CANival: A multimodal approach to intrusion detection on the vehicle CAN bus

Vehicles of today are composed of over 100 electronic embedded devices known as Electronic Control Units (ECU), each of which controls a different component of the vehicle and communicates via the Controller Area Network (CAN) bus. However, unlike other network protocols, the CAN bus communication protocol lacks security features, which is a growing concern as more vehicles become connected to the Internet. To enable the detection of intrusions on the CAN bus, numerous intrusion detection systems (IDS) have been proposed. Although some are able to achieve high accuracy in detecting specific attacks, no IDS has been able to accurately detect all types of attacks against the CAN bus. To overcome the aforementioned issues, we propose a multimodal analysis framework named CANival, which consists of time interval-based and signal-based analyzers developed by designing a novel Time Interval Likelihood (TIL) model and optimizing an existing model CANet. Experimental results show that our multimodal IDS outperforms the base models and enhances the detection performance testing on two recent datasets, X-CANIDS Dataset and SynCAN, achieving average true positive rates of 0.960 and 0.912, and true negative rates of 0.997 and 0.996, respectively.