A Hybrid Approach Toward Efficient and Accurate Intrusion Detection for In-Vehicle Networks

With recent advancements in the automotive world and the introduction of autonomous vehicles, automotive security has become a real and important issue. Modern vehicles have tens of Electronic Control Units (ECUs) connected to in-vehicle networks. As a de facto standard for in-vehicle network communication, the Controller Area Network (CAN) has become a target of cyber attacks. Anomaly-based Intrusion Detection System (IDS) is considered as an effective approach to secure CAN and detect malicious attacks. Currently, there are two primary approaches used for intrusion detection: rule-based and machine learning-based. Rule-based approach is efficient but limited in the detection accuracy while machine learning-based detection has comparably higher detection accuracy but higher computation cost at the same time. In this paper, we propose a novel hybrid IDS that combines the benefits of both rule-based and machine learning-based approaches. More specifically, we use machine learning methods to achieve a high detection rate while keeping the low computational requirement by offsetting the detection with a rule-based component. Our experiments with CAN traces collected from four different vehicle models demonstrate the effectiveness and efficiency of the proposed hybrid IDS.