Go to DBLP homepageFederated two-stage transformer-based network for intrusion detection in non-IID data of controller area networks
Abstract: The modern vehicle employs the Controller Area Network (CAN) to facilitate communication among its electronic control units (ECUs). However, the absence of encryption and authentication renders the CAN vulnerable to various attacks. Existing deep learning-based CAN intrusion detection systems face several challenges. Firstly, traditional deep learning models are inadequate in capturing long-range dependencies in message sequences. Secondly, due to privacy concerns, it is challenging to aggregate large datasets centrally for training. At the same time, the data from individual providers often exhibit imbalance and a scarcity of anomalous samples, leading to suboptimal model performance when using a single dataset. To address these issues, this paper proposes a two-stage federated learning-based intrusion detection system for CAN which employs an Encoder-only Transformer network with a multi-head self-attention mechanism. The initial stage comprises a single-class classifier, which is specifically designed for intrusion detection. The subsequent stage is a multi-class classifier, which is employed for the classification of attack types. The entire architecture is based on an Encoder-only Transformer network with a multi-head self-attention mechanism. To protect data privacy, generic models are trained by federated learning to cover various driving scenarios and vehicle states, and to address the non-independent-identical-distribution (non-iid) problem of crowdsourced data. Experiments on two public datasets demonstrate that our approach outperforms existing methods in both detection performance and speed.
Loading