CGTS: graph transformer-based anomaly detection in controller area networks

CGTS: graph transformer-based anomaly detection in controller area networks

Abstract Anomaly detection in the Controller Area Network (CAN) bus is critical for ensuring the security and reliability of intelligent connected vehicles, which are increasingly prevalent. While existing anomaly detection strategies offer some benefits, they often face challenges such as limited f...

Full description

Saved in:
Bibliographic Details
Main Authors: Xue Zhou, Guihe Qin, Yanhua Liang, Jiaru Song, Wanning Liu, Qingxin Liu
Format: Article
Language:English
Published: SpringerOpen 2025-08-01
Series:Cybersecurity
Subjects:
In-vehicle network
Intrusion detection
Graph transformer
CAN bus
Online Access:https://doi.org/10.1186/s42400-025-00365-6
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract Anomaly detection in the Controller Area Network (CAN) bus is critical for ensuring the security and reliability of intelligent connected vehicles, which are increasingly prevalent. While existing anomaly detection strategies offer some benefits, they often face challenges such as limited feature extraction and data imbalance, which reduce their effectiveness. To address these issues, in this paper, we propose an unsupervised intrusion detection method based on CAN message graph named CGTS. Specifically, we first construct a message graph based on CAN message sequences. A Graph Transformer is then employed to extract complex structural information, accurately capturing the intrinsic connections between messages. Furthermore, to address the data imbalance problem, we integrate the Support Vector Data Description algorithm after the Graph Transformer model. This algorithm identifies anomalous behaviors efficiently without relying on a priori labels. Experiments conducted on public datasets, including Car-Hacking and CAN-Train-and-Test, demonstrate the efficacy of CGTS. The model achieves an average accuracy exceeding 0.990, precision above 0.995, and an F1-score nearing 0.993. These results highlight CGTS can effectively detect multiple injection attacks and significantly improve the CAN bus intrusion detection performance.
ISSN:2523-3246

Similar Items