<p>The transition toward Software-Defined Vehicles has rendered internal networks, particularly the Controller Area Network, vulnerable to sophisticated cyberattacks. Although recent research has prioritized Deep Learning Intrusion Detection Systems for their statistical accuracy, these black-box models often fail to meet the strict latency and explainability constraints of automotive safety standards. This article proposes a Multi-Standard (CAN/CAN-FD) logic extraction framework validated herein on legacy CAN and CAN Flexible Data-rate, that reconciles high-precision detection with the deterministic requirements of embedded systems. By employing an elastic parsing mechanism and a constrained Classification and Regression Tree algorithm, the methodology distills complex attack signatures into compact, interpretable boolean rules. Unlike computationally intensive neural networks, this white-box approach ensures deterministic, bounded, worst-case execution time by design. Experimental validation using diverse datasets, including legacy and high-bandwidth CAN Flexible Data-rate traffic, demonstrates that the extracted boolean logic achieves a deterministic algorithmic inference latency as low as 0.15 microseconds. When benchmarked in an identical hardware environment, this represents a 14<InlineEquation ID="IEq1"><EquationSource Format="TEX">\(\times\)</EquationSource></InlineEquation> empirical speedup over optimized internal ML baselines (XGBoost), and theoretically eliminates the heavy matrix multiplication overhead typical of state-of-the-art deep learning approaches, while maintaining average detection accuracy above 99.97 percent for the CAN Flexible Data-rate. Furthermore, the generated logic satisfies the interpretability mandates of functional safety standards.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Explainable & Deterministic Intrusion Detection for CAN-FD: A Logic Extraction Framework

  • Rithvika G,
  • Radha R

摘要

The transition toward Software-Defined Vehicles has rendered internal networks, particularly the Controller Area Network, vulnerable to sophisticated cyberattacks. Although recent research has prioritized Deep Learning Intrusion Detection Systems for their statistical accuracy, these black-box models often fail to meet the strict latency and explainability constraints of automotive safety standards. This article proposes a Multi-Standard (CAN/CAN-FD) logic extraction framework validated herein on legacy CAN and CAN Flexible Data-rate, that reconciles high-precision detection with the deterministic requirements of embedded systems. By employing an elastic parsing mechanism and a constrained Classification and Regression Tree algorithm, the methodology distills complex attack signatures into compact, interpretable boolean rules. Unlike computationally intensive neural networks, this white-box approach ensures deterministic, bounded, worst-case execution time by design. Experimental validation using diverse datasets, including legacy and high-bandwidth CAN Flexible Data-rate traffic, demonstrates that the extracted boolean logic achieves a deterministic algorithmic inference latency as low as 0.15 microseconds. When benchmarked in an identical hardware environment, this represents a 14\(\times\) empirical speedup over optimized internal ML baselines (XGBoost), and theoretically eliminates the heavy matrix multiplication overhead typical of state-of-the-art deep learning approaches, while maintaining average detection accuracy above 99.97 percent for the CAN Flexible Data-rate. Furthermore, the generated logic satisfies the interpretability mandates of functional safety standards.