Aya Fathy, Marc Ashraf, Mostafa Ashraf, Omar Attia, Prof. Abdel Nasser H. Zaied, Eng. Haytham Tarek, Eng. Mostafa Badr

Publishing Date

29th December, 2020


The automotive industry has been in rapid development which has introduced security vulnerabilities in the in-vehicle network such as Controller Area Network (CAN) buses. These vulnerabilities expose the vehicle to malicious physical and remote attacks. The CAN bus controls all the communications between the vehicle ECUs, such as exchanging parameters and the state of the vehicle. Despite its sensitive role, the CAN bus is the most compromised component in the In-vehicle network as it lacks any form of cryptography methods to ensure integrity and confidentiality of the vehicle’s data. We aim to design a deep learning-based Intrusion Detection System (IDS) compatible with the limitations of the embedded electronics hardware. The proposed model will be trained to detect malicious traffic in the CAN bus indicating security attacks targeting the vehicle, in real time. The IDS will be introduced to different attack classes and tested in real-life environments.

1.1 Purpose of this document

The purpose of this Software Requirements Specification document is to outline the requirements of our system: “Deep learning-based IDS for In-vehicle Network”. It serves as the basis for our system as it provides the development process that all the individuals involved in the development will follow. This document is intended for stakeholders including the the automotive industry, the developers of this software and the graduation projects committee at Misr International University Faculty of Computer Science.

1.2 Scope of this document

This document provides the detailed functional and non-functional requirements as well as the main functionalities of our system, such as detecting malicious activity targeting the in-vehicle network. It will also provide in-depth descriptions of the system’s architecture, processes and the different stages the system goes through until it is deployed on a raspberry pi and integrated with CAN network.

1.3 System Overview

The deep learning-based IDS for in-vehicle network detects malicious attacks targeting the CAN bus which regulates the communication between the Electronic Control Units (ECUs) of the in-vehicle network. In order to achieve the desired functionalities, the development process of the system is divided into 3 main stages:

1. Pre-processing

The datasets are prepared for deep learning in several steps:

• Merging both attack-free and attack datasets together.

• Labeling the unlabeled data instants of the dataset, whether it is a benign or malicious packet, specifying the attack type.

• Reducing the dimensionality of the dataset by extracting the most informative features.

• Splitting the dataset into three subsets training dataset, validation dataset and testing dataset.

• Applying encoding methods on the training dataset to suit the input format of the used model.

2. Processing

• Training, Validation and Testing:

The training dataset is fed to the deep learning model so it can learn to distinguish between malicious CAN packets and benign ones. To improve the performance the trained model, its generalization ability is tested with the validation dataset. During the process, the model is optimized by adjusting and tuning its hyperparameters. Finally, the trained model is evaluated by feeding forward the unseen data instants of the testing dataset and obtaining classification results.

• Compression and Acceleration:

The pre-trained model is then passes through optimization processes aim to compress and accelerate the model achieving optimal computational and memory requirements that comply with the micro-controller’s specifications.

• Deployment:

Now that the deep learning model is fully prepared, we move on to the process of integrating it with a micro-controller in order to be tested in live environment.

3. Fully implemented model

The micro-controller unit (MCU) that carries the deployed model is then wired to the CAN bus and the ECUs. The model streams the CAN traffic passing through the bus. Next step is pre-processing the received packets before passing it to the classification step which determines if the packet is benign or malicious. If the packet is malicious it detects which attack type it is.

1.4 System Scope

The purpose of this system is detecting deviant activity in the CAN bus of the in-vehicle network. An optimized deep learning model is deployed on MCU which will be integrated into a road vehicle. CAN packets are received and processed to detect possible attacks. Our system solves two major limitations of the previously proposed IDSs: designing compressed accelerated models with beneficial processing costs, and fitting the models with the tight requirements of embedded electronics-based systems.