In addition to using only ID or payload as the feature, IDSs in the literature used a combination of features to capture the pattern changes in CAN data sequences. This has the advantage of detecting both ID changes and payload manipulation attacks. Other features combined with ID and payload are DLC and time (time gap).
5.3.1 Unsupervised Learning.
Berger et al. [
20] tested NN, LSTM, SVM, and OCSVM algorithms for IVN attack detection. Experimental results that used the HCRL CH dataset showed that NN outperformed other models. A mobile edge-assisted LSTM-based anomaly detection approach was proposed by Zhu et al. [
187] to overcome the computational limitations of IVNs. A real-time performance of 0.61 ms was observed in the proposed model with around 90% accuracy. Gao et al. [
43] introduced a new in-vehicle IDS based on DL and SOEKS (set of experience knowledge structures). Experimental results that used a real vehicle dataset showed that usage of SOEKS and information entropy improved attack detection. Barletta et al. [
17] proposed an unsupervised Kohonen SOM (self-organizing map)-based anomaly detector for the CAN bus. They integrated Kohonen SOM with a
k-means clustering algorithm using a distance-based approach. This model was tested with DoS, fuzzy, gear, and RPM spoofing attacks. They compared this with the traditional approach where the
k-means algorithm processed a neuron’s codebook vectors. Experimental results have shown that the proposed technique outperforms the traditional approach for all attack datasets. Leslie [
89] proposed an ensemble hierarchical agglomerative clustering-based model to detect malicious traffic in heavy-duty ground vehicles. The author used a dataset related to the SAE J1939 protocol, which is based on the CAN bus. This was evaluated using spoofed engine speed messages and showed a higher detection rate.
Lin et al. [
96] proposed a deep denoising autoencoder-based model to detect injection attacks on IVNs. They used an evolutionary-based optimization algorithm to overcome premature convergence and find the optimum network structure. Experimental results that used the HCRL OTIDS and two real datasets showed that the proposed model outperformed selected baseline models. Nakamura et al. [
117] proposed a hybrid model of a LightGBM-based supervised model and an autoencoder-based unsupervised model. Time differences of consecutive CAN IDs, CAN ID, and payload values were used as the features. Experimental results that used the
HCRL Survival Analysis (HCRL SA) dataset showed that the hybrid model outperformed the pre-trained LightGBM model. However, a comparison between the pre-trained and autoencoder models is not available to make a fair comparison of the hybrid model performance. Qin et al. [
133] proposed an LSTM-based anomaly detection algorithm to detect the abnormal behavior of the CAN bus. Experimental results have shown that the proposed model can detect anomalous data with greater than 90% accuracy. Further, the authors tested this with two more vehicles, and the performance was not good enough to generalize the model to other vehicles. An LSTM model with an improved feature processing technique was used in the work of Khan et al. [
76] for IVN malicious activity detection. The HCRL CH dataset based experimental evaluation outperformed the baseline models for both detection rate and latency. The LSTM autoencoder-based model proposed by Ashraf et al. [
12] also used the HCRL CH dataset. Packet count and bandwidth of the outbound traffic of a fixed window were used as the features. These features are only suitable for detecting injection attacks. Zhou et al. [
186] proposed an autoencoder model with dedicated models for each CAN ID. An improved IF method with data mass was used to detect tempering attacks in the work of Duan et al. [
36]. This was evaluated using a simulation environment and outperformed the OCSVM and LOF algorithms.
5.3.2 Supervised Learning.
Tian et al. [
159] proposed an IDS based on the Gradient Boosting Decision Tree for the CAN bus. Nine features were used for the classification, including the payload of CAN message and entropy-based feature. They changed the payload values of a real dataset to create abnormal messages. Experimental results showed that the true-positive rate was 97.67% and the false-positive rate was 1.2%. However, this was tested with a very basic attack scenario of CAN payload values changing, and real-world attack detection will be much more complex. Wasicek et al. [
169] implemented a CAID (context-aware IDS) framework using ANN to identify manipulations in IVNs. CAID is equipped with three modules: the monitor module reads and aggregates information, the detectors module identifies anomalies, and the reporter module connects with the user. Features used for ANN model include vehicle speed, engine RPM, fuel rate, and calculated load. This model was evaluated using a real vehicle for chip tuning and power boxing manipulations. Experimental results have shown that it could accurately recognize the manipulated attacks. However, this experiment was done in a constrained environment, whereas the real-world environment might be quite different. The ANN-based lightweight model proposed by Basavaraj and Tayeb [
19]. This model marginally outperformed the baseline models. Alshammari et al. [
9] proposed KNN and SVM algorithms to cluster and classify DoS and fuzzy attacks in the CAN bus. As per the experimental results, KNN outperformed the SVM algorithm for both attacks of the HCRL CH dataset. However, the DoS detection rate was comparatively low compared to the fuzzy attack.
