Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study
Abstract
:1. Introduction
- A critical review of existing vehicular IDS to identify the research gap and develop an efficient IDS using ML.
- To the best of the authors’ knowledge, this work is the first studying multiple datasets collected from real vehicles (a Kia Soul car and a Chevrolet Spark car) to detect and classify intrusion in the vehicle.
- To develop an ML-based CAN bus IDS using three classifiers: SVM, KNN, and DT.
- Attacks detected: DoS, fuzzy, flooding, impersonation, malfunction, and attack-free state.
- Essential feature extraction to reduce system complexity and computational time.
- To achieve a high true positive rate and a low false negative rate.
2. Background and Critical Review of the Existing Research Gap
2.1. Background
- ECU
- CAN bus
2.2. Different Intrusions on Vehicle
2.3. Related Study with Research Gaps
3. Methodology
3.1. Data Description
3.1.1. Dataset 1
- DoS attack
- Fuzzy Attack
- Impersonation Attack
- Attack-Free State
3.1.2. Dataset 2
- Flooding Attack
- Fuzzy Attack
- Malfunction Attack
- Attack-Free State
3.2. Data Pre-Processing and Feature Extraction
- Timestamp: It is the recorded time (s);
- CAN ID: It is an identifier used to identify CAN message in HEX (ex. 043f);
- DLC: It is a number of data bytes ranging from 0 to 8;
- DATA [0~7]: It represents the data value (byte).
3.3. ML-Based Classification
3.3.1. SVM
3.3.2. DT
3.3.3. KNN
3.4. Performance Evaluation Matrices
- TP: Correctly predicted positive observations by the model;
- FP: Negative observations that incorrectly predicted as positive by the model;
- TN: Correctly predicted negative observations by the model;
- FN: Positive observations that incorrectly predicted as negative by the model.
4. Experimental Results
4.1. Experimental Results of Dataset 1 (KIA Soul Car)
4.1.1. SVM
4.1.2. DT
4.1.3. KNN
4.2. Experimental Results of Dataset 2 (Chevrolet Spark Car)
4.2.1. SVM
4.2.2. DT
4.2.3. KNN
5. Performance Analysis and Future Recommendations
5.1. Performance Analysis of Overall Proposed IDS
5.2. Comparison of Different Attack Detection Performances
5.3. Uncertainties and Limitations with Future Recommendations
- Misclassification issues often arise because of the similarities in attack behavior. More datasets containing similar attack characteristics used during training the network ought to be essential to overcome this issue. It is also recommended to apply deep learning algorithms that can classify data with slight differences in characteristics.
- In the widely used vehicle CAN dataset, including the datasets [34,47], there is a far difference between attack-free state dataset and attack dataset. Thus, a dataset in which all classes’ datasets are the same in their amount could be developed and applied to the ML model to boost up the overall classification efficiency.
- When a large amount of CAN data is applied in an ML-based IDS system, it could lengthen the training that leads to delay the classification process. In this case, a deep learning technique could be employed to deal with this issue since it can process a huge amount of datasets with the shortest execution time.
- Supervised ML classification techniques are used in our proposed IDS system and the systems proposed in [21,31] where only known attacks are detected. Therefore, an unsupervised classification method could be applied to investigate the detection performance using some new or unknown intrusions since unsupervised learning is a useful technique for data classification when a dataset lacks a label.
