CANBERT: A Language-based Intrusion Detection Model for In-vehicle Networks

Controller Area networks (CAN) provide a standard means of communicating across vehicular electronic units without a centralized computing unit or complex dedicated wiring. Despite the benefits offered by in-vehicle networks, CAN networks have been susceptible to network attacks such as replay, fuzzing, and denial of service attacks. In addition, the proliferation of internet-connected vehicles motivates the need to build a robust and secure vehicular network system. Deep learning-based language models such as Bidirectional Encoder Representations from Transformers (BERT) models have proven to produce remarkable results for natural language tasks. BERT models provide a deep understanding of the underlying semantics in textual data. In this paper, we propose CANBERT, a language-based intrusion detection model for CAN bus. We leverage the power of transformer models to provide the detection of malicious attacks on the CAN network. We provide a thorough analysis of our approach using a CAN dataset produced in a realistic driving scenario which consists of a combination of normal data and malicious data from various types of attack scenarios such as Denial of Service (DoS), fuzzy, and impersonation attacks. Our approach is able to detect all of the attacks with high precision and accuracy. In addition, we compare our method with other baseline models and state-of-the-art deep learning intrusion detection approach for in-vehicle networks.