2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC)

Vehicle Network Intrusion Detection Based on

K-nearest Neighbor Variational Autoencoder Using
2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) | 979-8-3503-9136-7/24/$31.00 ©2024 IEEE | DOI: 10.1109/DSC63484.2024.00024

Contrastive Learning
Chenyun Duan1 , Lei Du1,2 , Liyi Zeng2,* , Zhaoquan Gu1,2,*
1
School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, China
2
Department of New Networks, Pengcheng Laboratory, Shenzhen, China
[email protected], {dul,zengly}@pcl.ac.cn, [email protected]

Abstract—With the continuous development of automotive

technology, especially the development of autonomous driving
technology, Controller Area Network (CAN) bus has become an
important standard for in vehicle communication systems due
to its communication efficiency and simplicity of flow format.
However, due to the lack of basic security measures such as
information encryption and message authentication in CAN, it
can pose a serious threat to the network security of automobiles.
In addition, in recent years, attacks against vehicle networks have
been increasing, and existing vehicle network attack detection
technologies have low accuracy and cannot detect unknown
network attacks well. In this paper, we propose a novel vehicle
network instruction detection model named VAEsK, which is
optimized with a better loss function, and determine the class
using k-nearest neighbors. Afterward, an improved conditional
Variational Autoencoder combined with a method of calculating
reconstruction errors is used to identify unknown network Fig. 1: CAN bus control communication in vehicle network
attacks. We use the real world vehicle dataset to verify our
method. The test set covers common attacks in vehicle networks,
such as DoS, Fuzzy, gear, and RPM. The experimental results
show that our improved methods have achieved an accuracy development of autonomous vehicles has become an important
of over 99% in identifying known attacks, achieving as good trend. In order to meet the needs of autonomous vehicles,
as experimental results. Especially in the detection of unknown
attacks, over 90% recognition accuracy has also been achieved many sensors and electrical control units (ECUs) are installed
on most attacks, which is a certain improvement compared to on the vehicle. For example, the accelerator, brake, steering,
traditional deep learning algorithms. and other operations realized by the drive line technology
Index Terms—Network Attacks, Controller Area Network, in the control system rely on the above sensors and ECUs
Variational Autoencoder, Contrastive Loss, Reconstruction Error for signal transmission. These sensors and ECUs provide
useful information for the vehicle’s real environment. These
I. I NTRODUCTION connected ECUs communicate with each other through the
CAN bus system [2]. Since 1986, CAN bus systems have
With the rapid development of mobile networks and in-
been widely used due to their fast transmission and high
dustrial intelligence, the automotive industry is rapidly transi-
efficiency. The principle of its operation is shown in Fig. 1.
tioning towards intelligence and networking, which not only
The signal emitted by the external controller is transmitted to
greatly facilitates people’s transportation but also brings more
the electrical control unit (ECU) installed on the car through an
and more safety hazards. With the continuous upgrading of
interface (gateway) and then transmitted to the corresponding
automotive intelligence, attacks against the automotive indus-
functional equipment through the bus. The vehicle network
try are gradually increasing. Attackers can easily take various
can be accessed and connected through various methods such
means to attack vehicles, such as stealing important user
as Bluetooth and WiFi. Various ECUs can communicate to
information through remote attacks and controlling vehicles
control different parts of the car and coordinate their operation,
remotely, which may pose serious threats. In the past few
such as controlling the brake, throttle, and door opening and
decades, the development of automotive equipment has ex-
closing of the vehicle, enabling the car to work normally.
perienced rapid growth [1]. In this process, the research and
However, to meet its high efficiency, CAN bus systems
∗ Corresponding authors: Liyi Zeng and Zhaoquan Gu. often lack communication protection measures such as identity

979-8-3503-9136-7/24/$31.00 ©2024 IEEE 122

DOI 10.1109/DSC63484.2024.00024
Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.

