The CAN protocol, widely used in vehicles, lacks authentication and encryption, making it prone to spoofing, injection, and denial-of-service attacks. This work proposes a detection method based on physical layer signal analysis and unsupervised learning. A custom testbed of eight Arduino nodes with MCP2515 transceivers emulates nominal and attack traffic. Differential voltage signals (Δ V=CAN-H-CAN-L). are locally captured, segmented, and used to train a lightweight autoencoder. Implemented in TensorFlow, the model achieves 98% accuracy and 93% recall on unauthorized data, and 85% accuracy and 87% recall on spoofed traffic, with 24 ms inference time. The results obtained show that physical layer signals enable efficient and embedded-friendly CAN intrusion detection. © 2025 IEEE.
Autoencoder-Based Detection of Physical-Layer Anomalies in Automotive CAN Networks
Nicasio Canino;Pierpaolo Dini
;Giovanni Lombardo;Francesco Longo;Daniele Rossi
2025-01-01
Abstract
The CAN protocol, widely used in vehicles, lacks authentication and encryption, making it prone to spoofing, injection, and denial-of-service attacks. This work proposes a detection method based on physical layer signal analysis and unsupervised learning. A custom testbed of eight Arduino nodes with MCP2515 transceivers emulates nominal and attack traffic. Differential voltage signals (Δ V=CAN-H-CAN-L). are locally captured, segmented, and used to train a lightweight autoencoder. Implemented in TensorFlow, the model achieves 98% accuracy and 93% recall on unauthorized data, and 85% accuracy and 87% recall on spoofed traffic, with 24 ms inference time. The results obtained show that physical layer signals enable efficient and embedded-friendly CAN intrusion detection. © 2025 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
