CAN-BiGRUBERT: Unveiling Automotive Vehicle Intruders by Profiling and Characterizing Anomalies in Controller Area Network
In-vehicle Controller Area Networks (CAN) are vulnerable to various injection attacks that can compromise the safety of vehicle occupants and result in financial losses. While a substantial body of work on CAN intrusion detection exists, it lacks multiclass attack classification models. Current multiclass models do not encompass all attack types or account for the vehicle’s state, i.e., whether the car is stationary or in motion. This work addresses these limitations by proposing CAN-BiGRUBERT, a multiclass CAN intrusion detection model that jointly predicts the vehicle state and attack class from CAN traffic windows. CAN-BiGRUBERT employs Bidirectional Encoder Representations from Transformers (BERT) to capture spatial dependencies within individual CAN frames, and a Bidirectional Gated Recurrent Unit (BiGRU) network to capture temporal dependencies across multiple frames in a window.