In-Vehicle Intrusion Detection System Using a Generative model and Federated Learning

Abstract

Vehicles that used to rely on Mechanical Controller Units (MCUs) in the past are now equipped with numerous Electronic Controller Units (ECUs) to implement technologies such as Autonomous Driving, Advanced Driver Assistance Systems (ADAS), and Over-The-Air (OTA) for the convenience of drivers. However, this rapid growth in the use of ECUs causes an increase in access points and presents numerous vulnerabilities in vehicles. To address these vulnerabilities, Original Equipment Manufacturers (OEMs) develop and apply security modules for vehicles, such as Authentication System, Hardware Security Module (HSM), Intrusion Detection System (IDS), and so on. Among these security modules, IDS operates with a predefined detection rule set (e.g., Blacklist or Whitelist) and can be categorized into two types: Network-based IDS, which monitors the entire network, and Host-based IDS, which monitors intrusions from nodes connected to the network. Network-based IDS deployed on the Controller Area Network (CAN) bus performs a critical role in monitoring potential intruders on the CAN bus and reporting logs to an analysis server. However, due to the fact that commercial intrusion detection systems on the CAN bus detect intrusions based on a predefined detection rule set, the following issues arise. Firstly, since CAN databases vary by vehicle make and model, there is a need for rule set management and database maintenance tailored to each vehicle type and model. Second, when new types of intrusions emerge due to technological advancements, it can be challenging to detect them if the detection rules are not defined in the rule set. Therefore, in the event of new types of intrusions, it is necessary to develop a new detection rule set and update it for each vehicle, taking into account the data format. In order to implement a more practical CAN IDS, a number of Artificial Neural Network-based intrusion detection studies have been conducted. However, existing ANN-based studies still face issues of data dependency, limiting their ability to detect only the types of intrusions they have been trained on and are applicable only to the trained vehicle types. In this paper, we propose a novel intrusion detection framework to address the shortcomings of existing ANNs-based intrusion detection systems and to detect new types of intrusions more efficiently. The proposed detection framework leverages ANNs, eliminating the need for rule set management and database maintenance based on vehicle make and model. Additionally, it is designed to efficiently detect intrusions by considering the periodicity of the CAN protocol during the detection phase. Moreover, we implement a detection model that does not require additional updates for new types of intrusion by applying Federated Learning techniques. The detection performance of the proposed framework is evaluated using different data distributions of clients or by employing generated unknown attacks with a Generative Deep Neural Network model. As a result of the evaluation, the proposed framework exhibited a maximum detection performance of 97.25% in known attack scenarios. Furthermore, it achieved detection accuracy of 100% and 99.2% in two types of unknown attack detection experiments respectively, confirming the feasibility of the proposed framework.