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Elkhail, A.A.; Refat, R.U.D.; Habre, R.; Hafeez, A.; Bacha, A.; Malik, H. Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses. IEEE Access 2021, 9, 162401–162437. [Google Scholar] [CrossRef]
- Park, T.J.; Han, C.S.; Lee, S.H. Development of the Electronic Control Unit for the Rack-Actuating Steer-by-Wire Using the Hardware-in-the-Loop Simulation System. Mechatronics 2005, 15, 899–918. [Google Scholar] [CrossRef]
- Ring, M.; Frkat, D.; Schmiedecker, M. Cyber Security Evaluation of Automotive E/E Architectures. In Proceedings of the ACM Computer Science in Cars Symposium (CSCS 2018), Munich, Germany, 13–14 September 2018; pp. 1–7. [Google Scholar]
- Koundal, D.; Ramadan, R.A.; Corchado, J.M.; Aldhyani, T.H.H.; Alkahtani, H. Attacks to Automatous Vehicles: A Deep Learning Algorithm for Cybersecurity. Sensors 2022, 22, 360. [Google Scholar] [CrossRef]
- Dibaei, M.; Zheng, X.; Jiang, K.; Abbas, R.; Liu, S.; Zhang, Y.; Xiang, Y.; Yu, S. Attacks and Defences on Intelligent Connected Vehicles: A Survey. Digit. Commun. Netw. 2020, 6, 399–421. [Google Scholar] [CrossRef]
- Shit, R.C.; Sharma, S.; Yelamarthi, K.; Puthal, D. AI-Enabled Fingerprinting and Crowdsource-Based Vehicle Localization for Resilient and Safe Transportation Systems. IEEE Trans. Intell. Transp. Syst. 2021, 22, 4660–4669. [Google Scholar] [CrossRef]
- Kang, M.J.; Kang, J.W. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security. PLoS ONE 2016, 11, e0155781. [Google Scholar] [CrossRef] [Green Version]
- Xu, W.; Yan, C.; Jia, W.; Ji, X.; Liu, J. Analyzing and Enhancing the Security of Ultrasonic Sensors for Autonomous Vehicles. IEEE Internet Things J. 2018, 5, 5015–5029. [Google Scholar] [CrossRef]
- Kamal, M.; Talbert, D.A. Toward Never-Ending Learner for Malware Analysis (NELMA). In Proceedings of the 2020 IEEE International Conference on Big Data, Atlanta, GA, USA, 10–13 December 2020; pp. 2291–2298. [Google Scholar] [CrossRef]
- Cai, Z.; Wang, A.; Zhang, W.; Gruffke, M.; Schweppe, H. 0-Days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars. Black Hat USA 2019, 2019, 39. [Google Scholar]
- Lee, H.; Jeong, S.H.; Kim, H.K. OTIDS: A Novel Intrusion Detection System for in-Vehicle Network by Using Remote Frame. In Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust, PST 2017, Calgary, AB, Canada, 28–30 August 2017; Institute of Electrical and Electronics Engineers Inc.: Piscataway Township, NJ, USA, 2018; pp. 57–66. [Google Scholar] [CrossRef]
- Appathurai, A.; Manogaran, G.; Chilamkurti, N. Trusted FPGA-Based Transport Traffic Inject, Impersonate (I2) Attacks Beaconing in the Internet of Vehicles. IET Netw. 2019, 8, 169–178. [Google Scholar] [CrossRef]
- Wu, W.; Huang, Y.; Kurachi, R.; Zeng, G.; Xie, G.; Li, R.; Li, K. Sliding Window Optimized Information Entropy Analysis Method for Intrusion Detection on In-Vehicle Networks. IEEE Access 2018, 6, 45233–45245. [Google Scholar] [CrossRef]
- Han, M.L.; Kwak, B., II; Kim, H.K. Event-Triggered Interval-Based Anomaly Detection and Attack Identification Methods for an In-Vehicle Network. IEEE Trans. Inf. Forensics Secur. 2021, 16, 2941–2956. [Google Scholar] [CrossRef]
- Groza, B.; Murvay, P.S. Efficient Intrusion Detection with Bloom Filtering in Controller Area Networks. IEEE Trans. Inf. Forensics Secur. 2019, 14, 1037–1051. [Google Scholar] [CrossRef]
- Noura, H.N.; Salman, O.; Couturier, R.; Chehab, A. LoRCA: Lightweight Round Block and Stream Cipher Algorithms for IoV Systems. Veh. Commun. 2022, 34, 100416. [Google Scholar] [CrossRef]
- Castiglione, A.; Palmieri, F.; Colace, F.; Lombardi, M.; Santaniello, D.; D’Aniello, G. Securing the Internet of Vehicles through Lightweight Block Ciphers. Pattern Recognit. Lett. 2020, 135, 264–270. [Google Scholar] [CrossRef]
