Akademik Veri Yönetim Sistemi
2025 10th International Conference on Computer Science and Engineering (UBMK), İstanbul, Türkiye, 17 - 21 Eylül 2025, ss.1386-1391, (Tam Metin Bildiri)
Modern vehicles increasingly rely on Controller Area Networks (CAN), making them vulnerable to cyber-physical attacks such as denial of service (DoS) and fuzzy attacks. Real-time detection of such attacks is challenging due to the high message frequency, strict timing constraints, and lack of message authentication in CAN. This paper presents a cost-effective, two-stage statistical learning method for real-time intrusion detection in CAN networks. During training, times-tamp differences between consecutive message IDs are stored in a unidirectional dictionary, while bidirectional relationships are captured in an adjacency matrix. In the detection phase, incoming messages are checked against learned time bounds or, if missing, classified using a backward adjacency scan. The method is evaluated with two realistic datasets, Car-Hacking and Survival Analysis, containing both DoS and fuzzy scenarios. Results show high accuracy, precision, recall, and F1-score, with sub-millisecond per-message latency, meeting the stringent real-time requirements of CAN systems. These results confirm the effectiveness and efficiency of the proposed method for in-vehicle intrusion detection.