CANShield: Deep Learning-Based Intrusion Detection Framework for Controller Area Networks at the Signal-Level

Modern vehicles rely on a fleet of electronic control units (ECUs) connected through controller area network (CAN) buses for critical vehicular control. With the expansion advanced connectivity features in automobiles and elevated risks internal system exposure, CAN bus is increasingly prone to intrusions injection attacks. As ordinary attacks disrupt typical timing properties data stream, rule-based intrusion detection systems (IDS) can easily detect them. However, attackers inject false signal/semantic level, while looking innocuous by pattern/frequency messages. The IDS, as well anomaly-based are built merely sequence messages IDs or just binary payload less effective detecting such Therefore, intelligent attacks, we propose CANShield, deep learning-based signal-level framework bus. CANShield consists three modules: preprocessing module that handles high-dimensional stream at signal level parses them into time series suitable learning model; analyzer consisting multiple autoencoder (AE) networks, each analyzing time-series from different temporal scale granularity, finally an attack uses ensemble method make final decision. Evaluation results two high-fidelity signal-based datasets show high accuracy responsiveness