On Enabling Intrusion Detection Systems for Automotive Networks

The rapid evolution of software-driven functionalities in modern vehicles has led to the availability of advanced driving assistance systems. In tandem with the above developments, the increasing number of sensors in vehicles to support such new features has led to a significant rise in the number of in-vehicle electronic control units (ECUs), network interfaces, and communication protocols. This growing complexity enhances vehicle performance, connectivity, and comfort applications. The increased connectivity to the outside world, however, introduces new securitychallenges. As automotive networks become more interconnected, they are exposed to a wider array of cyber threats that endanger the safety of passengers as well as threaten the loss of their personal and private information. This necessitates the inclusion of robust Intrusion Detection Systems (IDS) in vehicular networks to safeguard vehicle communications. Given the importance of the problem, multiple IDSs have been proposed in the research literature in the past 10 years. However, conventional IDS implementations often impose significant computational overhead, requiring additional ECUs and network elements that can contribute to increased system cost, complexity, and power consumption. In this thesis, the feasibility of consolidating intrusion detection capabilities within critical ECUs is explored to establish an efficient, embedded IDS architecture for modern automotive networks. By integrating IDS functionalities into hybrid ECU architectures, the aim is to mitigate the need for additional hardware peripherals utilised as IDSs while maintaining a robust approach to network security. This thesis focuses on the widely used Controller Area Network (CAN) protocol, which serves as the backbone of in-vehicle communication, enabling real-time and reliabledata exchange among ECUs. To enhance network security, approaches are proposed that integrate quantised machine learning-based IDS models as lightweight, isolated security modules within ECU hardware. This minimises disruptions to standard software tasks while ensuring efficient per-message handling for real-time detection. To evaluate the feasibility of this approach, three key aspects have been investigated: (1) whether IDS models can be lightweight enough for embedded deployment, (2) their generalisability across multiple datasets and unseen attack types, and (3)their ability to support per-message detection at line rates. The proposed IDS models are trained to detect a diverse range of cyber threats, including Denial-of-Service (DoS), Fuzzing, and Spoofing attacks, which pose significant risks to automotive networks. The experimental results demonstrate that the proposed IDSs achieve high detection accuracy across multiple attack vectors while maintaining low per-message processing latency and minimal energy consumption. This ensures compliance with the stringent constraints of real-time automotive environments, making embeddeddeployment of IDSs within a vehicle’s network both practical and efficient. By leveraging the consolidation of IDS capabilities within critical ECUs, my research contributes to the advancement of secure and resilient automotive network architectures, paving the way for enhanced cybersecurity in next-generation vehicles.