GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network

With the rapid development of automotive technology, the security of In-Vehicle Network (IVN) has received more and more attention. The Controller Area Network (CAN), which is widely used for in-vehicle communication, faces significant security risks due to its inherent vulnerabilities. These risks can result in issues such as attacks, data leakage, and abnormal functioning of vehicle systems. Currently, the mainstream security protection approach is the Intrusion Detection System (IDS). Graph-based IDSs have been widely studied due to their ability to extract large amounts of information and achieve high detection accuracy. However, the detection accuracy of existing methods for spoofing and replay attacks remains suboptimal. To address this issue, this paper proposes a graph theory-based decision tree IDS, named GDT-IDS, tailored to the characteristics of spoofing and replay attacks. Specifically, we introduce three novel graph features—time difference, betweenness centrality, and graph density—into the detection system, which significantly enhance the detection accuracy for various types of attacks, particularly replay and spoofing. In addition, the proposed method can effectively perform multi-class classification of mixed attacks with high accuracy. Moreover, it reduces training and testing times compared to other graph theory-based methods. In conclusion, this method not only demonstrates exceptional experimental performance but also provides a novel perspective and a potential solution for traditional IDS design.