{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T16:13:37Z","timestamp":1781021617494,"version":"3.54.1"},"reference-count":157,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T00:00:00Z","timestamp":1755475200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T00:00:00Z","timestamp":1755475200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100005192","name":"Technical University of Denmark","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100005192","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,10]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Modern automobiles are made up of networks of computers, one of which is the inherently insecure Controller Area Network (CAN). Over the years, automotive security has been enhanced by secure gateways and new protocols such as automotive Ethernet, but the CAN protocol has remained the weak link. Automotive researchers have been exploring intrusion detection systems (IDSs) as a potential solution to the problem of CAN bus <jats:italic>in<\/jats:italic>security. To build and evaluate an IDS, however, researchers need adequate training and testing data. In this paper, we analyze and compare the following automotive intrusion detection datasets: (1) HCRL Car Hacking, (2) HCRL Survival Analysis, (3) , (4) UNIMORE Bus-Off, (5) UNIMORE DAGA, and (6) UNIMORE Ventus. The two HCRL datasets are well-established in the literature, whereas  is a promising new dataset\u2014and the three UNIMORE datasets lie somewhere in between. In our evaluation, we pit sixteen machine learning IDSs against each dataset and analyze the results. In addition, we conduct a feature evaluation of , and we investigate the impact of train-test interdependence in the three UNIMORE datasets. We find that, when pitted against the five comparison datasets,  paints a clearer picture of an IDS\u2019s true capabilities; in fact, \u2019s testing scenarios can reveal when an IDS has overfitted to a particular vehicle type\u2014unlike the UNIMORE datasets. Furthermore, unlike the HCRL datasets,  provides more than enough data to train a complex machine learning model\u2014an order of magnitude more\u2014reducing the risk of underfitting. Moreover,  maintains ample differentiation power; the standard deviation of the models\u2019 F1-scores was 0.2392 (excluding suppress attacks), whereas the standard deviations for the remaining datasets\u2014HCRL Car Hacking, HCRL Survival Analysis, UNIMORE Bus-Off, UNIMORE DAGA, and UNIMORE Ventus\u2014were 0.2254, 0.2333, 0.1824, 0.2121, and 0.2100 (excluding suppress attacks), respectively.<\/jats:p>","DOI":"10.1007\/s10207-025-01038-8","type":"journal-article","created":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T11:07:50Z","timestamp":1755515270000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["can-sleuth: Sleuthing out the capabilities, limitations, and performance impacts of automotive intrusion detection datasets"],"prefix":"10.1007","volume":"24","author":[{"given":"Brooke","family":"Kidmose","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andreas","family":"Kidmose","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Weizhi","family":"Meng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,8,18]]},"reference":[{"key":"1038_CR1","doi-asserted-by":"crossref","unstructured":"Alfardus, A., Rawat, D.B.: Intrusion detection system for CAN bus in-vehicle network based on machine learning algorithms. In: 2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). https:\/\/ieeexplore.ieee.org\/document\/9666745 (2021)","DOI":"10.1109\/UEMCON53757.2021.9666745"},{"key":"1038_CR2","doi-asserted-by":"publisher","unstructured":"Alkhatib, N., Mushtaq, M., Ghauch, H., Danger, J.L.: Unsupervised network intrusion detection system for AVTP in automotive ethernet networks. In: 2022 IEEE Intelligent Vehicles Symposium (IV) https:\/\/doi.org\/10.1109\/IV51971.2022.9827285, https:\/\/ieeexplore.ieee.org\/document\/9827285 (2022)","DOI":"10.1109\/IV51971.2022.9827285"},{"key":"1038_CR3","doi-asserted-by":"publisher","first-page":"981","DOI":"10.3390\/s22030981","volume":"22","author":"Z Bi","year":"2022","unstructured":"Bi, Z., Xu, G., Xu, G., Wang, C., Zhang, S.: Bit-level automotive controller area network message reverse framework based on linear regression. Sensors 22, 981 (2022). https:\/\/doi.org\/10.3390\/s22030981","journal-title":"Sensors"},{"key":"1038_CR4","doi-asserted-by":"publisher","unstructured":"Bilge, L., Dumitra\u015f, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 833 \u2013 844, https:\/\/doi.org\/10.1145\/2382196.2382284, https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382284 (2012)","DOI":"10.1145\/2382196.2382284"},{"issue":"120","key":"1038_CR5","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1016\/j.eswa.2023.120715","volume":"230","author":"MA Bouke","year":"2023","unstructured":"Bouke, M.A., Abdullah, A.: An empirical study of pattern leakage impact during data preprocessing on machine learning-based intrusion detection models reliability. Expert Syst. Appl. 230(120), 715 (2023). https:\/\/doi.org\/10.1016\/j.eswa.2023.120715","journal-title":"Expert Syst. Appl."