Zhang et al. [
184] proposed an IDS for the CAN bus considering the balance between the efficiency of the rule-based approach and the high detection rate of the DNN-based approach. The first stage, which is the rule-based approach, enables efficient anomaly detection. CAN frames, which pass the rule-based detection model, send to the DNN-based detection model to further identify undetected anomalies. Evaluation against five types of attacks using three real datasets showed high detection rates and low false-positive rates for all datasets. However, evaluation results with regard to five attack types are not included in this work. Similarly, Zhang and Ma [
183] introduced a hybrid approach for in-vehicle intrusion detection. Datasets related to four real vehicles were used for the performance evaluation. This approach was only applicable to periodic messages. Weber et al. [
170] proposed a hybrid IDS that is capable of identifying both point and contextual anomalies. The authors used eight classes of sensor data defined by Müter et al. [
116]. They used LODA (a lightweight online detector of anomalies) [
131] as the classification algorithm. Synthetic CAN data with an altered sequence was used to evaluate the proposed model. Despite the promising results, this was tested with limited simplified anomaly scenarios. Rule-based and RF-based hybrid IDS was proposed by Kang et al. [
72]. Time interval, data field differences, and ID lag values were used as the features. The RF model showed a poor detection capability than the rule-based approach.
Kalkan and Sahingoz [
70] used six different ML models—RF, bagging, ADA boosting, NB, Logistic Regression, and NN—to compare their attack detection capability of a large CAN dataset. The authors could achieve a promising detection rate using simple ML algorithms with default parameters. However, they did not discuss the dataset creation or features used to train the algorithms. Similarly, Alfardus and Rawat [
6] also used ML algorithms such as KNN, RF, SVM, and
Multilayer Perceptron (MLP) to detect CAN bus attacks. Moulahi et al. [
114] used RF, DT, SVM, and MLP to compare the detection capability. Features related to time, ID, DLC, and payload values were used. Performance evaluation using the HCRL OTIDS dataset showed very low detection capability for fuzzy attacks. Amato et al. [
10] used NN and MLP-based models to detect attacks on the HCRL CH dataset. Dong et al. [
35] did a comparative study on supervised versus semi-supervised ML for IVNs anomaly detection. Minawi et al. [
113] used Random Tree, RF, Stochastic Gradient Descent with hinge loss, and NB to detect gear and RPM spoofing, DoS, and fuzzy attacks in the HCRL CH dataset. CAN ID and payload values were used as the features. Except for the fuzzy attack, all attacks were detected with a 100% F1-score. Anjum et al. [
11] also used the HCRL CH dataset to evaluate the XGBoost-based CAN IDS. Park and Choi [
129] used multi-labeled hierarchical classification as the intrusion detection model. Experimental results that used the HCRL SA dataset showed that the proposed model outperformed the selected baseline models. The same dataset was used in the NN-based IDS proposed by Francia and El-Sheikh [
42]. The main objective of the proposed approach was to identify vehicle models and anomalies. All of these works [
6,
10,
11,
35,
70,
113,
114,
129] can be considered as basic ML and DL model comparisons for CAN attacks. None of these models has the capability to detect unknown attacks. The XGBoost classifier outperformed the VGG16 model for gear and RPM spoofing attacks in the work of Lin et al. [
94]. Aksu and Aydin [
1] proposed a meta-heuristic algorithm called the
modified genetic algorithm for the CAN feature selection. This can be considered as a dimensionality reduction approach. They used ML models such as SVM and DT to evaluate the effectiveness of the feature selection.
Suda et al. [
150] proposed LSTM-based IDS, which utilized the time series features of the CAN frame. These features include frame interval (derived from the time), ID, and payload values. Data was collected from a real vehicle and used modified ID, data field, and flooding as attacks to evaluate the system. Khan et al. [
77] proposed an LSTM-based attack detection model for IVNs. They used two attack-free CAN bus datasets—HCRL CH and the AEGIS repository [
68]—to create replay and amplitude-shift attacks. Experiment results for replay and amplitude-shift attacks showed that the LSTM model achieved the best accuracy for both datasets. Even though LSTM recorded the best results comparatively, these figures are not promising, as accuracy and precision values were around 80% to 90% and recall values were around 30% to 40%. Further, the DBC file and processed data with features are hard to find. Xiao et al. [
177] introduced a novel RNN-based IDS by optimizing LSTM and GRU architectures and using a simplified attention model to make the model lightweight. The RF algorithm was used as the classification algorithm using the features generated by the RNN model. In contrast, CAN ID, DLC, and payload fields were used as the input features for the RNN model. They validated their approach using the HCRL OTIDS dataset and compared the performance with eight variants of the proposed model. However, the RF algorithm learns only to detect attacks in the training dataset and may fail to detect new attacks. Ma et al. [
106] proposed a GRU-based lightweight IDS for CAN bus intrusion detection. They also used a low-complexity feature extraction algorithm to extract features from CAN frames. The proposed model showed near real-time performance and a higher detection rate than the baseline models. However, the usage of the supervised learning approach limits novel attack detection. An attention-based technique was used in the work of NasirEldin et al. [
121]. An attention layer was used to capture the most important part of the data, whereas a self-attention layer was used to identify the relationship between each data element. They used positional encoding to capture the positional information. Performance evaluations that used HCRL CH data showed that the proposed model marginally outperformed baseline models, including an LSTM model.