- Mundhenk, P.; Paverd, A.; Mrowca, A.; Steinhorst, S.; Lukasiewycz, M.; Fahmy, S.A.; Chakraborty, S. Security in Automotive Networks: Lightweight Authentication and Authorization. ACM Trans. Des. Autom. Electron. Syst. 2017, 22, 1–27. [Google Scholar] [CrossRef] [Green Version]
- Sun, X.; Yan, B.; Zhang, X.; Rong, C. An Integrated Intrusion Detection Model of Cluster-Based Wireless Sensor Network. PLoS ONE 2015, 10, e0139513. [Google Scholar] [CrossRef]
- Woo, S.; Jo, H.J.; Lee, D.H. A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN. IEEE Trans. Intell. Transp. Syst. 2015, 16, 993–1006. [Google Scholar] [CrossRef]
- Moulahi, T.; Zidi, S.; Alabdulatif, A.; Atiquzzaman, M. Comparative Performance Evaluation of Intrusion Detection Based on Machine Learning in In-Vehicle Controller Area Network Bus. IEEE Access 2021, 9, 99595–99605. [Google Scholar] [CrossRef]
- Sellami, L.; Zidi, S.; Abderrahim, K. Self-Adaptative Multi-Kernel Algorithm for Switched Linear Systems Identification. Int. J. Model. Identif. Control 2019, 31, 103. [Google Scholar] [CrossRef]
- Emperuman, M.; Chandrasekaran, S. Hybrid Continuous Density Hmm-Based Ensemble Neural Networks for Sensor Fault Detection and Classification in Wireless Sensor Network. Sensors 2020, 20, 745. [Google Scholar] [CrossRef] [Green Version]
- Praveen Kumar, D.; Amgoth, T.; Annavarapu, C.S.R. Machine Learning Algorithms for Wireless Sensor Networks: A Survey. Inf. Fusion 2019, 49, 1–25. [Google Scholar] [CrossRef]
- Perakovi, D.; Delia Jurcut, A.; Markovi, G.; Jhansi Kattamuri, S.; Kiran Varma Penmatsa, R.; Chakravarty, S.; Sai Pavan Madabathula, V. Swarm Optimization and Machine Learning Applied to PE Malware Detection towards Cyber Threat Intelligence. Electronics 2023, 12, 342. [Google Scholar] [CrossRef]
- Puthal, D.; Wilson, S.; Nanda, A.; Liu, M.; Swain, S.; Sahoo, B.P.S.; Yelamarthi, K.; Pillai, P.; El-Sayed, H.; Prasad, M. Decision Tree Based User-Centric Security Solution for Critical IoT Infrastructure. Comput. Electr. Eng. 2022, 99, 107754. [Google Scholar] [CrossRef]
- He, Q.; Meng, X.; Qu, R.; Xi, R. Machine Learning-Based Detection for Cyber Security Attacks on Connected and Autonomous Vehicles. Mathematics 2020, 8, 1311. [Google Scholar] [CrossRef]
- Hafeez, A.; Topolovec, K.; Zolo, C.; Sarwar, W. State of the Art Survey on Comparison of CAN, FlexRay, LIN Protocol and Simulation of LIN Protocol. SAE Tech. Pap. 2020, 2020, 1–10. [Google Scholar] [CrossRef]
- Eiza, M.H.; Ni, Q. Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cybersecurity. IEEE Veh. Technol. Mag. 2017, 12, 45–51. [Google Scholar] [CrossRef] [Green Version]
- Haque, K.F.; Abdelgawad, A.; Yanambaka, V.P.; Yelamarthi, K. LoRa Architecture for V2X Communication: An Experimental Evaluation with Vehicles on the Move. Sensors 2020, 20, 6876. [Google Scholar] [CrossRef]
- Haque, K.F.; Abdelgawad, A.; Yanambaka, V.P.; Yelamarthi, K. A LoRa Based Reliable and Low Power Vehicle to Everything (V2X) Communication Architecture. In Proceedings of the 2020 IEEE International Symposium on Smart Electronic Systems (iSES), Chennai, India, 14–16 December 2020; pp. 177–182. [Google Scholar] [CrossRef]
- Refat, R.U.D.; Elkhail, A.A.; Hafeez, A.; Malik, H. Detecting CAN Bus Intrusion by Applying Machine Learning Method to Graph Based Features. In Intelligent Systems and Applications; Lecture Notes in Networks and Systems; Springer Science and Business Media Deutschland GmbH: Berlin/Heidelberg, Germany, 2022; Volume 296, pp. 730–748. [Google Scholar] [CrossRef]
- Alalwany, E.; Mahgoub, I. Classification of Normal and Malicious Traffic Based on an Ensemble of Machine Learning for a Vehicle CAN-Network. Sensors 2022, 22, 9195. [Google Scholar] [CrossRef]
- Wu, W.; Li, R.; Xie, G.; An, J.; Bai, Y.; Zhou, J.; Li, K. A Survey of Intrusion Detection for In-Vehicle Networks. IEEE Trans. Intell. Transp. Syst. 2020, 21, 919–933. [Google Scholar] [CrossRef]
- HCRL-CAN-Intrusion-Dataset (OTIDS). Available online: https://ocslab.hksecurity.net/Dataset/CAN-intrusion-dataset (accessed on 16 January 2023).
