Robust anomaly-based intrusion detection system for in-vehicle network by graph neural network framework

With the development of Internet of Vehicles (IoVs) techniques, many emerging technologies and their applications are integrated with IoVs. The application of these new technologies requires vehicles to communicate with external networks frequently, which makes the in-vehicle network more vulnerable to hacker attacks. It is imperative to detect hacker attacks on in-vehicle networks. A control area network graph attention networks (CAN-GAT) model is proposed to implement the anomaly detection of in-vehicle networks, and a graph neural network (GNN) anomaly-based detection framework using graph convolution, graph attention and CAN-GAT network model for in-vehicle network based on CAN bus is presented. In this detection framework, a graph is designed with the traffic on the CAN bus to capture the correlation between the change of the traffic bytes and the state of other traffic bytes effectively and help improve the detection accuracy and efficiency. Compared simulation experiments are conducted to test the proposed model, and the obtained model performance metrics results show that the CAN-GAT-2 model based on two-layer CAN-GAT achieves better performance. In addition, the visualization and quantitative analysis methods are used to explain how can the attention mechanism of CAN-GAT-2 improve the performance, which can help to construct better GNNs in anomaly detection of in-vehicle network. The model performance evaluation results show that CAN-GAT-2 achieved improved accuracy among the compared baseline methods, and has good detection speed performance.