Fig. 2: Flow data format for CAN 2.0B
verification and information encryption, which makes the
system vulnerable to attacks from various networks. Among
these threats, attacks targeting the CAN bus system are one
of the most common and frequent. For example, an attacker
launching an attack on a car traveling straight at high speed
to make it turn, or an attack on a car braking on a road with
high traffic volume, can lead to serious traffic accidents. For
vehicles that require efficient information processing, informa-
tion is not suitable for encryption or verification processing.
Therefore, introducing intrusion detection systems to monitor
and process traffic on the vehicle network in a timely manner
is of great significance and value.
For the current intrusion detection systems of CAN bus sys-
tems, their detection can be mainly divided into two categories:
one is to detect known network attacks with supervision,
and the other is to detect unknown network attacks without
supervision. For the detection of known network attacks, due
to the presence of training data and labels, it is possible to dis-
tinguish and classify these known network attacks effectively.
In contrast, for the detection of unknown network attacks,
due to the lack of labeled data, the model often incorrectly
identifies unknown network attacks as benign traffic, resulting
in high false negatives. On the other hand, we also need to
promptly identify unknown network traffic attacks in order to
continuously update the training data of the model and obtain
more accurate recognition results. The purpose of this study
is to achieve intrusion detection of traffic on the CAN bus in
the vehicle network and solve the above problems.
In response to the above-mentioned problems, we mainly
study the identification and detection of vehicle network traffic
and propose a detection model for vehicle network traffic
called VAEsK, which is used to detect known and unknown
network attacks. We mainly used the Car-Hacking Dataset to
test and evaluate our model. The main contributions of this
article are as follows:
• Due to the relatively simple nature of CAN bus data, we
convert it into bit stream data features, which enables the
extraction of a more complex and suitable feature set for
Variational Autoencoder (VAE) processing.
• We propose a new detection model for vehicular network
traffic, called VAEsK. Drawing inspiration from loss
calculation methods used in the field of image detection,
we employ a contrastive loss method combined with the
k-nearest neighbor algorithm within a Variational Au-
toencoder (VAE) framework to determine traffic labels.
For the identification of unknown network attacks, the
reconstruction error after label embedding is leveraged
123
Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
for detection purposes.
• Using fewer traffic features and a reduced number of
ID bits for CAN bus data recognition provides a certain
level of user privacy protection. Despite this minimalistic
approach, the model achieves an accuracy rate that is not
inferior to most papers, consistently reaching over 99%
for known traffic. In the realm of unknown attack detec-
tion, the F1 score exceeds 93%, outperforming existing
literature in detecting some unknown attacks.
The rest of this paper is organized as follows. Section II
defines the problem scope. Section III introduces VAEsK in
details. Section IV presents the experimental results. Section
V discusses related work. Conclusions of the paper in Section
VI.
II. BACKGROUND A ND PROBLEM S COPE
In this section, we first provide background on the auto-
motive CAN bus message format and attack types, and then
define the scope of our problem of Vehicle Network Intrusion
Detection on CAN bus network.
A. Message Format
The commonly used CAN messages in car networks are
divided into two types: CAN 2.0A and CAN 2.0B. The differ-
ence is the length of the corresponding CAN ID information.
The ID of CAN 2.0A only has 11 bits, while the ID of CAN
2.0B has 29 bits, including 11 bits for the basic flag and 18
bits for the extended flag. The specific message format of
CAN 2.0B is shown in Fig. 2. Among them, SOF represents
the beginning of the data frame, Base ID represents the base
flag bit, SRR represents the replacement remote request, IDE
represents identifier extension, Extended ID represents the
extended flag bit, Control Field represents the control domain,
Data Field represents the data domain, CRC represents cyclic
redundancy check, ACK represents the confirmation bit, and
EOF represents the end of the data frame.
When the vehicle network transmits information, it broad-
casts in a predefined data frame format and exchanges infor-
mation with others through the CAN bus system. There is a
mandatory time interval between message frames, known as
Interframe Space (IFS). Each message frame is separated from
the previous frame by an IFS, which consists of at least three
reserved bits. When the main bit is detected after continuous
access to the bit, the system will consider it as the starting bit
(SOF) of the next message frame. In addition, to ensure system
consistency, each ECU will regularly broadcast messages, even
if the data values have not changed. This results in each
ECU having its message transmission cycle. Our transmission
cycle also has significant research significance and value in
the subsequent detection of this paper.
In addition, each type of information has an ID as an
identifier, which represents the address or name of a node.
When the device receives its corresponding CAN ID traffic,
it can receive the corresponding traffic content for processing.
Therefore, CAN ID is an important feature information for
identifying different traffic contents. CAN ID can also be used