- Song, H.M.; Woo, J.; Kim, H.K. In-Vehicle Network Intrusion Detection Using Deep Convolutional Neural Network. Veh. Commun. 2020, 21, 100198. [Google Scholar] [CrossRef]
- Alshammari, A.; Zohdy, M.A.; Debnath, D.; Corser, G.; Alshammari, A.; Zohdy, M.A.; Debnath, D.; Corser, G. Classification Approach for Intrusion Detection in Vehicle Systems. Wirel. Eng. Technol. 2018, 9, 79–94. [Google Scholar] [CrossRef] [Green Version]
- Almaraz-Rivera, J.G.; Perez-Diaz, J.A.; Cantoral-Ceballos, J.A. Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models. Sensors 2022, 22, 3367. [Google Scholar] [CrossRef] [PubMed]
- Palanca, A.; Evenchick, E.; Maggi, F.; Zanero, S. A Stealth, Selective, Link-Layer Denial-of-Service Attack against Automotive Networks. In Proceedings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2017, Bonn, Germany, 6–7 July 2017; Volume 10327, pp. 185–206. [Google Scholar]
- Murvay, P.S.; Groza, B. Security Shortcomings and Countermeasures for the SAE J1939 Commercial Vehicle Bus Protocol. IEEE Trans. Veh. Technol. 2018, 67, 4325–4339. [Google Scholar] [CrossRef]
- Gutierrez, C.N.; Kim, T.; Corte, R.D.; Avery, J.; Goldwasser, D.; Cinque, M.; Bagchi, S. Learning from the Ones That Got Away: Detecting New Forms of Phishing Attacks. IEEE Trans. Dependable Secur. Comput. 2018, 15, 988–1001. [Google Scholar] [CrossRef]
- Kang, Q.; Huang, X.; Li, Y.; Xie, Z.; Liu, Y.; Zhou, M. Energy-Efficient Wireless Transmissions for Battery-Less Vehicle Tire Pressure Monitoring System. IEEE Access 2017, 6, 7687–7699. [Google Scholar] [CrossRef]
- Jeong, D.R.; Kim, K.; Shivakumar, B.; Lee, B.; Shin, I. Razzer: Finding Kernel Race Bugs through Fuzzing. Proc.-IEEE Symp. Secur. Priv. 2019, 2019, 754–768. [Google Scholar] [CrossRef]
- Onik, M.M.H.; Kim, C.S.; Yang, J. Personal Data Privacy Challenges of the Fourth Industrial Revolution. Int. Conf. Adv. Commun. Technol. ICACT 2019, 2019, 635–638. [Google Scholar] [CrossRef]
- Tariq, S.; Lee, S.; Kim, H.K.; Woo, S.S. Detecting In-Vehicle CAN Message Attacks Using Heuristics and RNNs. In Information and Operational Technology Security Systems; Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Berlin/Heidelberg, Germany, 2019; Volume 11398, pp. 39–45. [Google Scholar]
- Miller, C.; Valasek, C. Remote Exploitation of an Unaltered Passenger Vehicle. Black Hat USA 2015, 2015 (Suppl. 91), 1–91. [Google Scholar]
- Jichici, C.; Groza, B.; Murvay, P.S. Examining the Use of Neural Networks for Intrusion Detection in Controller Area Networks. In Proceedings of the 11th International Conference on Innovative Security Solutions for Information Technology and Communications 2018, Bucharest, Romania, 8–9 November 2018; Volume 11359, pp. 109–125. [Google Scholar] [CrossRef]
- HCRL-In-Vehicle Network Intrusion Detection Challenge. Available online: https://ocslab.hksecurity.net/Datasets/datachallenge2019/car (accessed on 16 January 2023).
