{"title":"基于滑动窗口的时间卷积剩余注意网络的实时汽车以太网入侵检测","authors":"Yuren Zhang, Jiapeng Xiu","doi":"10.1016/j.jisa.2025.104263","DOIUrl":null,"url":null,"abstract":"<div><div>As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104263"},"PeriodicalIF":3.7000,"publicationDate":"2025-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Real-time Automotive Ethernet Intrusion Detection Using Sliding Window-Based Temporal Convolutional Residual Attention Networks\",\"authors\":\"Yuren Zhang, Jiapeng Xiu\",\"doi\":\"10.1016/j.jisa.2025.104263\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"94 \",\"pages\":\"Article 104263\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-10-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S221421262500300X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500300X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
As vehicles become more intelligent and connected, automotive Ethernet is gradually replacing the traditional CAN bus as the backbone of in-vehicle networks. However, this transition introduces new security vulnerabilities. This paper presents a novel centralized network architecture and explores potential intrusion threats. Existing intrusion detection methods struggle to handle automotive Ethernet protocols universally and typically use a single machine learning network structure. Additionally, these models often fail to ensure temporal sensitivity and real-time performance. To address these issues, we propose Sliding Window-Based Temporal Convolutional Residual Attention Networks (SW-TempCRAN), a real-time intrusion detection system tailored for automotive Ethernet environments. SW-TempCRAN integrates several novel components, including protocol-general windowed feature extraction, time-aware positional encoding, convolutional residual attention networks and MLP classification with sequence-feature aggregation. It uses custom protocol-parsing scripts to extract key header and merge payload data, and combines Convolutional Neural Networks (CNN) with attention residual mechanisms. This design allows the model to capture attack patterns over time, identify local features and compress the computational load. We also improve positional encoding to better suit network traffic data, ensuring time sensitivity, while pre-generating the encoding matrix to avoid real-time computation complexity. Experiments on two public datasets show SW-TempCRAN outperforms state-of-the-art methods in evaluation metrics. SW-TempCRAN achieves F1-scores of 99.82 % and 98.05 % on two datasets, with a detection delay of less than 1.5 ms on a server testbed.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.