Rising connectivity in vehicles is enabling new capabilities like connected autonomous driving and advanced driver assistance systems (ADAS) for improving the safety and reliability of next-generation vehicles. This increased access to in-vehicle functions compromises critical capabilities that use legacy invehicle networks like Controller Area Network (CAN), which has no inherent security or authentication mechanism. Intrusion detection and mitigation approaches, particularly using machine learning models, have shown promising results in detecting multiple attack vectors in CAN through their ability to generalise to new vectors. However, most deployments require dedicated computing units like GPUs to perform line-rate detection, consuming much higher power. In this paper, we present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA, which is trained and validated using the public CAN Intrusion Detection dataset. The quantised model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature. The Intrusion Detection System (IDS) execution consumes just 2.0 W with software tasks running on the ECU and achieves a 25 % reduction in per-message processing latency over the state-of-the-art implementations. This deployment allows the ECU function to coexist with the IDS with minimal changes to the tasks, making it ideal for real-time IDS in in-vehicle systems.

翻译：车辆日益增长的互联性正推动着诸如互联自动驾驶和高级驾驶辅助系统（ADAS）等新功能的实现，从而提高下一代车辆的安全性与可靠性。然而，这种对车载功能访问的增加，却危及了依赖传统车载网络（如控制器局域网CAN）的关键能力，而CAN本身缺乏固有的安全或认证机制。入侵检测与缓解方法，特别是采用机器学习模型的方法，因其能够泛化至新的攻击向量，在检测CAN中的多种攻击向量方面展现出良好前景。然而，大多数部署需要专用的计算单元（如GPU）来实现线速检测，导致功耗大幅增加。本文提出了一种轻量级多攻击量化机器学习模型，该模型使用赛灵思深度学习处理单元IP部署于Zynq Ultrascale+ (XCZU3EG) FPGA上，并利用公开的CAN入侵检测数据集进行训练与验证。该量化模型对拒绝服务攻击和模糊攻击的检测准确率超过99%，误报率为0.07%，与文献中的先进技术性能相当。该入侵检测系统（IDS）执行时，在执行软件任务的ECU上仅消耗2.0W功率，并且相较于最先进的实现方案，每条消息的处理延迟降低了25%。这种部署使得ECU功能能够与IDS共存，且仅需对任务进行最小改动，使其非常适合车载系统中的实时IDS应用。