Fig. 3: The specific situation of DoS attacks, obfuscation
attacks, and spoofing attacks injection attacks
to determine the processing priority when multiple pieces of
information are input simultaneously. Information with more
leading zeros in the ID has a higher priority. DoS attacks
against vehicle networks take advantage of this property, which
will be mentioned later in this paper.
B. Attack Types
The CAN bus system may be subject to many types of
injection attacks, such as DoS attacks, obfuscation attacks,
spoofing attacks, etc. This is because the CAN bus system is
based on broadcasting and adopts a message priority scheme
without encryption and authentication mechanisms. In this
case, it is easy to carry out injection attacks by modifying
the CAN ID, and the specific characteristics of each injection
attack are shown below, as shown in Fig. 3:
• DoS attack: In a short period of time, by utilizing the
priority mechanism of messages, injecting information
with very high ID numbers, other legitimate information
cannot be processed promptly. The most common attack
is the injection of an ID number of “0x0000”, in which
legitimate messages with normal ID numbers are delayed
in processing, as shown in Fig. 3(a).
• Fuzzy attack: Fuzzy attack is the injection of many ID
numbers and random data messages in a short period of
time. Compared to DoS attacks, the message ID injected
by fuzzy attacks is random, mainly using malicious
information to cause car malfunctions. For example, in
normal messages, passing in some random malicious
messages may cause errors in the originally coherent and
complete actions of the car, as shown in Fig. 3(b).
• Deception attack (gear/RPM): A deception attack is a
situation where an attacker attempts to impersonate an
operator and issue commands to a car for execution over
a period of time. Compared to the above two types of
attacks, deception attacks have a stronger purpose. For
example, if the ID number corresponding to the throttle
control is 0x0123, the attacker can forge the information
of that ID number and control the vehicle’s throttle, as
shown in Fig. 3(c). Through the above attack methods,
attackers can transmit incorrect information in the CAN
bus system and cause related problems or malfunctions in
124
Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
the car, which may cause serious threats and significant
losses.
C. Problem Formulation
To perform network intrusion detection on the CAN bus
system, our main focus is on processing the characteristics of
attack traffic and using models to identify it. In this paper,
we process common attacks and benign traffic on CAN bus
to obtain traffic characteristics as inputs to the model. After
processing by the model, we obtain traffic characteristics
and use them to determine the type of traffic and obtain
outputs. Specifically, for the input traffic information pi , we
first process it to obtain the original traffic features xi , then
use the model to process the hidden features zi of the traffic,
and use zi to perform traffic detection to obtain the final traffic
label yi .
The recognition process for known and unknown classes is
different. We first use the hidden features zi obtained from
the above model, combined with the features of the classes
obtained from the training set, and use k-nearest neighbors
to obtain the known class labels yi of the traffic. Then, we
use the hidden features zi and the known class yi as inputs to
obtain the decoded original features x′i through the model. We
use the difference between x′i and xi to determine whether the
recognized known class label yi is correct. If it is correct, it
means it is a known class yi , and if it is incorrect, it means it
is an unknown attack.
III. M ETHODOLOGY
In this section, we consider how to obtain features of classes
with a more concentrated distribution after VAE encoding, in
order to achieve the accuracy of detection results. When trying
to identify and classify samples, a good distance function is
often needed to measure the distance difference between the
detected samples and the trained sample classes. However,
due to the sparsity and uneven distribution of samples in
high-dimensional data, the concept of distance begins to
lose effectiveness due to the curse of dimensionality [10].
Therefore, direct detection may lead to poor detection results
and an inability to distinguish sample boundaries well. To
address the above problems, we introduce a novel model,
named VAEsK. We utilize contrastive loss to replace the
original loss calculation method and employ distance for class
discrimination. This model effectively leverages existing class
labels to minimize intra-class distance and maximize inter-
class distance during training, thus achieving the goal of
identifying network traffic categories. The overall architecture
of the model is shown in Fig. 4.
