A Survey of Anomaly Detection in In-Vehicle Networks
Övgü Özdemir, M. Tuğberk İşyapar, Pınar Karagöz, Klaus Werner Schmidt, Demet Demir, N. Alpay Karagöz
TL;DR
This survey comprehensively analyzes anomaly detection in CAN bus-based in-vehicle networks, linking time-series anomaly detection foundations to CAN-specific data preparation and a taxonomy of statistical, supervised, semi-supervised, self-supervised, and unsupervised methods. It evaluates public CAN-bus datasets and compares performance across methods, highlighting that supervised models often achieve high accuracy but risk overfitting, while semi-, self-, and unsupervised approaches offer better generalization in data-scarce or unseen-attacks settings. The review also discusses data-privacy trends via federated learning and the growing demand for explainability in automotive AI, and it identifies gaps such as limited fault-condition CAN datasets. Overall, the paper provides a structured view of current techniques, datasets, and challenges, guiding future work toward more robust, privacy-preserving, and interpretable anomaly detection for vehicle networks.
Abstract
Modern vehicles are equipped with Electronic Control Units (ECU) that are used for controlling important vehicle functions including safety-critical operations. ECUs exchange information via in-vehicle communication buses, of which the Controller Area Network (CAN bus) is by far the most widespread representative. Problems that may occur in the vehicle's physical parts or malicious attacks may cause anomalies in the CAN traffic, impairing the correct vehicle operation. Therefore, the detection of such anomalies is vital for vehicle safety. This paper reviews the research on anomaly detection for in-vehicle networks, more specifically for the CAN bus. Our main focus is the evaluation of methods used for CAN bus anomaly detection together with the datasets used in such analysis. To provide the reader with a more comprehensive understanding of the subject, we first give a brief review of related studies on time series-based anomaly detection. Then, we conduct an extensive survey of recent deep learning-based techniques as well as conventional techniques for CAN bus anomaly detection. Our comprehensive analysis delves into anomaly detection algorithms employed in in-vehicle networks, specifically focusing on their learning paradigms, inherent strengths, and weaknesses, as well as their efficacy when applied to CAN bus datasets. Lastly, we highlight challenges and open research problems in CAN bus anomaly detection.