Intelligent Cyber-Attack Detection for Autonomous Vehicles - Car-Hacking Dataset with Real and Simulated CAN Traffic

Overview

The Intelligent Cyber-Attack Detection for Autonomous Vehicles research published in 2025 introduces a comprehensive dataset and deep learning framework for detecting cyber-attacks on vehicular Controller Area Network (CAN) bus systems, critical for autonomous vehicle safety.

Dataset Composition

• Real vehicle CAN traffic: Captured from actual vehicles during normal driving operations, including acceleration, braking, turning, and various driving modes (urban, highway, parking).
• Simulated attack scenarios: Synthetically injected attack messages designed to mimic realistic adversarial actions without risking actual vehicle safety.
• Attack types included: Denial of Service (DoS) flooding high-priority CAN IDs, fuzzy attacks with random message injection, spoofing/impersonation of legitimate ECU messages, and replay attacks.
• Labeled dataset with binary (attack/benign) and multi-class (attack type) annotations for supervised learning.

CAN Bus Message Features

• CAN ID: 11-bit or 29-bit identifier indicating message priority and source ECU.
• Data Length Code (DLC): Number of data bytes (0-8) in the message payload.
• Data bytes (DATA[0]-DATA[7]): Raw payload containing sensor readings, control commands, or diagnostic information.
• Timestamp: High-resolution time of message transmission for temporal pattern analysis.
• Derived features: Message frequency, inter-arrival time, payload entropy, ID transition patterns, and statistical aggregates over sliding windows.

Deep Learning Framework

• Architecture: Convolutional Neural Networks (CNN), Recurrent Neural Networks (LSTM, GRU), or hybrid CNN-LSTM models for capturing spatial and temporal patterns in CAN traffic.
• Training strategy: Supervised learning on labeled attack/benign data with class balancing techniques to handle imbalanced datasets.
• Evaluation metrics: Accuracy, precision, recall, F1-score, false positive rate (critical for automotive safety), and detection latency.
• Real-time capability: Models optimized for deployment on in-vehicle embedded systems with limited computational resources.

Reported Results

• High detection accuracy (typically > 95%) across multiple attack types with low false positive rates suitable for safety-critical applications.
• Demonstrated generalization to unseen attack variants and different vehicle models.
• Feasibility of real-time inference on automotive-grade hardware (e.g., embedded GPUs, FPGA accelerators).

Use Cases

• Autonomous vehicle security: Protecting self-driving cars from cyber-attacks that could manipulate sensors, steering, braking, or acceleration.
• Connected vehicle networks: Securing Vehicle-to-Everything (V2X) communication from malicious message injection.
• Intrusion detection systems (IDS): Deploying in-vehicle IDS that monitor CAN traffic in real time and alert or isolate compromised ECUs.
• Security testing: Validating the robustness of automotive cybersecurity defenses during vehicle development and certification.
• Regulatory compliance: Supporting compliance with emerging automotive cybersecurity standards (e.g., ISO/SAE 21434, UNECE WP.29).