We propose a VAEsK model based on contrastive learning
for intrusion detection of vehicular traffic. The model aims
to use the VAEsK model for detecting known and unknown
vehicular traffic. The model mainly consists of the known
traffic detection stage and the unknown traffic detection stage.
Among them, it is known that the traffic detection classi-
fication utilizes the VAE model under contrastive learning,
and uses the obtained hidden features and training data to
 Fig. 4: The overall architecture of VAEsK
perform k-nearest neighbor on the test data to obtain traffic
labels. The classification of unknown traffic detection utilizes
the labels obtained during the known traffic detection stage
and calculates the reconstruction error using test data and the
obtained labels.
A. VAEsK based on contrastive loss and k-nearest neighbors
To achieve the above goals, we consider improving the loss
function of VAE. As shown in Fig. 5, we hope to improve
the loss function to achieve changes in class distance in the
latent space, and obtain a classification boundary that improves
the detection accuracy rate. This will make the data of the
same class labels as concentrated as possible and the data of
different class labels as dispersed as possible.
The calculation of the original loss function of the VAE
model [3] is as follows :
L(θ, φ, x, x′ ) = min Ex ∥x − x′ ∥
θ,φ
Among them, θ is the parameter of the encoder, and α is
the parameter of the decoder. x ∈ Rq is the data samples
input in the training set and x′ ∈ Rq is the data samples
input in the training set. We use formula (1) to calculate
the loss of the model and continuously update the model. In
order to achieve the above ideas, we use contrastive learning
to calculate the loss, which updates the model to achieve
better classification performance by calculating the losses of
the same and different labels in the same batch of data. By
using this loss calculation method, we can reduce the distance
between samples of the same class and increase the distance
between samples of different classes, thereby achieving better
classification results. Specifically, when training the encoder
f and decoder h of the VAE model, the loss function of this
paper is as follows:
X smaller sample sizes. The reason is straightforward: since we
ds = ∥xi − xj ∥
xi xj
X sample may be misclassified due to an insufficient number
dd = max(0, α − ∥xi − xj ∥)
xi xj
LC = min Ex ∥x − x′ ∥
θ,φ
X due to sample size issues, while also preserving the original
L(θ, φ, x, x′ ) = LC + ωExi xj (ds + dd )
Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
The loss is divided into two parts: one is the reconstruction
loss of the data reconstructed by the VAE model, and the other
is the distance loss of the same and different classes calculated
using the contrastive learning approach in this paper. Formula
(2) represents the sum of all distances that are the same as
the sample label, while formula (3) represents the sum of
all distances that are different from the sample label. In this
paper, a distance threshold a is set. When the distance between
samples with different labels is greater than this threshold, it
can be understood that due to the distance being too far, it
does not affect the calculation of contrastive loss, that is, the
distance is set to 0. Finally, when calculating the loss in this
paper, α weight value ω is given to the contrastive loss after
calculation, and the weight of the contrastive loss is controlled
through this hyperparameter ω.
(1) After minimizing such losses, the obtained loss value not
only takes into account the losses caused by model recon-
struction itself but also takes into account the impact of its
categories and labels on the generation of potential features in
the model. Therefore, by reducing the distance of the potential
features trained by the encoder, we can attempt to make
distance judgments by calculating the Euclidean distance.
However, it should be noted that we cannot determine whether
the class feature space extracted by the model has a clear
class center (the class center of a class may not be distributed
within it), which could potentially cause issues when using
the class center method for judgment. Therefore, considering
the principle of local sample distribution, we opt to use the
k-nearest neighbor method to obtain the corresponding test
labels. It should be noted that the k-nearest neighbor classifica-
tion method we use is more suitable for scenarios with a large
number of training samples and may not be as effective with
(2) classify samples based on the number of other samples around
the test sample, if there are too few training samples, the test
(3)
of surrounding sample points. Therefore, when selecting and
processing datasets, we ensure a sufficient number of samples
(4) in the training set to prevent misclassification of test samples
(5)
class distributions as much as possible.
125