},{"key":"1038_CR6","doi-asserted-by":"publisher","unstructured":"Boumiza, S., Braham, R.: Intrusion threats and security solutions for autonomous vehicle networks. In: 2017 IEEE\/ACS 14th International Conference on Computer Systems and Applications (AICCSA) https:\/\/doi.org\/10.1109\/AICCSA.2017.42, https:\/\/ieeexplore.ieee.org\/document\/8308273 (2017)","DOI":"10.1109\/AICCSA.2017.42"},{"key":"1038_CR7","doi-asserted-by":"publisher","first-page":"7219335","DOI":"10.3390\/s20082364","volume":"20","author":"M Bozdal","year":"2020","unstructured":"Bozdal, M., Samie, M., Aslam, S., Jennions, I.: Evaluation of can bus security challenges. Sensors 20, 7219335 (2020)","journal-title":"Sensors"},{"key":"1038_CR8","unstructured":"Burakova, Y., Hass, B., Millar, L., Weimerskirch, A.: Truck hacking: an experimental analysis of the SAE j1939 standard. In: Proceedings of the 10th USENIX Conference on Offensive Technologies (WOOT\u201916). https:\/\/www.usenix.org\/system\/files\/conference\/woot16\/woot16-paper-burakova.pdf (2016)"},{"key":"1038_CR9","unstructured":"CAN in Automation (CiA) (2023) CAN FD - the basic idea. CAN in Automation (CiA). https:\/\/www.can-cia.org\/can-knowledge\/can\/can-fd\/"},{"key":"1038_CR10","unstructured":"Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Security Symposium (USENIX Security 11), USENIX Association, https:\/\/www.usenix.org\/conference\/usenix-security-11\/comprehensive-experimental-analyses-automotive-attack-surfaces (2011)"},{"key":"1038_CR11","unstructured":"Control, T.B., Committee, C.N.: CAN FD network security: J1939-91C. SAE Standards. https:\/\/www.sae.org\/standards\/content\/j1939-91c\/ (2022)"},{"key":"1038_CR12","doi-asserted-by":"crossref","unstructured":"Doan, T.P., Ganesan, S.: CAN crypto FPGA chip to secure data transmitted through CAN FD bus using AES-128 and SHA-1 algorithms with a symmetric key. SAE International. https:\/\/saemobilus.sae.org\/content\/2017-01-1612\/ (2017)","DOI":"10.4271\/2017-01-1612"},{"key":"1038_CR13","doi-asserted-by":"publisher","first-page":"6792","DOI":"10.3390\/s22186792","volume":"22","author":"J Du","year":"2022","unstructured":"Du, J., Tang, R., Feng, T.: Security analysis and improvement of vehicle ethernet SOME\/IP protocol. Sensors 22, 6792\u20136810 (2022). https:\/\/doi.org\/10.3390\/s22186792","journal-title":"Sensors"},{"key":"1038_CR14","doi-asserted-by":"publisher","unstructured":"Dupont, G., Lekidis, A., den Hartog, J., Etalle, S.: Automotive controller area network (CAN) bus intrusion dataset v2. 4TUCentre for Research Data https:\/\/doi.org\/10.4121\/uuid:b74b4928-c377-4585-9432-2004dfa20a5d, https:\/\/data.4tu.nl\/articles\/_\/12696950\/2 (2019)","DOI":"10.4121\/uuid:b74b4928-c377-4585-9432-2004dfa20a5d"},{"key":"1038_CR15","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1017\/aju.2022.20","volume":"116","author":"KE Eichensehr","year":"2022","unstructured":"Eichensehr, K.E.: Ukraine, cyberattacks, and the lessons for international law. AJIL Unbound 116, 145\u2013149 (2022). https:\/\/doi.org\/10.1017\/aju.2022.20","journal-title":"AJIL Unbound"},{"key":"1038_CR16","doi-asserted-by":"crossref","unstructured":"Foruhandeh, M., Man, Y., Gerdes, R., Li, M., Chantem, T.: SIMPLE CAN bus voltage dataset. GitHub https:\/\/github.com\/harry1993\/simple-dataset (2019)","DOI":"10.1145\/3359789.3359834"},{"key":"1038_CR17","doi-asserted-by":"publisher","unstructured":"Foruhandeh, M., Man, Y., Gerdes, R., Li, M., Chantem, T.: SIMPLE: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks. In: ACSAC\u201919: Proceedings of the 35th Annual Computer Security Applications Conference pp. 229\u2013244, https:\/\/doi.org\/10.1145\/3359789.3359834 (2019)","DOI":"10.1145\/3359789.3359834"},{"key":"1038_CR18","unstructured":"Foster, I., Koscher, K.: Exploring controller area networks. login 40, 6\u201310, https:\/\/www.usenix.org\/system\/files\/login\/articles\/login_dec15_02_foster.pdf (2015)"},{"key":"1038_CR19","doi-asserted-by":"crossref","unstructured":"Gazdag, A.: CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks. CrySyS Blog. https:\/\/blog.crysys.hu\/2024\/04\/crysys-dataset-of-can-traffic-logs-containing-fabrication-and-masquerade-attacks\/ (2024)","DOI":"10.1038\/s41597-023-02716-9"},{"key":"1038_CR20","doi-asserted-by":"publisher","first-page":"903","DOI":"10.1038\/s41597-023-02716-9","volume":"10","author":"A Gazdag","year":"2023","unstructured":"Gazdag, A., Ferenc, R., Butty\u00e1n, L.: CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks. Sci. Data 10, 903 (2023). https:\/\/doi.org\/10.1038\/s41597-023-02716-9","journal-title":"Sci. Data"},{"key":"1038_CR21","doi-asserted-by":"publisher","DOI":"10.6084\/m9.figshare.c.6726165.v1","author":"A Gazdag","year":"2023","unstructured":"Gazdag, A., Ferenc, R., Butty\u00e1n, L.: CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks. figshare (2023). https:\/\/doi.org\/10.6084\/m9.figshare.c.6726165.v1","journal-title":"figshare"},{"key":"1038_CR22","unstructured":"Gholamy, A., Kreinovich, V., Kosheleva, O.: Why 70\/30 or 80\/20 relation between training and testing sets: A pedagogical explanation. University of Texas at El Paso. https:\/\/scholarworks.utep.edu\/cs_techrep\/1209\/ (2018)"},{"key":"1038_CR23","volume-title":"Deep Learning","author":"I Goodfellow","year":"2016","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)"},{"key":"1038_CR24","unstructured":"Greenberg, A.: GM took 5 years to fix a full-takeover hack in millions of OnStar cars. Wired. https:\/\/www.wired.com\/2015\/09\/gm-took-5-years-fix-full-takeover-hack-millions-onstar-cars\/ (2015)"},{"key":"1038_CR25","unstructured":"Greenberg, A.: Hackers remotely kill a jeep on the highway-with me in it. Wired. https:\/\/www.wired.com\/2015\/07\/hackers-remotely-kill-jeep-highway\/ (2015)"},{"key":"1038_CR26","unstructured":"Greenberg, A.: How an entire nation became Russia\u2019s test lab for cyberwar. Wired. https:\/\/www.wired.com\/story\/russian-hackers-attack-ukraine\/ (2017)"},{"key":"1038_CR27","unstructured":"Greenberg, A.: The untold story of NotPetya, the most devastating cyberattack in history. Wired. https:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/ (2018)"},{"key":"1038_CR28","doi-asserted-by":"publisher","first-page":"101809","DOI":"10.1109\/ACCESS.2021.3097146","volume":"9","author":"D Grimm","year":"2021","unstructured":"Grimm, D., Stang, M., Sax, E.: Context-aware security for vehicles and fleets: A survey. IEEE Access 9, 101809\u2013101846 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3097146","journal-title":"IEEE Access"},{"key":"1038_CR29","unstructured":"Groza, B.: ECUPrint (datasets). Universitatea Politehnica Timisoara: Departamentul de Automatic\u0103 \u015fi Informatic\u0103 Aplicat\u0103. https:\/\/www.aut.upt.ro\/~bgroza\/projects\/ecuprint\/ (2024)"},{"key":"1038_CR30","doi-asserted-by":"publisher","unstructured":"Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: A lightweight broadcast authentication protocol for controller area networks. In: International Conference on Cryptology and Network Security (2012). https:\/\/doi.org\/10.1007\/978-3-642-35404-5_15","DOI":"10.1007\/978-3-642-35404-5_15"},{"key":"1038_CR31","doi-asserted-by":"publisher","unstructured":"Guerra, L., Xu, L., Bellavista, P., Chapuis, T., Duc, G., Mozharovskyi, P., Nguyen, V.T.: AI-driven intrusion detection systems (IDS) on the ROAD dataset: A comparative analysis for automotive controller area network (CAN). CSCS\u201924: Proceedings of the 2024 Cyber Security in CarS Workshop, pp. 39\u201349, https:\/\/doi.org\/10.1145\/3689936.3694696 (2024)","DOI":"10.1145\/3689936.3694696"},{"key":"1038_CR32","unstructured":"Hacking and Countermeasure Research Lab (2019) Intrusion detection for automotive [AUTO-TRANSLATED FROM KOREAN]. K-Cyber Security Challenge. http:\/\/datachallenge.kr\/challenge19\/convergence-security\/vehicle\/introduction\/"},{"key":"1038_CR33","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1016\/j.vehcom.2018.09.004","volume":"14","author":"ML Han","year":"2018","unstructured":"Han, M.L., Kwak, B.I., Kim, H.K.: Anomaly intrusion detection method for vehicular networks based on survival analysis. Veh. Commun. 14, 52\u201363 (2018). https:\/\/doi.org\/10.1016\/j.vehcom.2018.09.004","journal-title":"Veh. Commun."},{"key":"1038_CR34","unstructured":"Han, M.L., Kwak, B.I., Kim, H.K.: Survival analysis dataset for automobile IDS. