Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Anomaly Detection System Based on Generative Classifiers for Controller Area Network

Chunheng Zhao, Stefano Longari, Michele Carminati, Pierluigi Pisu

TL;DR

The paper tackles CAN bus security by introducing a deep generative classifier for anomaly detection, grounded in a deep latent variable model and a causal graph. It uses variational Bayes to estimate conditional probabilities, with a variational autoencoder architecture that handles latent factors and perturbations during inference. Evaluations on the Car-hacking dataset show the approach achieves near-perfect accuracy and remarkably low false positives, outperforming several state-of-the-art IDS methods while requiring relatively small training data. This method has practical potential for robust onboard CAN security and offers avenues for future exploration in real-world datasets and explainability.

Abstract

As electronic systems become increasingly complex and prevalent in modern vehicles, securing onboard networks is crucial, particularly as many of these systems are safety-critical. Researchers have demonstrated that modern vehicles are susceptible to various types of attacks, enabling attackers to gain control and compromise safety-critical electronic systems. Consequently, several Intrusion Detection Systems (IDSs) have been proposed in the literature to detect such cyber-attacks on vehicles. This paper introduces a novel generative classifier-based Intrusion Detection System (IDS) designed for anomaly detection in automotive networks, specifically focusing on the Controller Area Network (CAN). Leveraging variational Bayes, our proposed IDS utilizes a deep latent variable model to construct a causal graph for conditional probabilities. An auto-encoder architecture is utilized to build the classifier to estimate conditional probabilities, which contribute to the final prediction probabilities through Bayesian inference. Comparative evaluations against state-of-the-art IDSs on a public Car-hacking dataset highlight our proposed classifier's superior performance in improving detection accuracy and F1-score. The proposed IDS demonstrates its efficacy by outperforming existing models with limited training data, providing enhanced security assurance for automotive systems.

An Anomaly Detection System Based on Generative Classifiers for Controller Area Network

TL;DR

The paper tackles CAN bus security by introducing a deep generative classifier for anomaly detection, grounded in a deep latent variable model and a causal graph. It uses variational Bayes to estimate conditional probabilities, with a variational autoencoder architecture that handles latent factors and perturbations during inference. Evaluations on the Car-hacking dataset show the approach achieves near-perfect accuracy and remarkably low false positives, outperforming several state-of-the-art IDS methods while requiring relatively small training data. This method has practical potential for robust onboard CAN security and offers avenues for future exploration in real-world datasets and explainability.

Abstract

As electronic systems become increasingly complex and prevalent in modern vehicles, securing onboard networks is crucial, particularly as many of these systems are safety-critical. Researchers have demonstrated that modern vehicles are susceptible to various types of attacks, enabling attackers to gain control and compromise safety-critical electronic systems. Consequently, several Intrusion Detection Systems (IDSs) have been proposed in the literature to detect such cyber-attacks on vehicles. This paper introduces a novel generative classifier-based Intrusion Detection System (IDS) designed for anomaly detection in automotive networks, specifically focusing on the Controller Area Network (CAN). Leveraging variational Bayes, our proposed IDS utilizes a deep latent variable model to construct a causal graph for conditional probabilities. An auto-encoder architecture is utilized to build the classifier to estimate conditional probabilities, which contribute to the final prediction probabilities through Bayesian inference. Comparative evaluations against state-of-the-art IDSs on a public Car-hacking dataset highlight our proposed classifier's superior performance in improving detection accuracy and F1-score. The proposed IDS demonstrates its efficacy by outperforming existing models with limited training data, providing enhanced security assurance for automotive systems.
Paper Structure (12 sections, 12 equations, 4 figures, 3 tables)

This paper contains 12 sections, 12 equations, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Threat Modeling
  5. Data Preprocessing
  6. Deep Latent Variable Model
  7. VAE-based Generative Classifier
  8. Experimental Evaluation
  9. Datasets
  10. VAE Parameters
  11. Results
  12. Conclusion

Figures (4)

  • Figure 1: Generative Classifier Architecture with a Variational Auto-encoder.
  • Figure 2: Causal graph. $Y$ is the predicted label, $X$ is the input features, $M$ represents the unseen perturbations and $Z$ represents the rest of latent causes. Solid lines represent the causal reasoning of input data.
  • Figure 3: Variational Auto-encoder. Each individual neural net in the encoder and decoder estimates the conditional probabilities for $q$ and $p$, respectively.
  • Figure 4: Overall Accuracy, False Positive Rate (FPR), and False Negative Rate (FNR) vs. Iterations.