The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel graph-based Gaussian naive Bayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRank-related features. The GGNB on the real rawCAN data set [1] yields 99.61%, 99.83%, 96.79%, and 96.20% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set [2], the proposed methodology has 100%, 99.85%, 99.92%, 100%, 99.92%, 97.75% and 99.57% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about 239× and 135× lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable gate array (FPGA) board, the proposed GGNB requires 5.7×, 5.9×, 5.1×, and 3.6× fewer slices, LUTs, flip-flops, and DSP units, respectively, than conventional NN architecture.

美国国家公路交通安全管理局 (NHTSA) 确定汽车系统的网络安全比其他信息系统的安全更为重要。研究人员已经展示了使用控制器局域网 (CAN) 对关键车辆电子控制单元 (ECU) 进行远程攻击。此外，现有的入侵检测系统 (IDS) 通常建议解决特定类型的攻击，这可能会使系统容易受到许多其他类型的攻击。一个可以在尽可能短的时间内识别大范围攻击的泛化 IDS 比针对特定攻击的 IDS 具有更多的实用价值，这不是一项微不足道的任务。在本文中，我们提出了一种克基于拍摄和- ģ aussian Ñ aive乙ayes (GGNB) 入侵检测算法，利用图属性和与 PageRank 相关的特征。真实的 rawCAN 数据集 [1] 上的 GGNB 对拒绝服务 (DoS)、模糊、欺骗、重放、混合攻击的检测准确度分别为 99.61%、99.83%、96.79% 和 96.20%。此外，使用 OpelAstra 数据集 [2]，考虑到 DoS、诊断、模糊 CAN ID、模糊有效载荷、重放、分别是暂停和混合攻击。与同一应用程序中使用的 SVM 分类器相比，基于 GGNB 的方法分别需要大约 239 倍和 135 倍的训练和测试时间。使用 Xilinx Zybo Z7 现场可编程门阵列 (FPGA) 板，提议的 GGNB 需要 5.7 倍、5.9 倍、5.1 倍和 3.6 倍的切片、LUT、触发器、