Comparative Performance Evaluation of Intrusion Detection Based on Machine Learning in In-Vehicle Controller Area Network Bus

Communication between the nodes in a vehicle is performed using many protocols. The most common of these is known as the Controller Area Network (CAN). The functionality of the CAN protocol is based on sending messages from one node to all others throughout a bus. Messages are sent without either source or destination addresses. Consequently, it is simple for an attacker to inject malicious messages. This may lead to some nodes malfunctioning or total system failure, which can affect the safety of the driver as well as the vehicle. Detecting intrusions is a challenging problem in the context of using CAN bus for in-vehicle communication. Most existing work focuses on the physical aspects without taking into consideration the data itself. Machine Learning (ML) tools, especially classification techniques, have been widely used to address similar problems. In this paper, we use and compare several ML techniques to deal with the problem of detecting intrusions in in-vehicle communication. An experimental study is performed using a real dataset extracted from a KIA Soul car. Compared to previous work, which focuses on detecting intrusions based on the physical aspect, this paper aims to concentrate on the application of data analysis and statistical learning techniques. Furthermore, the paper provides a comparative study of the most common ML techniques. The results show that the techniques under consideration in this paper outperform other techniques that have been used previously.