In-Vehicle Network Attack Detection Across Vehicle Models: A Supervised-Unsupervised Hybrid Approach

Recent studies have demonstrated that the injection of malicious messages into in-vehicle networks can cause unintended operation of the controls of vehicles, which has been highlighted as one of the most serious and urgent issues that threaten the safety of automobiles. Attempts have been made to use supervised and unsupervised machine learning for automatic, data-driven intrusion detection. However, previous approaches considered only the detection and classification of attacks on a target car based on the data of the same model of car; they are relatively ineffective when the objective is to handle new car models for which not many data are yet available. In this paper, we address the task of detecting and classifying malicious messages injected into in-vehicle networks by transferring “knowledge” from different car models for which ample data exist. In our proposed approach to the dataset of new car models a pretrained classification model that was supervised-trained on the data of previous car models is combined it with an unsupervised detector that uses only the normal data from the target car. The advantage of the proposed approach is that it does not require past data and therefore is applicable to various scenarios. The results of our experiments using in-vehicle CAN messages datasets collected from three different cars show the effectiveness of the proposed approach. © 2022, Japanese Society for Artificial Intelligence. All rights reserved.