ScholarWorks@숭실대학교

초록

Modern vehicles have communication protocols that are vulnerable to cyberattacks. A lack of authentication and encryption makes Controller Area Network (CAN) bus messages susceptible to injection attacks, spoofing, and time-based security threats. Existing intrusion detection systems (IDS) based on deep learning models cannot extract fine-grained features from CAN message frames. These models also have a limited ability to detect stealthy attacks and require significant computational resources. Additionally, large transformer-based models struggle to balance detection accuracy with the resource constraints of in-vehicle electronic control units (ECUs), hindering their practical deployment. Therefore, we propose a lightweight, deep-learning-based approach that can effectively detect anomalies with high accuracy. Our approach combines feature engineering, payload splitting, and label matching with a lightweight CNN-LSTM model that accurately flags intrusions while maintaining real-time efficiency. Feature engineering and payload splitting maximize knowledge extraction from CAN messages. Label matching analyzes flags for each set of attributes using a supervised CNN-LSTM-based detector to capture anomalies missed by time-window-based labeling approaches. The proposed approach is evaluated on two distinct datasets: HCRL car-hacking and ORNL ROAD, in both multiclass and binary attack-detection settings. We compare our proposed architecture against multiple baseline approaches, including rule-based checks and deep learning-based models. Experimental results demonstrate that the CNN-LSTM model achieves near-perfect detection performance, attaining up to 100% accuracy, F1-score, and ROC-AUC on the Car-Hacking dataset, while consistently outperforming CNN, LSTM, ANN, hybrid, and rule-based baselines. On the ROAD dataset, the proposed model achieves F1-scores of 0.9976 for masquerade attacks and 0.9578 for fabrication attacks, with robust performance across combined attack scenarios. Notably, the CNN-LSTM architecture requires significantly fewer parameters (as low as 8.4%) compared to transformer-based models, while delivering comparable or superior detection accuracy. These results highlight the effectiveness and practicality of the proposed IDS for real-time, resource-constrained in-vehicle deployment.

키워드