Vehicles of today are composed of over 100 electronic embedded devices known as Electronic Control Units (ECU), each of which controls a different component of the vehicle and communicates via the Controller Area Network (CAN) bus. However, unlike other network protocols, the CAN bus communication protocol lacks security features, which is a growing concern as more vehicles become connected to the Internet. To enable the detection of intrusions on the CAN bus, numerous intrusion detection systems (IDS) have been proposed. Although some are able to achieve high accuracy in detecting specific attacks, no IDS has been able to accurately detect all types of attacks against the CAN bus. To overcome the aforementioned issues, we propose a multimodal analysis framework named CANival, which consists of time interval-based and signal-based analyzers developed by designing a novel Time Interval Likelihood (TIL) model and optimizing an existing model CANet. Experimental results show that our multimodal IDS outperforms the base models and enhances the detection performance testing on two recent datasets, X-CANIDS Dataset and SynCAN, achieving average true positive rates of 0.960 and 0.912, and true negative rates of 0.997 and 0.996, respectively.

中文翻译：

---

CANival：车辆 CAN 总线入侵检测的多模式方法


当今的车辆由 100 多个电子嵌入式设备（称为电子控制单元 (ECU)）组成，每个电子控制单元控制车辆的不同组件并通过控制器局域网 (CAN) 总线进行通信。然而，与其他网络协议不同，CAN 总线通信协议缺乏安全功能，随着越来越多的车辆连接到互联网，这一问题日益受到关注。为了能够检测 CAN 总线上的入侵，人们提出了多种入侵检测系统 (IDS)。尽管有些 IDS 能​​够在检测特定攻击方面实现高精度，但还没有 IDS 能​​够准确检测针对 CAN 总线的所有类型的攻击。为了克服上述问题，我们提出了一种名为 CANival 的多模态分析框架，该框架由基于时间间隔和基于信号的分析器组成，通过设计新颖的时间间隔似然（TIL）模型并优化现有模型 CANet 来开发。实验结果表明，我们的多模态 IDS 优于基础模型，并增强了在两个最新数据集 X-CANIDS 数据集和 SynCAN 上的检测性能测试，分别实现了 0.960 和 0.912 的平均真阳性率，以及 0.997 和 0.996 的真阴性率。