggle with limited labeled data, class imbalances, and costly data collection processes. Few-shot learning, effective with few labeled samples, remains underexplored for in-vehicle networks (IVNs) despite its potential in data-scarce automotive cybersecurity scenarios. To bridge this gap, we introduce the first few-shot learning approach for multi-class intrusion detection in IVNs, leveraging a novel, lightweight Convolutional Anomaly Transformer. By integrating a 1D convolutional layer with an Anomaly Transformer, our model effectively classifies diverse attack types with minimal training data, mitigating class imbalance. Experiments on the widely-used real-world Car Hacking dataset, the complex ROAD dataset, and the distinct CAN-ML dataset validate its efficacy. On the Car Hacking dataset, we achieve an exceptional F1 score of 0.9994 with only 2 % of training data, improving to 0.9999 with 10 %. On the challenging ROAD dataset, characterized by diverse attacks and high variability, the model achieves an F1 score of up to 0.9980 using just 10 % of training data. Demonstrating strong generalization capabilities, the model also attains an impressive F1 score of 0.9918 on the CAN-ML dataset, which features entirely different vehicles and attack distributions. Furthermore, the lightweight architecture of our proposed IDS enables practical deployment in resource-constrained automotive environments.