Author ORCID Identifier
Semester
Fall
Date of Graduation
2024
Document Type
Thesis
Degree Type
MS
College
Statler College of Engineering and Mineral Resources
Department
Lane Department of Computer Science and Electrical Engineering
Committee Chair
Amr El-Wakeel
Committee Co-Chair
Mohamed Hefeida
Committee Member
Sara Tehranipoor
Abstract
The Controller Area Network (CAN) bus is a crucial communication backbone in modern vehicles, connecting various Electronic Control Units (ECUs). However, inherent design weaknesses such as the lack of encryption and authentication make CAN networks vulnerable to cyber-attacks, including spoofing, Denial of Service (DoS), and fuzzing attacks. This thesis thoroughly evaluates these vulnerabilities and the limitations of existing security frameworks like Message Authentication Codes (MACs) and encryption, advocating for the adoption of Intrusion Detection Systems (IDS) as a more practical solution for CAN bus security. The proposed IDS leverages advanced machine learning techniques to accurately detect intrusions, even under complex attack configurations. In the first phase of this research, a One-Dimensional Convolutional Neural Network (1D-CNN) IDS model was developed and evaluated on both the robust ORNL ROAD and the HCRL dataset. While existing models achieve near-perfect accuracy on straightforward attack datasets like HCRL, this thesis demonstrates the limitations of these datasets in representing real-world threats. Testing on ROAD, which includes stealthier and more diverse attack scenarios, the 1D-CNN model struggled with detecting attacks with intricate patterns, hence the need for more robust IDS architecture. To address this, a hybrid model combining 1D-CNN with Bidirectional Long Short-Term Memory (BiLSTM) was designed to capture both spatial and temporal features in CAN traffic. This hybrid approach significantly improved detection accuracy and reduced the false positive rate, particularly for stealthy attacks such as targeted ID manipulations. Key enhancements include class weighting to handle imbalanced data, systematic hyperparameter tuning, and dropout regularization to prevent overfitting. Extensive testing on the ROAD dataset resulted in a model accuracy of 99.64%, demonstrating the hybrid IDS’s capacity to detect even the most sophisticated CAN bus attacks efficiently. This thesis contributes to vehicular network security by establishing a benchmark for IDS performance on high-fidelity CAN datasets. The findings emphasize the importance of hybrid architectures in enhancing IDS capabilities and underscore the necessity for realistic datasets in assessing IDS robustness in real-world applications.
Recommended Citation
Agbo, Obinna C., "Machine Learning Based Intrusion Detection Framework for CAN Bus Vulnerabilities in Modern Vehicles" (2024). Graduate Theses, Dissertations, and Problem Reports. 12709.
https://researchrepository.wvu.edu/etd/12709
Included in
Artificial Intelligence and Robotics Commons, Cybersecurity Commons, Other Computer Engineering Commons, Other Electrical and Computer Engineering Commons