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/survival-ids (2018)"},{"key":"1038_CR35","unstructured":"Han, M.L., Kwak, B.I., Kim, H.K.: In-vehicle network intrusion detection challenge. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/datachallenge2019\/car (2019)"},{"key":"1038_CR36","doi-asserted-by":"publisher","first-page":"58194","DOI":"10.1109\/ACCESS.2020.2982544","volume":"8","author":"M Hanselmann","year":"2020","unstructured":"Hanselmann, M., Strauss, T., Dormann, K., Ulmer, H.: CANet: An unsupervised intrusion detection system for high dimensional CAN bus data. IEEE Access 8, 58194\u201358205 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2982544","journal-title":"IEEE Access"},{"key":"1038_CR37","doi-asserted-by":"crossref","unstructured":"Harvey, J., Kumar, S.: A survey of intelligent transportation systems security: Challenges and solutions. In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). https:\/\/ieeexplore.ieee.org\/document\/9123012 (2020)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS49724.2020.00055"},{"key":"1038_CR38","volume-title":"The UCI KDD Archive","author":"S Hettich","year":"1999","unstructured":"Hettich, S., Bay, S.D.: The UCI KDD Archive. University of California, Irvine (1999)"},{"issue":"100","key":"1038_CR39","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1016\/j.array.2023.100306","volume":"19","author":"MA Hossain","year":"2023","unstructured":"Hossain, M.A., Islam, M.S.: Ensuring network security with a robust intrusion detection system using ensemble-based machine learning. Array 19(100), 306 (2023). https:\/\/doi.org\/10.1016\/j.array.2023.100306","journal-title":"Array"},{"key":"1038_CR40","unstructured":"Influx Technology: CAN bus: Baud rate and its calculation. Influx Technology. https:\/\/www.influxtechnology.com\/post\/baud-rate (2021)"},{"key":"1038_CR41","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/s12198-020-00208-0","volume":"13","author":"R Islam","year":"2020","unstructured":"Islam, R., Refat, R.U.D.: Improving CAN bus security by assigning dynamic arbitration IDs. J. Transp. Secur. 13, 19\u201331 (2020). https:\/\/doi.org\/10.1007\/s12198-020-00208-0","journal-title":"J. Transp. Secur."},{"key":"1038_CR42","unstructured":"Jeong, S., Lee, S., Lee, H., Kim, H.K.: X-CANIDS dataset (in-vehicle signal dataset). Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/x-canids-dataset-in-vehicle-signal-dataset (2023)"},{"key":"1038_CR43","doi-asserted-by":"publisher","first-page":"3230","DOI":"10.1109\/TVT.2023.3327275","volume":"73","author":"S Jeong","year":"2023","unstructured":"Jeong, S., Lee, S., Lee, H., Kim, H.K.: X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Trans. Veh. Technol. 73, 3230\u20133246 (2023). https:\/\/doi.org\/10.1109\/TVT.2023.3327275","journal-title":"IEEE Trans. Veh. Technol."},{"key":"1038_CR44","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.3267184","author":"C Kaiser","year":"2019","unstructured":"Kaiser, C., Stocker, A., Festl, A.: Automotive CAN bus data: an example dataset from the AEGIS big data project. Zenodo (2019). https:\/\/doi.org\/10.5281\/zenodo.3267184","journal-title":"Zenodo"},{"key":"1038_CR45","doi-asserted-by":"publisher","unstructured":"Kang, H., Kwak, B.I., Lee, Y.H., Lee, H., Lee, H., Kim, H.K.: Car hacking and defense competition on in-vehicle network. Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2021 https:\/\/doi.org\/10.14722\/autosec.2021.23035, https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/autosec2021_23035_paper.pdf (2021)","DOI":"10.14722\/autosec.2021.23035"},{"key":"1038_CR46","unstructured":"Kang, H., Kwak, B.I., Lee, Y.H., Lee, H., Lee, H., Kim, H.K.: Car hacking: Attack & defense challenge 2020. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/carchallenge2020 (2021)"},{"key":"1038_CR47","doi-asserted-by":"publisher","DOI":"10.21227\/qvr7-n418","author":"H Kang","year":"2021","unstructured":"Kang, H., Kwak, B.I., Lee, Y.H., Lee, H., Lee, H., Kim, H.K.: Car hacking: Attack & defense challenge 2020 dataset. IEEE Dataport (2021). https:\/\/doi.org\/10.21227\/qvr7-n418","journal-title":"IEEE Dataport"},{"key":"1038_CR48","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0155781.s001","author":"MJ Kang","year":"2016","unstructured":"Kang, M.J., Kang, J.W.: CAN packets. figshare (2016). https:\/\/doi.org\/10.1371\/journal.pone.0155781.s001","journal-title":"figshare"},{"key":"1038_CR49","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0155781","author":"MJ Kang","year":"2016","unstructured":"Kang, M.J., Kang, J.W.: Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE (2016). https:\/\/doi.org\/10.1371\/journal.pone.0155781","journal-title":"PLoS ONE"},{"key":"1038_CR50","doi-asserted-by":"publisher","first-page":"1072","DOI":"10.3390\/electronics11071072","volume":"11","author":"G Karopoulos","year":"2022","unstructured":"Karopoulos, G., Kambourakis, G., Chatzoglou, E., Hern\u00e1ndez-Ramos, J.L., Kouliaridis, V.: Demystifying in-vehicle intrusion detection systems: a survey of surveys and a meta-taxonomy. Electronics 11, 1072 (2022). https:\/\/doi.org\/10.3390\/electronics11071072","journal-title":"Electronics"},{"key":"1038_CR51","unstructured":"Keen Security Lab of Tencent (2016) Car hacking research: Remote attack tesla motors. Keen Security Lab Blog. https:\/\/keenlab.tencent.com\/en\/2016\/09\/19\/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars\/"},{"issue":"100","key":"1038_CR52","doi-asserted-by":"publisher","first-page":"871","DOI":"10.1016\/j.vehcom.2024.100871","volume":"51","author":"B Kidmose","year":"2024","unstructured":"Kidmose, B.: A review of smart vehicles in smart cities: Dangers, impacts, and the threat landscape. Veh. Commun. 51(100), 871 (2024). https:\/\/doi.org\/10.1016\/j.vehcom.2024.100871","journal-title":"Veh. Commun."},{"key":"1038_CR53","doi-asserted-by":"crossref","unstructured":"Kidmose, B., Meng, W.: can-fp: An attack-aware analysis of false alarms in automotive intrusion detection models. In: 21st Annual International Conference on Privacy, Security, and Trust (PST 2024) (2024)","DOI":"10.1109\/PST62714.2024.10788039"},{"key":"1038_CR54","doi-asserted-by":"publisher","unstructured":"Kidmose, B., Meng, W.: can-sleuth: Investigating and evaluating automotive intrusion detection datasets. In: 2024 European Interdisciplinary Cybersecurity Conference (EICC 2024) https:\/\/doi.org\/10.1145\/3655693.3655696 (2024)","DOI":"10.1145\/3655693.3655696"},{"key":"1038_CR55","unstructured":"Kim, H.K.: B-can intrusion dataset. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/b-can-intrusion-dataset (2022)"},{"key":"1038_CR56","unstructured":"Kim, H.K.: Can-fd intrusion dataset. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/can-fd-intrusion-dataset (2022)"},{"key":"1038_CR57","unstructured":"Kim, H.K.: M-can intrusion dataset. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/m-can-intrusion-dataset (2022)"},{"key":"1038_CR58","doi-asserted-by":"publisher","unstructured":"Koscher, K., Czeskis, A., Roesner, F., Shwetak\u00a0Patel, T.K., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy https:\/\/doi.org\/10.1109\/SP.2010.34, https:\/\/ieeexplore.ieee.org\/document\/5504804 (2010)","DOI":"10.1109\/SP.2010.34"},{"key":"1038_CR59","unstructured":"Lab, C.: Previous dataset. Vehicle Security Research. https:\/\/www.crysys.hu\/research\/vehicle-security\/ (2017)"},{"key":"1038_CR60","unstructured":"Lampe, B.: can-train-and-test. Bitbucket. https:\/\/bitbucket.org\/brooke-lampe\/can-train-and-test\/src\/master\/ (2023)"},{"key":"1038_CR61","doi-asserted-by":"crossref","unstructured":"Lampe, B.: can-train-and-test-v1.5. Bitbucket. https:\/\/bitbucket.org\/brooke-lampe\/can-train-and-test-v1.5\/src\/master\/ (2023)","DOI":"10.1109\/VTC2023-Fall60731.2023.10333756"},{"key":"1038_CR62","doi-asserted-by":"publisher","unstructured":"Lampe B, Meng W (2022) IDS for CAN: A practical intrusion detection system for CAN bus security. In: 2022 IEEE Global Communications Conference (GLOBECOM 2022) https:\/\/doi.org\/10.1109\/GLOBECOM48099.2022.10001536, https:\/\/ieeexplore.ieee.org\/document\/10001536","DOI":"10.1109\/GLOBECOM48099.2022.10001536"},{"key":"1038_CR63","doi-asserted-by":"publisher","unstructured":"Lampe, B., Meng, W.: can-logic: Automotive intrusion detection via temporal logic. In: 13th International Conference on the Internet of Things (IoT 2023), pp. 113\u2013120, https:\/\/doi.org\/10.1145\/3627050.3627059, https:\/\/dl.acm.org\/doi\/10.1145\/3627050.3627059 (2023)","DOI":"10.1145\/3627050.3627059"},{"key":"1038_CR64","doi-asserted-by":"publisher","unstructured":"Lampe, B., Meng, W.: can-train-and-test: A new CAN intrusion detection dataset. In: 2023 IEEE 98th Vehicular Technology Conference (VTC 2023-Fall), https:\/\/doi.org\/10.1109\/VTC2023-Fall60731.2023.10333756, https:\/\/ieeexplore.ieee.org\/document\/10333756 (2023)","DOI":"10.1109\/VTC2023-Fall60731.2023.10333756"},{"key":"1038_CR65","doi-asserted-by":"publisher","first-page":"2356","DOI":"10.1109\/COMST.2023.3309864","volume":"25","author":"B Lampe","year":"2023","unstructured":"Lampe, B., Meng, W.: Intrusion detection in the automotive domain: a comprehensive review. IEEE Commun. Surv. Tutor. 