Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN

Shashwat Khandelwal, Shreejith Shanker

TL;DR

This work tackles in-vehicle CAN intrusion detection by introducing a single, custom quantised MLP (CQMLP) trained to classify multiple attack vectors (DoS, fuzzing, RPM-spoofing) from CAN frames. The model is quantised to 2 bits and implemented as a dataflow hardware accelerator using the FINN framework on a Zynq XCZU7EV, integrated with an ECU for isolated IDS operation. It achieves an average detection accuracy of 99.91% with per-frame latency of 0.11 ms and energy per inference of 0.23 mJ, outperforming several GPU/CPU-based approaches in both speed and power. The results support deploying a single, multiclass IDS model across CAN networks in automotive ECUs, enabling line-rate detection with low energy and compact hardware footprints.

Abstract

Vehicles today comprise intelligent systems like connected autonomous driving and advanced driving assistance systems (ADAS) to enhance the driving experience, which is enabled through increased connectivity to infrastructure and fusion of information from different sensing modes. However, the rising connectivity coupled with the legacy network architecture within vehicles can be exploited for launching active and passive attacks on critical vehicle systems and directly affecting the safety of passengers. Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors in recent literature, whose deployments are enabled through quantised neural networks targeting low-power platforms. Multiple models are often required to simultaneously detect multiple attack vectors, increasing the area, (resource) cost, and energy consumption. In this paper, we present a case for utilising custom-quantised MLP's (CQMLP) as a multi-class classification model, capable of detecting multiple attacks from the benign flow of controller area network (CAN) messages. The specific quantisation and neural architecture are determined through a joint design space exploration, resulting in our choice of the 2-bit precision and the n-layer MLP. Our 2-bit version is trained using Brevitas and optimised as a dataflow hardware model through the FINN toolflow from AMD/Xilinx, targeting an XCZU7EV device. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages (DoS, fuzzing, and spoofing attack) with a very high accuracy of 99.9%, on par with the state-of-the-art methods in the literature. Furthermore, the dataflow model can perform line rate detection at a latency of 0.11 ms from message reception while consuming 0.23 mJ/inference, making it ideally suited for integration with an ECU in critical CAN networks.

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN

TL;DR

This work tackles in-vehicle CAN intrusion detection by introducing a single, custom quantised MLP (CQMLP) trained to classify multiple attack vectors (DoS, fuzzing, RPM-spoofing) from CAN frames. The model is quantised to 2 bits and implemented as a dataflow hardware accelerator using the FINN framework on a Zynq XCZU7EV, integrated with an ECU for isolated IDS operation. It achieves an average detection accuracy of 99.91% with per-frame latency of 0.11 ms and energy per inference of 0.23 mJ, outperforming several GPU/CPU-based approaches in both speed and power. The results support deploying a single, multiclass IDS model across CAN networks in automotive ECUs, enabling line-rate detection with low energy and compact hardware footprints.

Abstract

Vehicles today comprise intelligent systems like connected autonomous driving and advanced driving assistance systems (ADAS) to enhance the driving experience, which is enabled through increased connectivity to infrastructure and fusion of information from different sensing modes. However, the rising connectivity coupled with the legacy network architecture within vehicles can be exploited for launching active and passive attacks on critical vehicle systems and directly affecting the safety of passengers. Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors in recent literature, whose deployments are enabled through quantised neural networks targeting low-power platforms. Multiple models are often required to simultaneously detect multiple attack vectors, increasing the area, (resource) cost, and energy consumption. In this paper, we present a case for utilising custom-quantised MLP's (CQMLP) as a multi-class classification model, capable of detecting multiple attacks from the benign flow of controller area network (CAN) messages. The specific quantisation and neural architecture are determined through a joint design space exploration, resulting in our choice of the 2-bit precision and the n-layer MLP. Our 2-bit version is trained using Brevitas and optimised as a dataflow hardware model through the FINN toolflow from AMD/Xilinx, targeting an XCZU7EV device. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages (DoS, fuzzing, and spoofing attack) with a very high accuracy of 99.9%, on par with the state-of-the-art methods in the literature. Furthermore, the dataflow model can perform line rate detection at a latency of 0.11 ms from message reception while consuming 0.23 mJ/inference, making it ideally suited for integration with an ECU in critical CAN networks.
Paper Structure (14 sections, 5 figures, 6 tables)

This paper contains 14 sections, 5 figures, 6 tables.

Table of Contents

  1. Introduction & Related Works
  2. Background and Related works
  3. Controller Area Network
  4. Machine Learning based IDSs
  5. System architecture
  6. MLP model for IDS
  7. Design space exploration
  8. Dataset and Training
  9. Dataflow hardware generation and integration to ECU ECU-IDS
  10. Experimental Results
  11. Inference accuracy
  12. Inference latency
  13. Power consumption, Resource Utilisation (PS/PL)
  14. Conclusion

Figures (5)

  • Figure 1: An illustration of a simple DoS attack launched through a compromised ECU. Part (a) shows the normal communication between the ECUs, while in (b), the ECU is unable to transmit messages on the CAN bus as the compromised ECU floods the bus with high priority messages.
  • Figure 2: The proposed MLP model as a multi-attack detection IDS.
  • Figure 3: Training loss of the model for different precision of weights and activations for all the attacks.
  • Figure 4: Validation loss of the model for different precision of weights and activations for all the attacks.
  • Figure 5: The proposed IDS-ECU architecture. The ML model is accelerated on the PL part of the FPGA.