Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid FPGAs

Shashwat Khandelwal, Shreejith Shanker

TL;DR

This work tackles CAN bus security for in-vehicle systems by deploying a lightweight, quantised MA-QCNN intrusion detector on a hybrid FPGA ECU, leveraging a DPU in the PL and ARM-based PS software. It trains on the CAR Hacking dataset using a four-CAN-ID time-series window, achieving accuracy above 99% with a false positive rate around 0.07% while consuming only about 2 W and delivering a per-message latency of roughly 0.43 ms. The approach yields a 25% reduction in per-message processing latency compared with state-of-the-art CAN IDSs and maintains competitive detection performance without requiring GPU-grade hardware. This architecture enables real-time IDS in-vehicle, coexisting with ECU tasks and potentially extending to Automotive Ethernet in future distributed intrusion detection frameworks.

Abstract

Rising connectivity in vehicles is enabling new capabilities like connected autonomous driving and advanced driver assistance systems (ADAS) for improving the safety and reliability of next-generation vehicles. This increased access to in-vehicle functions compromises critical capabilities that use legacy invehicle networks like Controller Area Network (CAN), which has no inherent security or authentication mechanism. Intrusion detection and mitigation approaches, particularly using machine learning models, have shown promising results in detecting multiple attack vectors in CAN through their ability to generalise to new vectors. However, most deployments require dedicated computing units like GPUs to perform line-rate detection, consuming much higher power. In this paper, we present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA, which is trained and validated using the public CAN Intrusion Detection dataset. The quantised model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature. The Intrusion Detection System (IDS) execution consumes just 2.0 W with software tasks running on the ECU and achieves a 25 % reduction in per-message processing latency over the state-of-the-art implementations. This deployment allows the ECU function to coexist with the IDS with minimal changes to the tasks, making it ideal for real-time IDS in in-vehicle systems.

A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid FPGAs

TL;DR

This work tackles CAN bus security for in-vehicle systems by deploying a lightweight, quantised MA-QCNN intrusion detector on a hybrid FPGA ECU, leveraging a DPU in the PL and ARM-based PS software. It trains on the CAR Hacking dataset using a four-CAN-ID time-series window, achieving accuracy above 99% with a false positive rate around 0.07% while consuming only about 2 W and delivering a per-message latency of roughly 0.43 ms. The approach yields a 25% reduction in per-message processing latency compared with state-of-the-art CAN IDSs and maintains competitive detection performance without requiring GPU-grade hardware. This architecture enables real-time IDS in-vehicle, coexisting with ECU tasks and potentially extending to Automotive Ethernet in future distributed intrusion detection frameworks.

Abstract

Rising connectivity in vehicles is enabling new capabilities like connected autonomous driving and advanced driver assistance systems (ADAS) for improving the safety and reliability of next-generation vehicles. This increased access to in-vehicle functions compromises critical capabilities that use legacy invehicle networks like Controller Area Network (CAN), which has no inherent security or authentication mechanism. Intrusion detection and mitigation approaches, particularly using machine learning models, have shown promising results in detecting multiple attack vectors in CAN through their ability to generalise to new vectors. However, most deployments require dedicated computing units like GPUs to perform line-rate detection, consuming much higher power. In this paper, we present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA, which is trained and validated using the public CAN Intrusion Detection dataset. The quantised model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature. The Intrusion Detection System (IDS) execution consumes just 2.0 W with software tasks running on the ECU and achieves a 25 % reduction in per-message processing latency over the state-of-the-art implementations. This deployment allows the ECU function to coexist with the IDS with minimal changes to the tasks, making it ideal for real-time IDS in in-vehicle systems.
Paper Structure (9 sections, 2 figures, 6 tables)

This paper contains 9 sections, 2 figures, 6 tables.

Table of Contents

  1. System Architecture
  2. Hybrid-FPGA based IDS capable ECU
  3. Dataset & Training
  4. Proposed Model
  5. Deployment and Experimental Results
  6. Inference Accuracy
  7. Latency, Power consumption & Resource utilisation
  8. Conclusion
  9. Acknowledgement

Figures (2)

  • Figure 1: Proposed system architecture of the IDS-ECU. The ML model is accelerated on the PL part of the FPGA device.
  • Figure 2: ROC curve of the MA-QCNN on the two attacks.