Fig. 5: Extracting Low dimensional Data Distribution from
High dimensional Data Using VAE Model with contrastive
loss
B. Unknown attack detection based on reconstruction error
According to Fig. 4, it can be seen that the accuracy of
our unknown stage identification depends on the accuracy
of the known traffic identification results obtained in stage
A, as we use the identification labels obtained in stage A
to determine whether it is unknown traffic. We have already
obtained the potential features of the data through the VAEsK
model. Therefore, when reconstructing the data space with
the decoder, we only need to add the corresponding labels
for training, obtain a newly labeled reconstructed data, and
calculate the loss between the reconstructed data and the
original data to update the model. We can use the VAEsK
model presented in this paper to obtain the reconstruction
error of the samples. The advantage of using the VAEsK
model is that the hidden features it extracts do not depend
on sample labels but are solely influenced by the distribution
of the samples, making the distribution characteristics of the
obtained hidden features more pronounced.
Moreover, we find that during model training, only one
loss calculation is performed on the samples per round, which
cannot fully calculate the potential spatial features generated
and reconstruct the potential features back into the data
space. In order to reduce the risk of misclassifying known
objects into unknown object categories, we design a loop
module to generate different enhanced features of classification
features, enhancing recognition ability. When calculating the
loss through multiple iterations, assuming that I iterations have
been passed, we can obtain a set of reconstructed data with
′ ′ ′
enhanced features X = {x1 , x2 , . . . , xI } Updating the model
′
by minimizing the loss value between xI and the original input
feature x can effectively enhance the model’s classification and
recognition ability.
IV. E XPERIMENTAL R ESULTS
A. Dataset
The Car Intrusion dataset is generated by the Hacker Attack
and Anti Measurement Research Laboratory (HCRL) at a
Korean university. This dataset utilizes the OBD-II ports of
real vehicles to record CAN traffic, while injecting information
on traffic faults. There are four types of attacks in this dataset:
DoS, Fuzzy, RPM, and Gear. Each traffic record in the dataset
126
Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
includes a flag indicating whether it is an injection message.
Subsequently, we use the injection information flags in each
attack dataset to determine whether the traffic is injected attack
traffic or normal traffic.
B. Experiments Setup
The experimental setup consists of an Ubuntu 22.04.1 LTS
operating system running on an x86-64 architecture, equipped
with an NVIDIA GeForce RTX 3090 graphics card. The
Python version utilized for the experiments is 3.11.8. Due
to the high computational complexity involved in calculating
the contrastive loss and the limited computational resources
available, the training process may be relatively lengthy. Here
we detail the model parameters used in our experiments.
Without significantly affecting the results, adjusting the batch
size to 64 can greatly accelerate the training process. The
learning rate of the model in the known detection stage is
3 × 10−3 , and in the unknown detection stage, it is 1 × 10−4 .
The dimension of the latent space is set to 3.
When dividing the dataset, the training and testing set
account for 80% and 20% respectively. When detecting un-
known attacks on the CAN bus dataset, due to the limited
types of attacks, this paper treats DoS, Fuzzy, and gear as
unknown attacks, so that they do not appear in the training
set but only in the test set, while benign traffic and other
attack traffic are detected as known traffic. Specifically, when
detecting DoS as an unknown attack, due to its obvious ID
characteristics, a relatively small reconstruction error will be
obtained during unknown attack detection. Therefore, we use
the smaller reconstruction error as the basis for determining
whether it is an unknown attack.
C. Evaluation Metrics
Performing accurate detection of in-vehicle network traffic
is crucial, as missed detection of attacks during driving can
have serious consequences. Therefore, it is essential to com-
prehensively evaluate the detection performance using various
metrics. However, due to the potential imbalance between
normal and abnormal data in the test set, this article employs
both manual dataset balancing and appropriate evaluation
methods. We primarily use common detection metrics, includ-
ing accuracy, precision, recall, and the F1 score, to assess
the model’s performance. These indicators can effectively
illustrate the challenges in vehicle network traffic detection.
For instance, in practice, we do not want many attacks to be
misidentified as benign traffic, which could lead to serious
accidents. Consequently, we aim to achieve a high F1 score
during detection to minimize such occurrences. The F1 score
provides a balanced measure of precision and recall, which are
critical for ensuring reliable detection. These indicators can be
calculated using true positives (TP), true negatives (TN), false
positives (FP), and false negatives (FN), with the following
formulas: TABLE I: Known attack detection compared to other model
