CAN bus intrusion detection based on auxiliary classifier GAN and out-of-distribution detection
ZhaoQingling, ChenMingqiang, GuZonghua, LuanSiyu, ZengHaibo, Chakrabory Samarjit
Code Available — Be the first to reproduce this paper.
ReproduceCode
- github.com/evenchen6/CAN_GAN_Anomalypytorch★ 20
Abstract
Modern vehicles are prototypical Cyber-Physical Systems, where the in-vehicle Electrical/Electronic (E/E) system interacts closely with its physical surroundings. With the rapid advances in Connected and Automated Vehicles, the issue of automotive cyber-physical security is gaining increasing importance. The Controller Area Network (CAN) is a ubiquitous bus protocol present in almost all vehicles. Due to its broadcast nature, it is vulnerable to a range of attacks once the attacker gains access to the bus through either the physical or cyber part of the attack surface. We address the problem of Intrusion Detection on the CAN bus, and propose four methods based on the combination of one or more classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN), and the use of Out-of-Distribution (OOD) Detection to detect unknown attacks. Our work is the first and only technique that is able to detect both known and unknown attacks, and also assign fine-grained labels to detected known attacks. Experimental results demonstrate that the most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage, passing OOD samples to the binary Real/Fake Classifier in the second state.