BEPCD: an ensemble learning-based intrusion detection framework for in-vehicle CAN bus.

With the rapid development and widespread adoption of intelligent vehicles and the Internet of Vehicles (IoV), vehicle security has become a growing concern. Modern vehicles manage key components via the controller area network (CAN) connected electronic control units (ECUs). CAN bus intrusion techniques are the primary methods of compromising the IoV, posing a significant threat to the normal operation of critical vehicle systems, such as the power systems. However, existing attack detection methods still have shortcomings in terms of feature extraction and the diversity of attack type detection. To address these challenges, we propose an intrusion detection framework named basic ensemble and pioneer class decision (BEPCD). The framework first constructs a 15-dimensional feature model to hierarchically characterize CAN bus messages. Subsequently, BEPCD incorporates multi-model ensemble learning enhanced by a Pioneer class selector and confidence-driven voting mechanisms, enabling precise classification of both conventional and emerging attack patterns. Additionally, we analyze the importance of different data features across four machine learning algorithms. Experimental results on public datasets demonstrate that the proposed detection framework effectively detects intrusions in-vehicle CAN bus. Compared to other intrusion detection frameworks, our framework improves the overall F1-score by 1% to 5%. Notably, it achieves an approximately 77.5% performance enhancement in detecting replay attacks.