INTERNATIONAL JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES

Abstract

 With the digitalization of vehicles and the growth of the number of electronic control units, ensuring the cybersecurity of automotive networks is becoming one of the priority tasks. Modern vehicles are complex cyberphysical systems in which data exchange between electronic components is carried out via the CAN (Controller Area Network) bus. Despite the widespread adoption and reliability of this protocol, the CAN architecture did not initially provide mechanisms for protection against cyber attacks, which makes transport networks vulnerable to various types of intervention, including attacks such as DoS, Fuzzy, RPM Spoofing and Gear Spoofing.

This paper discusses the task of automatically detecting and classifying cyberattacks in automotive networks based on machine learning methods. The open car hacking dataset was used as the initial data, containing real logs of CAN messages both under normal conditions and when simulating attacks. Preliminary data processing was performed, including cleaning, normalization and balancing of classes, as well as analysis of feature correlation.

To solve the multiclass classification problem, two machine learning algorithms were implemented and compared: XGBoost and logistic regression. The quality of the models was assessed using error matrices and accuracy analysis by class. The results of the experiments showed that the XGBoost model demonstrates higher accuracy and robustness in classifying attacks compared to logistic regression, especially for most attacking classes. Additional analysis of the importance of the features made it possible to identify the most informative parameters of CAN messages, reflecting the nature of the injected attacks. The results confirm the effectiveness of the application of machine learning methods to improve the level of security of transport networks and can be used in the development of intelligent intrusion detection systems in car CAN networks.