TP + TN algorithms
Accuracy = (6)
TP + TN + FP + FN Model Accuracy Compare to the best
TP
Precision = (7) Decision Tree 0.6800 -0.3176
TP + FP MLP 0.9933 -0.0043
TP XGBoost 0.9976 0
Recall = (8) RF 0.6390 -0.3586
TP + FN
VAEsK(ours) 0.9898 -0.0078
Precision · Recall
F1 score = 2 · (9)
Precision + Recall
TABLE II: Identification of various traffic on known network
D. Detection Results attacks
1) Results for known attack: To compare the performance
differences between the methods used in our experiment and Precision Recall F1-score Support
other machine learning algorithms, this paper also implements Normal 0.9867 0.9960 0.9914 34136
DoS 0.9997 0.9935 0.9966 7222
various commonly used network traffic recognition models and Fuzzy 0.9797 0.9513 0.9653 8536
compares them with the model proposed in this study. We use RPM 0.9984 0.9963 0.9973 13960
algorithms such as decision tree, multilayer perceptron (MLP),
extreme gradient boosting (XGBoost), and random forest to
compare with our experimental method in terms of known removes one type of attack from the training set each time
attack classification, as shown in Table I. and considers this attack as an unknown attack to be detected
From Table I, it is not difficult to see that in terms of together with the original test traffic in the test set. This
identifying known network attacks, the XGBoost model, MLP approach aims to create a detection dataset that resembles
model, and the method proposed in this paper have almost an open set, where the model identifies both known and
the same recognition accuracy, reaching over 98.9% and far unknown attacks, simulating real-world conditions where new
higher than other recognition algorithms. This indicates that threats may arise. For example, if the unknown attack in this
the model and recognition method proposed in this paper can paper is DoS, then the training set in this paper includes
effectively solve the problem of identifying known network benign traffic, Fuzzy, gear, and RPM, while the test set in
traffic in vehicle networks, and also provide a certain possibil- this paper includes the four types of traffic mentioned above
ity for detecting unknown network attack traffic in the future. and the traffic corresponding to DoS for unknown attacks.
Compared to tree-based decision tree models and random Table III shows the detection performance of DoS, Fuzzy,
forest models, the recognition performance is relatively poor, and gear as unknown network attacks. The paper utilizes
with an accuracy rate of less than 70%. The possible reason the improved reconstruction error detection method to detect
for this is that the preprocessing method of the data results in unknown network attacks. The paper mainly presents three
high dimensions for each traffic feature. For excessively high detection indicators: Precision, Recall, and F1 score. For the
dimensions, it is not suitable to use tree structure algorithms sake of convenience, this paper abbreviates the three indicators
for attack recognition, which may result in overfitting and low as Prec, Rec, and F1.
accuracy. From the figure, it can be seen that whether it is a known
Therefore, in terms of identifying known network attacks, attack or an unknown attack, the results of each indicator are
the method used in this paper has high accuracy, and its other above 87%, and the F1 score corresponding to the gear attack
evaluation indicators in fine-grained classification also have is the highest, above 93.4%. In contrast, the recall rate of
good results. This paper takes normal traffic, DoS, Fuzzy, and Fuzzy and the accuracy rate of DoS are 0.9462 and 0.9692,
RPM as examples of known attacks, as shown in Table II. respectively, but this result is acceptable in this paper because
From the table, it is evident that the model presented in this we did not use any unknown attack labels during training. Of
paper has achieved a high level of recognition in terms of course, through observation in this paper, it can also be found
accuracy, recall, and F1 values. The recognition accuracy for that when identifying unknown network attacks, the model
each attack type has reached an average of over 97.9%, and the balances between known and unknown attacks.
recall and F1 scores have also exceeded 99% for most attack Besides, we compare the performance of unknown at-
types, except for Fuzzy attacks. This demonstrates that the tack detection with two baseline methods, including Self-
model can effectively distinguish and finely classify different supervised[12] and CAAE[11]. The first method uses self-
types of known vehicular traffic. Achieving a high level of supervised learning, which is trained with both normal and
known network attack fine classification detection provides a generated data, and additional RPM data is also used to
solid foundation for the future detection of unknown network improve the results. The second method is to use convolu-
attacks. tional data processing, based on Autoencoder and generating
2) Results for unknown attack: Due to the limited amount adversarial samples, to detect unknown network attacks. As
of traffic information and attack types in vehicle network shown in Table IV, the bold font represents the most effective
traffic data, in order to detect unknown attacks, this paper evaluation metric for each attack. We can see that when the

