Increasing automation in vehicles enabled by increased connectivity to the outside world has exposed vulnerabilities in previously siloed automotive networks like controller area networks (CAN). Attributes of CAN such as broadcast-based communication among electronic control units (ECUs) that lowered deployment costs are now being exploited to carry out active injection attacks like denial of service (DoS), fuzzing, and spoofing attacks. Research literature has proposed multiple supervised machine learning models deployed as Intrusion detection systems (IDSs) to detect such malicious activity; however, these are largely limited to identifying previously known attack vectors. With the ever-increasing complexity of active injection attacks, detecting zero-day (novel) attacks in these networks in real-time (to prevent propagation) becomes a problem of particular interest. This paper presents an unsupervised-learning-based convolutional autoencoder architecture for detecting zero-day attacks, which is trained only on benign (attack-free) CAN messages. We quantise the model using Vitis-AI tools from AMD/Xilinx targeting a resource-constrained Zynq Ultrascale platform as our IDS-ECU system for integration. The proposed model successfully achieves equal or higher classification accuracy (> 99.5%) on unseen DoS, fuzzing, and spoofing attacks from a publicly available attack dataset when compared to the state-of-the-art unsupervised learning-based IDSs. Additionally, by cleverly overlapping IDS operation on a window of CAN messages with the reception, the model is able to meet line-rate detection (0.43 ms per window) of high-speed CAN, which when coupled with the low energy consumption per inference, makes this architecture ideally suited for detecting zero-day attacks on critical CAN networks.

翻译：车辆与外部世界的连接日益增强，推动其自动化水平提升的同时，也暴露了此前封闭的汽车网络（如控制器局域网，CAN）的脆弱性。CAN以电子控制单元（ECU）之间广播通信为特征（这种特性降低了部署成本），如今却被利用来实施主动注入攻击，如拒绝服务（DoS）、模糊测试和欺骗攻击。已有研究文献提出了多种基于监督学习的入侵检测系统（IDS）来检测此类恶意活动，但这些方法大多局限于识别已知攻击向量。随着主动注入攻击复杂性的持续增长，实时检测这些网络中的零日（新型）攻击（以阻止其传播）成为一个备受关注的问题。本文提出一种基于无监督学习的卷积自编码器架构，用于检测零日攻击，该模型仅使用良性（无攻击）CAN消息进行训练。我们采用AMD/Xilinx的Vitis-AI工具对模型进行量化，并将其部署在资源受限的Zynq Ultrascale平台上作为我们的IDS-ECU集成系统。与现有最先进的无监督学习IDS相比，所提出的模型在公开攻击数据集上针对未见过的DoS、模糊测试和欺骗攻击的分类准确率达到同等或更高水平（>99.5%）。此外，通过巧妙地将IDS对CAN消息窗口的操作与消息接收重叠，该模型能够满足高速CAN的线速检测需求（每窗口0.43毫秒），结合每次推理的低能耗，使得该架构特别适用于检测关键CAN网络中的零日攻击。