CANGuard: A Spatio-Temporal CNN-GRU-Attention Hybrid Architecture for Intrusion Detection in In-Vehicle CAN Networks
The Internet of Vehicles (IoV) has become an essential component of smart transportation systems, enabling seamless interaction among vehicles and infrastructure. While this connectivity remarkably enhances mobility, safety, and transportation efficiency, it also introduces significant security vulnerabilities. Among these vulnerabilities, Denial-of-Service (DoS) and spoofing attacks targeting the Controller Area Network (CAN) bus pose severe risks that could inhibit communication between critical components of a vehicle. Such attacks may lead to system malfunctions, loss of control, or even endanger passenger safety.
In response to these pressing concerns, a novel approach named CANGuard has been developed, which is a spatio-temporal deep learning architecture. This innovative model combines Convolutional Neural Networks (CNN), Gated Recurrent Units (GRU), and an attention mechanism to effectively identify and combat intrusion attempts within in-vehicle CAN networks.
Key Features of CANGuard
- Spatio-Temporal Analysis: The architecture is designed to analyze both spatial and temporal patterns in CAN data, enabling the detection of complex attack vectors that traditional methods might overlook.
- Hybrid Architecture: By leveraging the strengths of CNNs for feature extraction and GRUs for sequence prediction, CANGuard achieves a robust detection mechanism.
- Attention Mechanism: This component improves the model’s ability to focus on the most relevant features during the detection process, enhancing overall accuracy.
Performance Evaluation
CANGuard has been rigorously trained and evaluated on the CICIoV2024 dataset. The results demonstrate the model’s competitive performance across various metrics, including:
- Accuracy
- Precision
- Recall
- F1-score
Remarkably, CANGuard outperforms existing state-of-the-art methods, showcasing its effectiveness in real-world applications. A comprehensive ablation study has been conducted to validate the individual and collective contributions of the CNN, GRU, and attention mechanisms, underscoring the importance of each component in enhancing detection capabilities.
Interpretability and Feature Importance
To further understand the model’s decision-making process, a SHAP (SHapley Additive exPlanations) analysis has been performed. This analysis helps in interpreting the model’s predictions and determining which features significantly impact the intrusion detection process. By understanding these influential features, practitioners can better refine their security measures and enhance the overall safety of in-vehicle networks.
Conclusion
CANGuard presents a promising solution for addressing security vulnerabilities in modern IoV environments. With its advanced spatio-temporal deep learning architecture, it not only ensures safer CAN bus communications but also offers scalable security enhancements. As vehicles continue to evolve into more connected systems, the implementation of robust intrusion detection systems like CANGuard will be crucial for safeguarding passenger safety and improving the resilience of smart transportation infrastructures.