Shuguo Zhuo, Nuo Li, Kui Ren (The State Key Laboratory of Blockchain and Data Security, Zhejiang University)
NMFTA Best Short Paper Award Winner ($200 cash prize)!
Due to the absence of encryption and authentication mechanisms, the Controller Area Network (CAN) protocol, widely employed in in-vehicle networks, is susceptible to various cyber attacks. In safeguarding in-vehicle networks against cyber threats, numerous Machine Learning-based (ML) and Deep Learning-based (DL) anomaly detection methods have been proposed, demonstrating high accuracy and proficiency in capturing intricate data patterns. However, the majority of these methods are supervised and heavily reliant on labeled training datasets with known attack types, posing limitations in real-world scenarios where acquiring labeled attack data is challenging. In this paper, we present HistCAN, a lightweight and self-supervised Intrusion Detection System (IDS) designed to confront cyber attacks using solely benign training data. HistCAN employs a hybrid encoder capable of simultaneously learning spatial and temporal features of the input data, exhibiting robust patterncapturing capabilities with a relatively compact parameter set. Additionally, a historical information fusion module is integrated into HistCAN, facilitating the capture of long-term dependencies and trends within the CAN ID series. Extensive experimental results demonstrate that HistCAN generally outperforms the compared baseline methods, achieving a high F1 score of 0.9954 in a purely self-supervised manner while satisfying real-time requirements.