Controller Area Network (CAN) is an in-vehicle communication protocol, which provides an efficient and reliable communication link between Electronic Control Units (ECUs) in real time. Recent studies have shown that attackers can take remote control of the targeted vehicle by exploiting the vulnerabilities of the CAN protocol. Motivated by this fact, we propose an Intrusion Detection System (IDS), called Clock Offset-based IDS (COIDS), to monitor in-vehicle network activities to detect any intrusion. Precisely, COIDS measures and then exploits the clock offset of transmitter ECU’s clock for fingerprinting ECU. COIDS next leverages the derived fingerprints to construct a baseline of ECU’s normal clock behavior using an active learning technique. Based on the baseline of normal behavior, COIDS uses the Cumulative Sum method to detect any abnormal deviation in clock offset. Further, COIDS uses a sequential change-point detection technique to determine the exact time of intrusion. Generally, COIDS has to run on every ECU to monitor the network behavior. This can turn out to be a significant power overhead for a hardware-constrained ECU. Thus, we next develop a cooperative game model to optimize the active time duration of COIDS in an ECU. We performed exhaustive experiments on real world publicly available datasets primarily to assess the effectiveness of COIDS against a wide range of in-vehicle network attacks. Our results show that COIDS detects intrusions faster than the best performed IDS in the state-of-the-art. Further, the results show that our designed cooperative game model significantly reduces the power overhead of the ECU without compromising the performance.

控制器局域网（CAN）是一种车载通信协议，可在电子控制单元（ECU）之间实时提供有效而可靠的通信链接。最近的研究表明，攻击者可以利用CAN协议的漏洞来远程控制目标车辆。基于这一事实，我们提出了一种入侵检测系统（IDS），称为基于时钟偏移的IDS（COIDS），用于监视车载网络活动以检测任何入侵。精确地，COIDS会先测量然后利用发射器ECU时钟的时钟偏移量对ECU进行指纹识别。接下来，COIDS利用主动学习技术，利用派生的指纹来构建ECU正常时钟行为的基线。根据正常行为的基准，COIDS使用“累积和”方法来检测时钟偏移中的任何异常偏差。此外，COIDS使用顺序变化点检测技术来确定入侵的确切时间。通常，COIDS必须在每个ECU上运行以监视网络行为。对于受硬件限制的ECU来说，这可能是相当大的功率开销。因此，我们接下来将开发一种合作博弈模型，以优化ECU中COIDS的激活持续时间。我们对现实世界中的公开数据集进行了详尽的实验，主要是为了评估COIDS抵御各种车载网络攻击的有效性。我们的结果表明，COIDS的检测入侵速度要比最新技术中性能最佳的IDS更快。进一步，