ASIC Design for Real-Time CAN-Bus Intrusion Detection and Prevention System Using Random Forest

ASIC Design for Real-Time CAN-Bus Intrusion Detection and Prevention System Using Random Forest

A controller area network (CAN) is the most widely used protocol to communicate between electronic control units (ECUs) inside a vehicle. However, it lacks basic security functions and a structure vulnerable to external attacks. Therefore, it is important to develop an intrusion detection system (ID...

Full description

Saved in:
Bibliographic Details
Main Authors: Junseok Lee, Sangmin Park, Sua Shin, Hyungchul Im, Joosock Lee, Seongsoo Lee
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Application-specific integrated circuit
controller area network
intrusion detection system
intrusion prevention system
machine learning
random forest
Online Access:https://ieeexplore.ieee.org/document/11071663/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A controller area network (CAN) is the most widely used protocol to communicate between electronic control units (ECUs) inside a vehicle. However, it lacks basic security functions and a structure vulnerable to external attacks. Therefore, it is important to develop an intrusion detection system (IDS) that can effectively identify malicious and legitimate CAN messages, as well as an intrusion prevention system (IPS) that can block such malicious messages in real time. In this study, a random-forest-based intrusion detection system (RF-IDS) was proposed and integrated with a CAN controller to design a system that can perform real-time detection and attack blocking. Existing IDS studies aim for high detection performance. However, the real-time blocking function is limited or the possibility of hardware implementation is yet to be sufficiently verified. To address this issue, we designed an IDS that can immediately determine if an attack is present when receiving a CAN frame and blocking the attack node. Fast and efficient detection is possible complex matrix operations because the random forest model performs detection based on comparison operations. This confirmed that the corresponding structure achieved an average detection time of <inline-formula> <tex-math notation="LaTeX">$1.86~\mu $ </tex-math></inline-formula>s and detection accuracy of more than 99%, allowing real-time intrusion blocking. Finally, hardware implementation was achieved by completing the design of the ASIC chip through a multiproject wafer process.
ISSN:2169-3536

Similar Items