- Rayhan Ahmed Mithu, M.; Kholodilo, V.; Manicavasagm, R.; Ulybyshev, D.; Rogers, M. Secure Industrial Control System with Intrusion Detection. In Proceedings of the Thirty-Third International Florida Artificial Intelligence Research Society Conference, Miami, FL, USA, 17–20 May 2020; pp. 118–123. [Google Scholar]
- Dao, T.K.; Nguyen, T.T.; Pan, J.S.; Qiao, Y.; Lai, Q.A. Identification Failure Data for Cluster Heads Aggregation in WSN Based on Improving Classification of SVM. IEEE Access 2020, 8, 61070–61084. [Google Scholar] [CrossRef]
- Zidi, S.; Moulahi, T.; Alaya, B. Fault Detection in Wireless Sensor Networks through SVM Classifier. IEEE Sens. J. 2018, 18, 340–347. [Google Scholar] [CrossRef]
Reference | Contribution | Method | Attacks | Impact Device | Strength | Limitation/Research Gap |
---|---|---|---|---|---|---|
Moulahi et al. [21], 2021 | Four ML approaches for attack detection | RF, SVM, MLP, DT | DoS, impersonation, fuzzy | CAN | Real-time application in KIA Soul car | Large amount of dataset should be used |
Liu et al. [14], 2021 | Protect CAVs against perception error attacks | Periodic event-triggered interval of the CAN message | Flooding, fuzzy, malfunction, and replay | CAN | Real-time application | Tree-based ML model’s accuracy should be increased |
Lee et al. [11], 2018 | Decide if a behavior is an attack or a normal behavior | Remote frame and data frame to create an IDS | DoS, fuzzy, and impersonation | CAN | Detects the most dangerous attacks for vehicles | It does not analyze the accuracy of attack detection to determine whether or not the proposed approach achieved the best detection performance |
Tariq et al. [45], 2018 | Network traffic signatures and NN implementation | RNNs and heuristics | DoS, fuzzy, and replay | CAN | High accuracy (99%) | This system should be applied for unknown attacks |
Miller et al. [46], 2015 | Ability to hack the car anywhere in the US | - | - | Steering and brakes | Remote car hacking | This approach is required to be validated by applying the experiment to the new and updated vehicles |
Groza and Murvay [15], 2019 | Use bloom filter which is a memory-efficient mechanism | Data frame | Replay and modification | CAN | Real-time application with 100% recall performance | They included the overload on ECU, which could affect their time response |
Jichici et al. [47], 2018 | NN implementation to classify normal and abnormal activity | NN | Replay and injection | CAN | Replaying attack detection is hard due to the high degree of similarity between genuine frames and injected frames. It performed well in this case | Large memory requirements and computational time |
Kang et al. [7], 2016 | DNN implementation to classify normal and abnormal activity | DNN | Attack and non-attack | CAN | Simple and time efficient (2–5 mS for classification) | It is required to be applied in real-time application to validate the performance |
Wu et al. [13], 2018 | Use a fixed number of messages as sliding windows | Information entropy | DoS and injection | CAN | Reduce automotive costs and computing performance | The impact of the vehicle operation state on information entropy is not considered |
Feature Number | Feature | Significance and Explanation |
---|---|---|
1 | f1 | Time stamp |
2 | f2 | Last time stamp of remote frame |
3 | f3 | Frame ID |
4 | f4 | Previous frame ID |
5 | f5 | Id of previous of previous of frame ID |
6 | f6 | ID of previous of previous of previous of frame ID |
7 | f7 | Data size in the frame |
8 | f8 | First data byte |
9 | f9 | Second data byte |
10 | f10 | Third data byte |
11 | f11 | Forth data byte |
12 | f12 | Fifth data byte |
