As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment. This makes our model robust against seen and unseen attacks.

中文翻译：

---

使用分层联合学习的强大的多级入侵检测系统，用于车载网络安全


随着联网和自动驾驶车辆的激增，控制器局域网 (CAN) 总线因其速度和效率已成为车载网络的主要通信标准。然而，CAN总线缺乏身份验证和加密等基本安全措施，使其极易受到网络攻击。为了确保车内安全，入侵检测系统 (IDS) 必须检测已发现的攻击，并针对新的、未发现的攻击提供强大的防御，同时保持轻量级以适应实际部署。以前的工作仅依赖于 CAN ID 特征，或者使用传统的机器学习 (ML) 方法和手动特征提取。这些方法忽略了其他可利用的功能，使得适应新的看不见的攻击变体并危及安全性具有挑战性。本文介绍了一种尖端、新颖、轻量级、车载 IDS 利用深度学习 (DL) 算法来解决这些限制。所提出的 IDS 采用多阶段方法：第一阶段使用人工神经网络 (ANN) 来检测已发现的攻击，第二阶段使用长短期记忆 (LSTM) 自动编码器来检测新的、未见过的攻击。为了理解和分析不同的驾驶行为、使用最新的攻击模式更新模型并保护数据隐私，我们提出了一个理论框架，用于在分层联合学习 (H-FL) 环境中部署我们的 IDS。实验结果表明，我们的IDS对于已见攻击的F1分数超过0.99，对于新攻击的F1分数超过0.95，检测率为99.99%。此外，误报率 (FAR) 极低，仅为 0.016%，最大限度地减少了误报。 尽管使用了以其在识别复杂攻击和零日攻击方面的有效性而闻名的深度学习算法，但 IDS 仍然是轻量级的，确保了其在现实世界中部署的可行性。这使得我们的模型能够抵御可见和不可见的攻击。