Hossain et al. [
62] proposed an IDS for the CAN bus based on LSTM. The authors used both binary and multi-class classification to evaluate the IDS with vanilla LSTM and stacked LSTM models. Experimental results that used the HCRL SA dataset showed that the proposed vanilla LSTM model outperformed the compared survival analysis method. Since both CAN ID and payload have been considered in the model, it can detect both point and contextual anomalies. They used the same model in another work [
61]. Hossain et al. [
60] used a CNN model instead of the LSTM model proposed in their other work [
62]. They collected datasets from three cars and injected anomalous frames to create attacks. The proposed model achieved a high attack detection rate for all attacks. Due to the supervised learning approach used, both of these models [
60,
62] cannot detect unknown attacks. The CAN bus attack detection framework introduced by Tariq et al. [
155] utilized both rule-based and DL (LSTM) models. DoS, fuzzing, and replay attack were used to evaluate the proposed model. The ensemble model achieved better accuracy than the individual rule-based or LSTM model for all attacks. Detection time analysis showed that the average detection time delay was 0.02 seconds. This was evaluated against three simple attacks that changed the ID frequency significantly. They also introduced CANTransfer, a transfer learning based IDS for CAN bus [
156] using the same data, features, and attacks. The authors trained a convolutional LSTM model (ConvLSTM) as a binary classification problem. One-shot transfer learning was used to retrain the model to detect new attacks. DoS attack was used during the training phase, and fuzzing and replay attacks were used with one-shot transfer learning. They could achieve 26.60% performance gain compared to the best baseline model. A deep transfer learning based P-LeNet method used in the work of Mehedi et al. [
110] outperformed the baseline models. Transfer learning will help reduce the need for collecting a large amount of data to detect each new type of attack. LSTM-based simple IDS proposed by Kishore et al. [
80] outperformed the traditional ML models such as RF and XGBoost.
Rehman et al. [
137] proposed CANintelliIDS, a novel approach to detect intrusions in the CAN bus based on CNN and attention-based GRU models. Unlike other approaches that predicted binary classes, this model predicted the attack type. The authors evaluated this algorithm with a single attack data sequence and mixed attack data sequence separately. Binary output was compared with recent state-of-the-art baseline models (e.g., [
149,
156]). It outperformed all models with a maximum 5.32 F1-score gain. This work proved that DL-based ensemble models could be successfully used to detect different attacks on vehicle networks. However, the computational efficiency of the proposed approach has not been discussed. Lo et al. [
100] used a hybrid model of CNN and LSTM networks for in-vehicle attack detection. CNN was used to extract spatial features, whereas LSTM was used to extract temporal features from CAN data frames. Experimental results that used the HCRL CH dataset showed an approximately 100% detection rate. They used the same model in the work of Aldhyani and Alkahtani [
4].
Ale et al. [
5] used a
Deep Bayesian Learning (DBL) model to detect and analyze car hacking behaviors. Experimental results that used the HCRL CH dataset showed a slightly lower accuracy than a deterministic DL model. However, the DBL model is capable of providing more information about its prediction, which can help further analysis of abnormal behaviors. Islam et al. [
65] developed a hybrid quantum-classical NN to detect an amplitude shift cyber attack on the CAN bus. The usage of the DBC file for feature creation reduces the generalization capability of the proposed model. DNN and incremental learning based IDS was introduced by Lin et al. [
95] to address the driving environment and behavior changes. Predicted class labels of the DNN model were used as the labels for online model updates. This approach has a risk of reducing the model performance when the predictions of the original model are incorrect. Rumez et al. [
138] employed a similar approach like Kalutarage et al. [
71] to develop a hybrid anomaly detection framework for diagnostics communication. In addition to the sequence-based model that uses the n-gram distribution for CAN IDs, the authors used the byte-based model to utilize the CAN messages payload for attack detection. Real and synthetic datasets with three attack types were used for the model evaluation. Their detection framework is only limited to automotive diagnostic communication.