13 | f13 | Sixth data byte |
14 | f14 | Seventh data byte |
15 | f15 | Eighth data byte |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 0.97 | 0.99 | 0.98 | 59,418 |
DoS | 0.99 | 0.99 | 0.99 | 16,212 |
Fuzzy | 1.00 | 0.96 | 0.97 | 14,699 |
Impersonation | 0.96 | 0.94 | 0.95 | 25,007 |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 1.0 | 1.0 | 1.0 | 59,418 |
DoS | 1.0 | 1.0 | 1.0 | 16,212 |
Fuzzy | 0.99 | 0.99 | 0.99 | 14,699 |
Impersonation | 0.99 | 0.99 | 0.99 | 25,007 |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 0.97 | 0.97 | 0.97 | 59,418 |
DoS | 0.99 | 0.99 | 0.99 | 16,212 |
Fuzzy | 0.99 | 0.96 | 0.97 | 14,699 |
Impersonation | 0.93 | 0.93 | 0.93 | 25,007 |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 0.91 | 0.98 | 0.94 | 18,188 |
Flooding | 0.95 | 0.91 | 0.93 | 13,251 |
Fuzzy | 1.00 | 1.00 | 1.00 | 5889 |
Malfunction | 0.96 | 0.84 | 0.90 | 7281 |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 1.0 | 1.0 | 1.0 | 18,188 |
Flooding | 1.0 | 1.0 | 1.0 | 13,251 |
Fuzzy | 1.0 | 1.0 | 1.0 | 5889 |
Malfunction | 1.0 | 1.0 | 1.0 | 7281 |
Attack | Precision | Recall | F1 Score | Samples (Testing) |
---|---|---|---|---|
No Attack | 0.98 | 0.99 | 0.98 | 18,188 |
Flooding | 0.97 | 0.97 | 0,97 | 13,251 |
Fuzzy | 1.0 | 1.0 | 1.0 | 5889 |
Malfunction | 0.97 | 0.96 | 0.97 | 7281 |
ML Techniques | Precision | Recall | Accuracy | F1 Score | Cohen’s Kappa Score | Training Time (s) | Testing Time (s) | Dataset |
---|---|---|---|---|---|---|---|---|
SVM | 0.975 | 1.0 | 0.975 | 1.0 | 0.961 | 1624 | 187 | Dataset 1 |
DT | 0.994 | 1.0 | 0.994 | 1.0 | 0.990 | 3.07 | 0.01 | |
KNN | 0.964 | 1.0 | 0.964 | 1.0 | 0.945 | 0.044 | 300 | |
SVM | 0.939 | 1.0 | 0.939 | 1.0 | 0.912 | 964 | 93 | Dataset 2 |
DT | 0.999 | 1.0 | 0.999 | 1.0 | 0.999 | 1.1 | 0.009 | |
KNN | 0.977 | 1.0 | 0.977 | 1.0 | 0.968 | 0.02 | 144 |
ML Techniques | True Positive Rate | False Negative Rate | Dataset |
---|---|---|---|
SVM | 0.975 | 0.025 | Dataset 1 |
DT | 0.994 | 0.006 | |
KNN | 0.964 | 0.036 | |
SVM | 0.939 | 0.061 | Dataset 2 |
DT | 0.999 | 0.0003 | |
KNN | 0.977 | 0.022 |
ML Techniques | Precision (%) | Recall (%) | Accuracy (%) | F1 Score | Cohen’s Kappa Score | Training Time (s) | Testing Time (s) | Total Data | |
---|---|---|---|---|---|---|---|---|---|
Proposed Work | SVM | 97.5 | 100 | 97.5 | 1.0 | 0.961 | 1624 | 187 | 461,341 |
DT | 99.4 | 100 | 99.4 | 1.0 | 0.990 | 3.07 | 0.012 | ||
KNN | 96.4 | 100 | 96.4 | 1.0 | 0.945 | 0.044 | 300 | ||
SVM | 93.9 | 100 | 93.9 | 1.0 | 0.912 | 964 | 93 | 313,930 | |
DT | 99.9 | 100 | 99.9 | 1.0 | 0.999 | 1.1 | 0.009 | ||
KNN | 97.7 | 100 | 97.7 | 1.0 | 0.968 | 0.02 | 144 | ||
Moulahi et al. [21] | SVM | 97.28 | 96.55 | 97.28 | - | - | 460.383 | 14.919 | 47,519 |
DT | 98.19 | 98.16 | 98.19 | - | - | 460.719 | 14.935 | ||
Refat et al. [32] | SVM | 98.61 | 96.09 | 97.92 | 97.26 | - | - | - | 56,256 |
KNN | 98.95 | 96.23 | 97.99 | 97.37 | - | - | - |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Bari, B.S.; Yelamarthi, K.; Ghafoor, S. Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study. Sensors 2023, 23, 3610. https://doi.org/10.3390/s23073610
Bari BS, Yelamarthi K, Ghafoor S. Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study. Sensors. 2023; 23(7):3610. https://doi.org/10.3390/s23073610
Chicago/Turabian StyleBari, Bifta Sama, Kumar Yelamarthi, and Sheikh Ghafoor. 2023. "Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study" Sensors 23, no. 7: 3610. https://doi.org/10.3390/s23073610
APA StyleBari, B. S., Yelamarthi, K., & Ghafoor, S. (2023). Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study. Sensors, 23(7), 3610. https://doi.org/10.3390/s23073610