Natasha Alkhatib (Télécom Paris), Lina Achaji (INRIA), Maria Mushtaq (Télécom Paris), Hadi Ghauch (Télécom Paris), Jean-Luc Danger (Télécom Paris)
The adoption of external connectivity on modern vehicles and the increasing integration of complex automotive software paved the way for novel attack scenarios exploiting the vulnerabilities of in-vehicle protocols. The Controller Area Network (CAN) bus, a widely used communication network in vehicles between electronic control units (ECUs), therefore requires urgent monitoring. Predicting sophisticated intrusions that affect interdependencies between several CAN signals transmitted by distinct IDs requires modeling two key dimensions: 1) time dimension, where we model the temporal relationships between signals carried by each ID separately 2) interaction dimension where we model the interaction between IDs, i.e., how the state of each CAN ID affects the others. In this work, we propose a novel deep learning-based multi-agent intrusion detection system, AMICA, that uses an attention-based self-supervised learning technique to detect stealthy in-vehicle intrusions, i.e., those that that not only disturb normal timing or ID distributions but also carried data values by multiple IDs, along with others. The proposed model is evaluated on the benchmark dataset SynCAN. Our source code is available at: https://github.com/linaashaji/AMICA