Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Benchmarking Frameworks and Comparative Studies of Controller Area Network (CAN) Intrusion Detection Systems: A Review

Shaila Sharmin, Hafizah Mansor, Andi Fitriah Abdul Kadir, Normaziah A. Aziz

TL;DR

The paper addresses the fragmentation in evaluating CAN intrusion detection systems by proposing a CAN IDS evaluation design space spanning IDS type, attack model, evaluation type, workload, and evaluation metrics. It surveys existing benchmarking frameworks and comparative studies, revealing a strong bias toward anomaly-based methods, a predominance of offline evaluations, and a reliance on real-vehicle datasets with limited coverage of suspension and masquerade attacks. The authors recommend comprehensive benchmarking datasets, online evaluation methods, inclusive Layer 1 and Layer 2 benchmarking, and a richer, standardized set of metrics to enable fair comparisons and practical deployment guidance. This work aims to standardize CAN IDS evaluation, improve reproducibility, and support the selection of robust IDS solutions for automotive networks.

Abstract

The development of intrusion detection systems (IDS) for the in-vehicle Controller Area Network (CAN) bus is one of the main efforts being taken to secure the in-vehicle network against various cyberattacks, which have the potential to cause vehicles to malfunction and result in dangerous accidents. These CAN IDS are evaluated in disparate experimental conditions that vary in terms of the workload used, the features used, the metrics reported, etc., which makes direct comparison difficult. Therefore, there have been several benchmarking frameworks and comparative studies designed to evaluate CAN IDS in similar experimental conditions to understand their relative performance and facilitate the selection of the best CAN IDS for implementation in automotive networks. This work provides a comprehensive survey of CAN IDS benchmarking frameworks and comparative studies in the current literature. A CAN IDS evaluation design space is also proposed in this work, which draws from the wider CAN IDS literature. This is not only expected to serve as a guide for designing CAN IDS evaluation experiments but is also used for categorizing current benchmarking efforts. The surveyed works have been discussed on the basis of the five aspects in the design space-namely IDS type, attack model, evaluation type, workload generation, and evaluation metrics-and recommendations for future work have been identified.

Benchmarking Frameworks and Comparative Studies of Controller Area Network (CAN) Intrusion Detection Systems: A Review

TL;DR

The paper addresses the fragmentation in evaluating CAN intrusion detection systems by proposing a CAN IDS evaluation design space spanning IDS type, attack model, evaluation type, workload, and evaluation metrics. It surveys existing benchmarking frameworks and comparative studies, revealing a strong bias toward anomaly-based methods, a predominance of offline evaluations, and a reliance on real-vehicle datasets with limited coverage of suspension and masquerade attacks. The authors recommend comprehensive benchmarking datasets, online evaluation methods, inclusive Layer 1 and Layer 2 benchmarking, and a richer, standardized set of metrics to enable fair comparisons and practical deployment guidance. This work aims to standardize CAN IDS evaluation, improve reproducibility, and support the selection of robust IDS solutions for automotive networks.

Abstract

The development of intrusion detection systems (IDS) for the in-vehicle Controller Area Network (CAN) bus is one of the main efforts being taken to secure the in-vehicle network against various cyberattacks, which have the potential to cause vehicles to malfunction and result in dangerous accidents. These CAN IDS are evaluated in disparate experimental conditions that vary in terms of the workload used, the features used, the metrics reported, etc., which makes direct comparison difficult. Therefore, there have been several benchmarking frameworks and comparative studies designed to evaluate CAN IDS in similar experimental conditions to understand their relative performance and facilitate the selection of the best CAN IDS for implementation in automotive networks. This work provides a comprehensive survey of CAN IDS benchmarking frameworks and comparative studies in the current literature. A CAN IDS evaluation design space is also proposed in this work, which draws from the wider CAN IDS literature. This is not only expected to serve as a guide for designing CAN IDS evaluation experiments but is also used for categorizing current benchmarking efforts. The surveyed works have been discussed on the basis of the five aspects in the design space-namely IDS type, attack model, evaluation type, workload generation, and evaluation metrics-and recommendations for future work have been identified.
Paper Structure (28 sections, 2 figures, 3 tables)

This paper contains 28 sections, 2 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Controller Area Network
  4. CAN attack model
  5. Related works
  6. CAN intrusion detection
  7. IDS benchmarking and comparison
  8. CAN IDS evaluation design space
  9. IDS type
  10. Evaluation type
  11. Workload
  12. Attack model
  13. Evaluation metrics
  14. Survey of benchmark frameworks and comparative studies of CAN IDS
  15. Statistical intrusion detection methods
  16. ...and 13 more sections

Figures (2)

  • Figure 1: CAN IDS Evaluation Design Space
  • Figure 2: CAN IDS Workload Types