25, 2356\u20132426 (2023). https:\/\/doi.org\/10.1109\/COMST.2023.3309864","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"119","key":"1038_CR66","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1016\/j.eswa.2023.119771","volume":"221","author":"B Lampe","year":"2023","unstructured":"Lampe, B., Meng, W.: A survey of deep learning-based intrusion detection in automotive applications. Expert Syst. Appl. 221(119), 771 (2023). https:\/\/doi.org\/10.1016\/j.eswa.2023.119771","journal-title":"Expert Syst. Appl."},{"issue":"103","key":"1038_CR67","doi-asserted-by":"publisher","first-page":"777","DOI":"10.1016\/j.cose.2024.103777","volume":"140","author":"B Lampe","year":"2024","unstructured":"Lampe, B., Meng, W.: can-train-and-test: a curated CAN dataset for automotive intrusion detection. Comput. Secur. 140(103), 777 (2024). https:\/\/doi.org\/10.1016\/j.cose.2024.103777","journal-title":"Comput. Secur."},{"key":"1038_CR68","doi-asserted-by":"publisher","DOI":"10.11583\/DTU.24805533","author":"BE Lampe","year":"2023","unstructured":"Lampe, B.E.: can-train-and-test. DTU Data (2023). https:\/\/doi.org\/10.11583\/DTU.24805533","journal-title":"DTU Data"},{"key":"1038_CR69","unstructured":"Lee, H., Jeong, S.H., Kim, H.K.: CAN dataset for intrusion detection (OTIDS). Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Dataset\/CAN-intrusion-dataset (2017)"},{"key":"1038_CR70","doi-asserted-by":"publisher","unstructured":"Lee, H., Jeong, S.H., Kim, H.K.: OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In: 2017 15th Annual Conference on Privacy, Security and Trust (PST) https:\/\/doi.org\/10.1109\/PST.2017.00017, https:\/\/ieeexplore.ieee.org\/document\/8476919 (2017)","DOI":"10.1109\/PST.2017.00017"},{"key":"1038_CR71","unstructured":"Lee, S., Jo, H.J., Cho, A., Lee, D.H., Choi, W.: Survey to download the dataset [TTIDS]. Google Forms. https:\/\/forms.gle\/FRL5Ptrzqh7DjJey9 (2022)"},{"key":"1038_CR72","doi-asserted-by":"publisher","first-page":"52139","DOI":"10.1109\/ACCESS.2022.3174356","volume":"10","author":"S Lee","year":"2022","unstructured":"Lee, S., Jo, H.J., Cho, A., Lee, D.H., Choi, W.: TTIDS: Transmission-resuming time-based intrusion detection system for controller area network (CAN). IEEE Access 10, 52139\u201352153 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3174356","journal-title":"IEEE Access"},{"issue":"3","key":"1038_CR73","doi-asserted-by":"publisher","first-page":"3413","DOI":"10.32604\/cmc.2023.039583","volume":"76","author":"S Lee","year":"2023","unstructured":"Lee, S., Choi, W., Kim, I., Lee, G., Lee, D.H.: A comprehensive analysis of datasets for automotive intrusion detection systems. Comput. Mater. Continua 76(3), 3413\u20133442 (2023). https:\/\/doi.org\/10.32604\/cmc.2023.039583","journal-title":"Comput. Mater. Continua"},{"key":"1038_CR74","unstructured":"Lee, S., Jo, H.J., Cho, A., Lee, D.H., Choi, W.: Dataset. GitHub. https:\/\/github.com\/EmbbededSecurity\/AutomotiveSecurity\/tree\/main\/Dataset (2023)"},{"key":"1038_CR75","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-28428-1","volume-title":"Embedded Security in Cars","author":"K Lemke","year":"2006","unstructured":"Lemke, K., Paar, C., Wolf, M.: Embedded Security in Cars. Springer, New York (2006). https:\/\/doi.org\/10.1007\/3-540-28428-1"},{"key":"1038_CR76","doi-asserted-by":"publisher","DOI":"10.1186\/s13638-019-1484-3","author":"SF Lokman","year":"2019","unstructured":"Lokman, S.F., Othman, A.T., Abu-Bakar, M.H.: Intrusion detection system for automotive controller area network (CAN) bus system: a review. EURASIP J. Wirel. Commun. Netw. (2019). https:\/\/doi.org\/10.1186\/s13638-019-1484-3","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"1038_CR77","doi-asserted-by":"crossref","unstructured":"Lu, R., Lin, X., Zhu, H., Ho, P.H., Shen, X.: ECPP: Efficient conditional privacy preservation protocol for secure vehicular communications. In: IEEE INFOCOM 2008 - The 27th Conference on Computer Communications https:\/\/ieeexplore.ieee.org\/document\/4509774 (2008)","DOI":"10.1109\/INFOCOM.2007.179"},{"key":"1038_CR78","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-030-89010-0_4","volume-title":"Overfitting, Model Tuning, and Evaluation of Prediction Performance","author":"OAM L\u00f3pez","year":"2022","unstructured":"L\u00f3pez, O.A.M., L\u00f3pez, A.M., Crossa, J.: Overfitting, Model Tuning, and Evaluation of Prediction Performance, pp. 109\u2013139. