Anomaly Detection for Connected Autonomous Vehicles Using LSTM and Gaussian Naïve Bayes

In the foreseen future, connected autonomous vehicles (CAVs) are expected to improve driving safety and experience considerably; however, cybersecurity remains a critical issue. CAN protocol, the de-facto standard for in-vehicle networks, provides no security mechanism, which makes it one of the most attack-prone parts. The lack of security mechanisms in CAN messages allows intruders to conduct devastating attacks, putting drivers’ and passengers’ lives at risk. An Intrusion Detection System (IDS) can monitor CAN network activities and detect suspicious behaviors resulting from an attack to help safeguard CAVs. The destructive behavior of an intruder is reflected as point and group anomalies in the sequence of CAN messages. Our study proposes an LSTM-based IDS for the CAN bus by exploiting the temporal correlations of the messages on the bus to detect anomalies. Specifically, it is a one-class classifier trained with attack-free data to predict the upcoming value of CAN messages. Then a Gaussian Naïve Bayes classifier is used to classify messages as normal and attack according to the resulting prediction errors. The proposed IDS is evaluated in terms of detection performance and compared with state-of-the-art one-class classifiers, including OCSVM, Isolation Forest, and Autoencoder, using two real-world datasets (Car Hacking Dataset and Survival Analysis Dataset). The proposed method outperforms baselines and achieves detection accuracy and F-score by nearly 100%.