127

Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
 TABLE III: The detection performance of unknown network attacks
Unknown result Known result
Unknown attack
Prec Rec F1 Prec Rec F1
DoS 0.9517 0.9454 0.9486 0.9577 0.9592 0.9571
Fuzzy 0.9692 0.8883 0.9270 0.9684 0.9772 0.9718
gear 0.9476 0.9631 0.9553 0.9121 0.8860 0.8978

TABLE IV: Unknown attack detection compared to other model algorithms

Unknown attack model Prec Rec F1
DoS Self-supervised[12] 0.9916 0.9751 0.9833
CAAE[11] 0.9823 0.9992 0.9907
ours 0.9517 0.9454 0.9485
Fuzzy Self-supervised[12] 0.8345 0.9445 0.8861
CAAE[11] 0.8426 0.9999 0.9145
ours 0.9692 0.8883 0.9270
gear Self-supervised[12] 0.8803 0.9768 0.9261
CAAE[11] 0.9978 0.9720 0.9850
ours 0.9476 0.9611 0.9553

DoS attack is an unknown attack, the model recognition in this
paper is not as good as the two methods compared; however,
for Fuzzy attacks, the accuracy and F1 score of our model
are the highest, reaching 96.9% and 92.7% respectively, and
have obvious advantages; For gear attacks, although the model
results in this paper are not particularly outstanding, they are
still at a relatively high level. This result is acceptable because
this paper only uses an 11 bit base ID as input for detection,
and many more effective methods use the common 29 bits of
base ID and extended ID as input for detection. When using a
series of timestamp continuous traffic as input for data frames,
this paper uses fewer features.
V. R ELATED W ORK
In this section, we introduce some related research work
from the perspectives of models and algorithms, mainly in-
cluding the Variational Autoencoder and the current status of
intrusion detection in the CAN bus system.
A. Variational Autoencoder
Variational Autoencoder (VAE) is a model based on AE,
which has undergone some improvements. It provides a
formula that relates the obtained results to probability [3].
Autoencoder (AE) and Variational Autoencoder (VAE) both
consist of two parts: encoder and decoder. VAE uses two
neural networks to establish a probability density distribution
model: one is used to perform variational inference on the
original input data, generating the variational probability dis-
tribution of hidden variables, which is the inference network;
another approach is to restore the approximate probability
distribution of the generated raw data based on the generated
latent variable variational probability distribution, which is the
generative network. That is to say, the posterior distribution
of latent variables can be approximated as the calculation
probability, which is the generation network. Furthermore,
since the generator model utilizes a probability distribution, the
Variational Autoencoder (VAE) are easier to find the distribu-
tion of data compared to the Autoencoder (AE), and of course,
the corresponding specific data may also be affected by the dis-
tribution. Common methods of using VAE include extending
Variational Autoencoder (VAE) to cooperative filtering with
implicit feedback[13], using Variational Autoencoder (VAE)
for the detection of anomaly attacks[14]. However, when using
commonly used VAE models for traffic recognition, they may
not be able to extract hidden features well, resulting in less
compact hidden features and poorer detection performance.
Therefore, it is necessary to improve the extraction of hidden
features.
B. Intrusion Detection In CAN bus System
Due to the non encryption nature of CAN bus system traffic,
with the continuous development of intelligent vehicles, the
traffic detection technology of the CAN bus system on the
in vehicle network of intelligent vehicles is also constantly
updated and improved. In terms of known attack detection
for CAN bus traffic, an intrusion detection technique based
on deep convolutional neural network (DCNN) has achieved
lower false negative and error rates in traffic detection [4].
M. Müter et al.[9] proposed IDS intrusion detection for
vehicular network traffic in different attack scenarios, and
detected the feedback of IDS on attacks in different attack
scenarios. Afterward, in order to cope with adversarial attacks
on in vehicle networks, Seo et al.[5]proposed a method based
on generative adversarial networks to train ML based IDS,
demonstrating the importance of solving adversarial situations.
Martinelli et al.[6] employed four k-nearest neighbor (KNN)
classifiers to distinguish between four types of attacks aimed
at the CAN bus. These algorithms encompass two variations
of fuzzy rough KNNs, named the discord classifier and a fuzzy
unordered rule induction algorithm. From the above research,
it can be seen that the detection of known vehicle traffic
has achieved high accuracy. However, with the development
of in vehicle networks, attacks against them are constantly
changing, and how to detect unknown in vehicle network
attacks is also an important part. Hoang et al. [7]proposed