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-89010-0_4"},{"key":"1038_CR79","doi-asserted-by":"crossref","unstructured":"Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of id sequences. In: 2017 IEEE Intelligent Vehicles Symposium (IV), pp. 1577\u20131583, https:\/\/ieeexplore.ieee.org\/document\/7995934 (2017)","DOI":"10.1109\/IVS.2017.7995934"},{"key":"1038_CR80","unstructured":"Michael, S.S.: Introduction to CAN (controller area network). All About Circuits URL https:\/\/www.allaboutcircuits.com\/technical-articles\/introduction-to-can-controller-area-network\/ (2019)"},{"key":"1038_CR81","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1109\/MDAT.2018.2863106","volume":"36","author":"C Miller","year":"2019","unstructured":"Miller, C.: Lessons learned from hacking a car. IEEE Des. Test 36, 7\u20139 (2019). https:\/\/doi.org\/10.1109\/MDAT.2018.2863106","journal-title":"IEEE Des. Test"},{"key":"1038_CR82","unstructured":"Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. IOActive https:\/\/ioactive.com\/wp-content\/uploads\/2018\/05\/IOActive_Remote_Car_Hacking-1.pdf (2015)"},{"key":"1038_CR83","unstructured":"Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. BlackHat. https:\/\/archive.org\/details\/youtube-MAcHkASmXEc (2015)"},{"key":"1038_CR84","unstructured":"Miller, C., Valasek, C.: Advanced can injection techniques for vehicle networks. BlackHat. https:\/\/archive.org\/details\/youtube-4wgEmNlu20c (2016)"},{"key":"1038_CR85","unstructured":"Miller, C., Valasek, C.: Can message injection. Illmatics. https:\/\/illmatics.com\/can%20message%20injection.pdf (2016)"},{"key":"1038_CR86","unstructured":"MLatETAS, Wirth, G.: SynCAN. GitHub. https:\/\/github.com\/etas\/SynCAN\/tree\/master (2019)"},{"key":"1038_CR87","doi-asserted-by":"publisher","unstructured":"Mokhadder, M., Zachos, M., Potter, J.: Evaluation of vehicle system performance of an SAE J1939-91C network security implementation. In: WCX SAE World Congress Experience, SAE International, https:\/\/doi.org\/10.4271\/2023-01-0041, https:\/\/saemobilus.sae.org\/content\/2023-01-0041 (2023)","DOI":"10.4271\/2023-01-0041"},{"key":"1038_CR88","doi-asserted-by":"publisher","unstructured":"Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS) https:\/\/doi.org\/10.1109\/MilCIS.2015.7348942, https:\/\/ieeexplore.ieee.org\/document\/7348942 (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"1038_CR89","unstructured":"Moustafa, N., Slay, J.: The UNSW-NB15 dataset. University of New South Wales (UNSW). https:\/\/research.unsw.edu.au\/projects\/unsw-nb15-dataset (2015)"},{"key":"1038_CR90","doi-asserted-by":"publisher","first-page":"21266","DOI":"10.1109\/ACCESS.2019.2894183","volume":"7","author":"Mouzakitis OYAJCMMDDOA","year":"2019","unstructured":"Mouzakitis OYAJCMMDDOA: Intrusion detection systems for intra-vehicle networks: A review. IEEE Access 7, 21266\u201321289 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2894183","journal-title":"IEEE Access"},{"key":"1038_CR91","unstructured":"Nie, S., Liu, L., Du, Y.: Free-fall: Hacking tesla from wireless to can bus. BlackHat. https:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf (2017)"},{"key":"1038_CR92","unstructured":"nkmk: Maximum and minimum float values in python. notenkmkme. https:\/\/note.nkmk.me\/en\/python-sys-float-info-max-min\/ (2023)"},{"key":"1038_CR93","unstructured":"Ocheri, V., Sheng, Z., Ali, F.: A survey of automotive networking applications and protocols. In: Connected Vehicle Systems. CRC Press, https:\/\/www.taylorfrancis.com\/chapters\/edit\/10.4324\/9781315232928-1\/survey-automotive-networking-applications-protocols-victor-ocheri-zhengguo-sheng-falah-ali (2017)"},{"key":"1038_CR94","unstructured":"pandas Contributors: pandas. pandas. https:\/\/pandas.pydata.org\/ (2023)"},{"key":"1038_CR95","unstructured":"Parekh, N., Campau, T.: Average age of vehicles hits new record in 2024. S &P Global Mobility. https:\/\/www.spglobal.com\/mobility\/en\/research-analysis\/average-age-vehicles-united-states-2024.html (2024)"},{"key":"1038_CR96","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, \u00c9.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011)","journal-title":"J. Mach. Learn. Res."},{"key":"1038_CR97","unstructured":"Pollicino, F., Stabili, D., Marchetti, M.: Material used for the submission at ACM transactions on cyber-physical systems - special issue on automotive CPS safety & security. Web Engineering and Benchmarking Laboratory. https:\/\/weblab.ing.unimore.it\/people\/stabili\/resources\/tcps.shtml (2024)"},{"key":"1038_CR98","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/360491","volume":"8","author":"F Pollicino","year":"2024","unstructured":"Pollicino, F., Stabili, D., Marchetti, M.: Performance comparison of timing-based anomaly detectors for controller area network: a reproducible study. ACM Trans. Cyber-Phys. Syst. 8, 1\u201324 (2024). https:\/\/doi.org\/10.1145\/360491","journal-title":"ACM Trans. Cyber-Phys. Syst."