A Cost-Effective Statistical Learning Approach for Detection of DoS and Fuzzy Attacks in CAN
10th International Conference on Computer Science and Engineering (UBMK), İstanbul, Türkiye, 17 - 21 Eylül 2025, ss.1386-1391, (Tam Metin Bildiri)
- Yayın Türü: Bildiri / Tam Metin Bildiri
- Doi Numarası: 10.1109/ubmk67458.2025.11207034
- Basıldığı Şehir: İstanbul
- Basıldığı Ülke: Türkiye
- Sayfa Sayıları: ss.1386-1391
- Karadeniz Teknik Üniversitesi Adresli: Evet
Özet
Modern vehicles increasingly rely on Controller Area Networks (CAN), making them vulnerable to cyber-physical attacks such as denial of service (DoS) and fuzzy attacks. Real-time detection of such attacks is challenging due to the high message frequency, strict timing constraints, and lack of message authentication in CAN. This paper presents a cost-effective, two-stage statistical learning method for real-time intrusion detection in CAN networks. During training, times-tamp differences between consecutive message IDs are stored in a unidirectional dictionary, while bidirectional relationships are captured in an adjacency matrix. In the detection phase, incoming messages are checked against learned time bounds or, if missing, classified using a backward adjacency scan. The method is evaluated with two realistic datasets, Car-Hacking and Survival Analysis, containing both DoS and fuzzy scenarios. Results show high accuracy, precision, recall, and F1-score, with sub-millisecond per-message latency, meeting the stringent real-time requirements of CAN systems. These results confirm the effectiveness and efficiency of the proposed method for in-vehicle intrusion detection.