Explainable CAN Intrusion Detection via Feature Extraction
摘要
To combat the growing threat of car hacking, numerous detection methods have been proposed. However, many of these approaches face a critical limitation, including the lack of access to CAN Database (DBC) files, which makes it challenging to capture the complex, multidimensional distribution patterns inherent in the data. Furthermore, most machine learning and deep learning models in this context operate as black boxes, offering little transparency into their decision-making processes or the influence of data features. To address these challenges, this paper proposes an Explainable CAN Intrusion Detection via Feature Extraction (ECID-FE) framework. This approach enhances raw Controller Area Network (CAN) data through feature extraction, revealing deeper and multidimensional characteristics. It also integrates an explainability framework to visually illustrate how the extracted features contribute to the model’s predictions.Experiments conducted on the CAN-MIRGU and Car-Hacking datasets demonstrate that the refined dataset achieves performance improvements across most common machine learning and deep learning models tested.