CGTS: graph transformer-based anomaly detection in controller area networks

CGTS: graph transformer-based anomaly detection in controller area networks

연구 분야: Cryptography

학회: Cybersecurity

Anomaly detection in the Controller Area Network (CAN) bus is critical for ensuring the security and reliability of intelligent connected vehicles, which are increasingly prevalent. While existing anomaly detection strategies offer some benefits, they often face challenges such as limited feature extraction and data imbalance, which reduce their effectiveness. To address these issues, in this paper, we propose an unsupervised intrusion detection method based on CAN message graph named CGTS. Specifically, we first construct a message graph based on CAN message sequences. A Graph Transformer is then employed to extract complex structural information, accurately capturing the intrinsic connections between messages. Furthermore, to address the data imbalance problem, we integrate the Support Vector Data Description algorithm after the Graph Transformer model. This algorithm identifies anomalous behaviors efficiently without relying on a priori labels. Experiments conducted on public datasets, including Car-Hacking and CAN-Train-and-Test, demonstrate the efficacy of CGTS. The model achieves an average accuracy exceeding 0.990, precision above 0.995, and an F1-score nearing 0.993. These results highlight CGTS can effectively detect multiple injection attacks and significantly improve the CAN bus intrusion detection performance.