128

Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.
a convolutional adversarial autoencoder based model for in-
trusion detection of known and unknown attacks, achieving
detection of unknown attacks with a high F1 score and low
error rate. Li et al. [8]proposed a multi-level hybrid IDS to
detect known and unknown attacks on vehicular networks, and
achieved high detection accuracy. There are still a series of
problems such as low accuracy and high false positive rate in
the detection of unknown vehicle network attacks, which need
further research and solutions.
VI. C ONCLUSION
In this paper, we study the field of unknown attack detection
in the field of vehicular networks and provide a detailed
explanation of the characteristics of vehicular network traffic
formats, as well as related attack methods and formats. We
improve the loss calculation method of VAE in order to
detect the vehicular networks’ attacks. The proposed VAEsK
model achieves outstanding results on vehicular network traffic
datasets and attains high detection accuracy, verifying the
effectiveness of this model and providing new insights and
solutions for the improvement and development of unknown
network attack detection technology in the future, particularly
in the automotive industry. However, the current detection
methods still face some challenges. For instance, they may
incorrectly identify some benign traffic as unknown traffic or
some unknown traffic as known, which can impact the prac-
tical application of the detection method. Therefore, further
exploration and refinement of the detection method are needed
to enhance its accuracy and reliability. This will be a focus
of future work, where we aim to develop more robust tech-
niques for distinguishing between known and unknown traffic,
thereby improving the overall performance and applicability of
the detection method in real-world scenarios.
2017 IEEE International Conference on Fuzzy Systems
(FUZZIEEE’17), 2017, CA, 1–7.
[7] Hoang, Thien-Nu, Kim, Daehee., ”Detecting in-vehicle
intrusion via semi-supervised learning-based convolu-
tional adversarial autoencoders”,Vehicular Communica-
tions, 2022, pp. 100520.
[8] Yang, Li and Moubayed, Abdallah, Shami, Abdallah,
”MTH-IDS: A Multitiered Hybrid Intrusion Detection
System for Internet of Vehicles”, IEEE Internet of Things
Journal, 2022, pp. 616-632
[9] M. Müter and N. Asaj, ”Entropy-based anomaly de-
tection for in-vehicle networks”,2011 IEEE Intelligent
Vehicles Symposium (IV), 2011, pp. 1110-1115.
[10] Zimek A, Schubert E, Kriegel H P. ”A survey on unsu-
pervised outlier detection in high-dimensional numerical
data”, Statistical Analysis and Data Mining, 2012.
[11] HOANG T N, KIM D. ”Detecting in-vehicle intrusion
via semi-supervised learning-based convolutional adver-
sarial autoencoders”, Vehicular Communications, 2022,
pp. 100520.
[12] H.M. Song, H.K. Kim. ”Self-supervised anomaly detec-
tion for in-vehicle network using noised pseudo nor-
mal data”, IEEE Trans. Veh. Technol., 2021, vol.70,
no.2,pp.1098–1108.
[13] Liang, D., Krishnan, R. G., Hoffman, M. D., Jebara, T.
”Variational Autoencoders for Collaborative Filtering.”
Proceedings of the 2018 World Wide Web Conference.
International World Wide Web Conferences Steering
Committee, 2018, pp. 689–698.
[14] Zavrak, S., İskefiyeli, M. ”Anomaly-Based Intrusion De-
tection From Network Flow Features Using Variational
Autoencoder.” IEEE Access, 2020,vol. 8, pp. 108346-
108358.

ACKNOWLEDGEMENT

This work is supported by the Shenzhen Science and

Technology Program (No. KJZD20231023094701003).

R EFERENCES
[1] G. Leen, D. Heffernan, ”Expanding automotive electronic
systems”, Computer35, 2002, pp. 88–93.
[2] BOSCH. ”CAN Specification Version 2.0”. 1991.
[3] Kingma D P, Welling M. ”Auto-encoding variational
bayes”, arXiv preprint arXiv:1312.6114, 2013.
[4] Hyun Min Song, Jiyoung Woo, Huy Kang Kim, ”In-
vehicle network intrusion detection using deep convolu-
tional neural network”,Vehicular Communications, 2020,
vol.21, ISSN 2214-2096.
[5] Seo, Eunseong and Kim, Jeongeun and Lee, Wook and
Seok, Junhee, ”Adversarial Attack of ML-based Intrusion
Detection System on In-vehicle System using GAN”,
International Conference on Ubiquitous and Future Net-
works (ICUFN), 2023, pp. 700-703.
[6] Fabio Martinelli, Francesco Mercaldo, Vittoria Nar-
done, Antonella Santone, ”Car hacking identification
through fuzzy logic algorithms”, Proceedings of the

129

Authorized licensed use limited to: R V College of Engineering. Downloaded on April 26,2025 at 21:20:47 UTC from IEEE Xplore. Restrictions apply.