In-Vehicle CAN Bus Tampering Attacks Detection for Connected and Autonomous Vehicles Using an Improved Isolation Forest Method

The development and applications of mobile communication technologies in intelligent autonomous transportation systems have led to an extraordinary rise in the mount of connected and autonomous vehicles (CAVs). Ensuring the security of in-vehicle communication data is the basis for the safety of cooperative transportation systems. An in-vehicle controller area network (CAN) bus is an important issue in in-vehicle security, and some hackers have mastered remote vehicle control methods through the CAN bus network. This paper proposes an improved isolation forest method with data mass (MS-iForest) for data tampering attack detection, in which we use data mass instead of the number of divisions and give an anomaly score ranking to quantify the degree of anomalies. This method is promising to be used as part of the intrusion detection system, like a security component in the onboard gateway, which can effectively avoid the data tampering attacks. We compare the proposed method with other anomaly detection schemes based on the data collected from an in-vehicle simulated dataset and two standard datasets. The experiment results show that the proposed method performs better than the other anomaly detection schemes in terms of the area under the receiver operating curve (AUC).