Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CANEDERLI: On The Impact of Adversarial Training and Transferability on CAN Intrusion Detection Systems

Francesco Marchiori, Mauro Conti

TL;DR

This work introduces CANEDERLI, a framework for evaluating how CAN-based intrusion detection systems withstand adversarial evasion and transferability across white-box and black-box settings. It combines three DL architectures (DNN, CNN, LSTM) with four evasion attacks (BIM, FGSM, PGD, RFGSM) and proposes an adaptive online adversarial training strategy that maintains baseline performance while improving robustness, outperforming traditional fine-tuning (F1 up to 0.941). Using the real-world Survival dataset, the authors demonstrate substantial vulnerability of baseline IDSs to adversarial inputs and show that transferability enables effective attacks across models and vehicle types. The open-source framework enables practitioners to reproduce, extend, and adapt resilience evaluations to varied threat landscapes, driving practical improvements in CAN security. Overall, the paper highlights the necessity of realistic threat modeling and robust training regimes to deploy reliable CAN-based IDS in connected vehicle ecosystems.

Abstract

The growing integration of vehicles with external networks has led to a surge in attacks targeting their Controller Area Network (CAN) internal bus. As a countermeasure, various Intrusion Detection Systems (IDSs) have been suggested in the literature to prevent and mitigate these threats. With the increasing volume of data facilitated by the integration of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication networks, most of these systems rely on data-driven approaches such as Machine Learning (ML) and Deep Learning (DL) models. However, these systems are susceptible to adversarial evasion attacks. While many researchers have explored this vulnerability, their studies often involve unrealistic assumptions, lack consideration for a realistic threat model, and fail to provide effective solutions. In this paper, we present CANEDERLI (CAN Evasion Detection ResiLIence), a novel framework for securing CAN-based IDSs. Our system considers a realistic threat model and addresses the impact of adversarial attacks on DL-based detection systems. Our findings highlight strong transferability properties among diverse attack methodologies by considering multiple state-of-the-art attacks and model architectures. We analyze the impact of adversarial training in addressing this threat and propose an adaptive online adversarial training technique outclassing traditional fine-tuning methodologies with F1 scores up to 0.941. By making our framework publicly available, we aid practitioners and researchers in assessing the resilience of IDSs to a varied adversarial landscape.

CANEDERLI: On The Impact of Adversarial Training and Transferability on CAN Intrusion Detection Systems

TL;DR

This work introduces CANEDERLI, a framework for evaluating how CAN-based intrusion detection systems withstand adversarial evasion and transferability across white-box and black-box settings. It combines three DL architectures (DNN, CNN, LSTM) with four evasion attacks (BIM, FGSM, PGD, RFGSM) and proposes an adaptive online adversarial training strategy that maintains baseline performance while improving robustness, outperforming traditional fine-tuning (F1 up to 0.941). Using the real-world Survival dataset, the authors demonstrate substantial vulnerability of baseline IDSs to adversarial inputs and show that transferability enables effective attacks across models and vehicle types. The open-source framework enables practitioners to reproduce, extend, and adapt resilience evaluations to varied threat landscapes, driving practical improvements in CAN security. Overall, the paper highlights the necessity of realistic threat modeling and robust training regimes to deploy reliable CAN-based IDS in connected vehicle ecosystems.

Abstract

The growing integration of vehicles with external networks has led to a surge in attacks targeting their Controller Area Network (CAN) internal bus. As a countermeasure, various Intrusion Detection Systems (IDSs) have been suggested in the literature to prevent and mitigate these threats. With the increasing volume of data facilitated by the integration of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication networks, most of these systems rely on data-driven approaches such as Machine Learning (ML) and Deep Learning (DL) models. However, these systems are susceptible to adversarial evasion attacks. While many researchers have explored this vulnerability, their studies often involve unrealistic assumptions, lack consideration for a realistic threat model, and fail to provide effective solutions. In this paper, we present CANEDERLI (CAN Evasion Detection ResiLIence), a novel framework for securing CAN-based IDSs. Our system considers a realistic threat model and addresses the impact of adversarial attacks on DL-based detection systems. Our findings highlight strong transferability properties among diverse attack methodologies by considering multiple state-of-the-art attacks and model architectures. We analyze the impact of adversarial training in addressing this threat and propose an adaptive online adversarial training technique outclassing traditional fine-tuning methodologies with F1 scores up to 0.941. By making our framework publicly available, we aid practitioners and researchers in assessing the resilience of IDSs to a varied adversarial landscape.
Paper Structure (23 sections, 3 equations, 1 figure, 5 tables)

This paper contains 23 sections, 3 equations, 1 figure, 5 tables.

Table of Contents

  1. Introduction
  2. Contribution.
  3. Organization.
  4. Related Works
  5. System and Threat Model
  6. System Model.
  7. Threat Model.
  8. Methodology
  9. Models
  10. DNN
  11. CNN
  12. LSTM
  13. Attacks
  14. Adversarial Training
  15. Evaluation
  16. ...and 8 more sections

Figures (1)

  • Figure 1: Framework overview.