Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Deep Learning-based Embedded Intrusion Detection System for Automotive CAN

Shashwat Khandelwal, Eashan Wadhwa, Shreejith Shanker

TL;DR

This work tackles the security of automotive CAN by deploying a tightly integrated IDS on a hybrid-FPGA ECU, combining a CAN controller with a dedicated DPU to run a quantised deep-CNN. The QdCNN model is trained on the Car Hacking dataset and quantised for 8-bit inference, achieving an average accuracy above $99\%$ with a false detection rate around $0.64\%$, while delivering a $51.8\%$ reduction in per-message latency and a $94\%$ reduction in energy versus GPU-based deployments. The architecture supports scalable performance through parametric DPU configurations and can offload IDS tasks without disturbing normal ECU operations, making it suitable for line-rate intrusion detection in vehicles. Overall, this approach demonstrates the practicality of high-sensitivity, low-power ML-based IDS integrated directly into automotive ECUs, enabling more robust defenses for in-vehicle networks.

Abstract

Rising complexity of in-vehicle electronics is enabling new capabilities like autonomous driving and active safety. However, rising automation also increases risk of security threats which is compounded by lack of in-built security measures in legacy networks like CAN, allowing attackers to observe, tamper and modify information shared over such broadcast networks. Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective. However, deploying machine learning models will require high processing power through high-end processors or GPUs to perform them close to line rate. In this paper, we propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator that implements a deep-CNN intrusion detection model. Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates while consuming 94% less energy and achieving 51.8% reduction in per-message processing latency when compared to IDS implementations on GPUs.

Deep Learning-based Embedded Intrusion Detection System for Automotive CAN

TL;DR

This work tackles the security of automotive CAN by deploying a tightly integrated IDS on a hybrid-FPGA ECU, combining a CAN controller with a dedicated DPU to run a quantised deep-CNN. The QdCNN model is trained on the Car Hacking dataset and quantised for 8-bit inference, achieving an average accuracy above with a false detection rate around , while delivering a reduction in per-message latency and a reduction in energy versus GPU-based deployments. The architecture supports scalable performance through parametric DPU configurations and can offload IDS tasks without disturbing normal ECU operations, making it suitable for line-rate intrusion detection in vehicles. Overall, this approach demonstrates the practicality of high-sensitivity, low-power ML-based IDS integrated directly into automotive ECUs, enabling more robust defenses for in-vehicle networks.

Abstract

Rising complexity of in-vehicle electronics is enabling new capabilities like autonomous driving and active safety. However, rising automation also increases risk of security threats which is compounded by lack of in-built security measures in legacy networks like CAN, allowing attackers to observe, tamper and modify information shared over such broadcast networks. Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective. However, deploying machine learning models will require high processing power through high-end processors or GPUs to perform them close to line rate. In this paper, we propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator that implements a deep-CNN intrusion detection model. Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates while consuming 94% less energy and achieving 51.8% reduction in per-message processing latency when compared to IDS implementations on GPUs.
Paper Structure (11 sections, 1 figure, 8 tables)

This paper contains 11 sections, 1 figure, 8 tables.

Table of Contents

  1. Introduction & Related Works
  2. System Architecture
  3. IDS ECU Architecture
  4. CNN-based IDS
  5. Dataset and Training
  6. Experiments
  7. Accuracy
  8. Inference Latency, Power & Resource consumption
  9. Performance scaling using alternate DPU configurations
  10. Conclusion
  11. Acknowledgement

Figures (1)

  • Figure 1: The proposed IDS-ECU architecture with the DPU accelerator attached as a standard peripheral to the processor