},{"key":"1038_CR99","doi-asserted-by":"crossref","unstructured":"Popa, L., Groza, B., Jichici, C., Murvay, P.S.: ECUPrint - physical fingerprinting electronic control units on CAN buses inside cars and SAE j1939 compliant vehicles. GitHub. https:\/\/github.com\/LucianPopaLP\/ECUPrint (2022)","DOI":"10.1109\/TIFS.2022.3158055"},{"key":"1038_CR100","doi-asserted-by":"publisher","first-page":"1185","DOI":"10.1109\/TIFS.2022.3158055","volume":"17","author":"L Popa","year":"2022","unstructured":"Popa, L., Groza, B., Jichici, C., Murvay, P.S.: ECUPrint-physical fingerprinting electronic control units on CAN buses inside cars and SAE j1939 compliant vehicles. IEEE Trans. Inf. Forensics Secur. 17, 1185\u20131200 (2022). https:\/\/doi.org\/10.1109\/TIFS.2022.3158055","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1038_CR101","unstructured":"Poulsen, K.: Hacker disables more than 100 cars remotely. Wired. https:\/\/www.wired.com\/2010\/03\/hacker-bricks-cars\/ (2010)"},{"key":"1038_CR102","doi-asserted-by":"publisher","unstructured":"Quinton, S., Bone, T.T., Hennig, J., Neukirchner, M., Negrean, M., Ernst, R.: Typical worst case response-time analysis and its use in automotive network design. DAC\u201914: Proceedings of the 51st Annual Design Automation Conference https:\/\/doi.org\/10.1145\/2593069.260297, https:\/\/dl.acm.org\/doi\/10.1145\/2593069.2602977 (2014)","DOI":"10.1145\/2593069.260297"},{"key":"1038_CR103","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3570954","volume":"55","author":"S Rajapaksha","year":"2023","unstructured":"Rajapaksha, S., Kalutarage, H., Al-Kadri, M.O., Petrovski, A., Madzudzo, G., Cheah, M.: Ai-based intrusion detection systems for in-vehicle networks: a survey. ACM Comput. Surv. 55, 1\u201340 (2023). https:\/\/doi.org\/10.1145\/3570954","journal-title":"ACM Comput. Surv."},{"key":"1038_CR104","unstructured":"Rajapaksha, S., Kalutarage, H., Madzudzo, G., Petrovski, A., Al-Kadri, M.: CAN-MIRGU. GitHub. https:\/\/github.com\/sampathrajapaksha\/CAN-MIRGU (2024)"},{"key":"1038_CR105","unstructured":"Rajapaksha, S., Kalutarage, H., Madzudzo, G., Petrovski, A., Al-Kadri, M.: Can-mirgu. Google Drive. https:\/\/drive.google.com\/drive\/folders\/1uUKLEu_tFVMy9WkDnf1rqqPwuQLQFwBL?usp=sharing (2024)"},{"key":"1038_CR106","doi-asserted-by":"crossref","unstructured":"Rajapaksha, S., Kalutarage, H., Madzudzo, G., Petrovski, A., Al-Kadri, M.: CAN-MIRGU: a comprehensive CAN bus attack dataset from moving vehicles for intrusion detection system evaluation. Symposium on Vehicle Security and Privacy (VehicleSec) 2024. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/vehiclesec2024-43-paper.pdf (2024)","DOI":"10.14722\/vehiclesec.2024.23043"},{"key":"1038_CR107","doi-asserted-by":"publisher","first-page":"39","DOI":"10.3233\/JCS-2007-15103","volume":"15","author":"M Raya","year":"2007","unstructured":"Raya, M., Hubaux, J.P.: Securing vehicular ad hoc networks. J. Comput. Secur. 15, 39\u201368 (2007)","journal-title":"J. Comput. Secur."},{"key":"1038_CR108","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1007\/978-3-031-06780-8_20","volume-title":"Machine Learning for Automotive Cybersecurity: Challenges, Opportunities and Future Directions","author":"RUD Refat","year":"2022","unstructured":"Refat, R.U.D., Elkhail, A.A., Malik, H.: Machine Learning for Automotive Cybersecurity: Challenges, Opportunities and Future Directions, pp. 547\u2013567. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-06780-8_20"},{"key":"1038_CR109","unstructured":"Robert Bosch GmbH: Comparison of classical CAN, CAN FD, and CAN XL and CAN XL and ethernet 10BASE-T1S. Automotive Electronics (AE\/PAI-IP) URL https:\/\/www.bosch-semiconductors.com\/media\/ip_modules\/pdf_2\/can_xl_1\/20220825_can_xl_vs_10base-t1s_v2.pdf (2022)"},{"key":"1038_CR110","unstructured":"Roque, A.D.S.: CAN-Modes-datasets. GitHub URL https:\/\/github.com\/Asr-roque\/canmodes-datasets (2024)"},{"key":"1038_CR111","doi-asserted-by":"publisher","DOI":"10.21227\/j1ts-bm15","author":"ADS Roque","year":"2025","unstructured":"Roque, A.D.S.: CAN-Modes: In-vehicle datasets generation and analysis in different driving situations. IEEE Dataport (2025). https:\/\/doi.org\/10.21227\/j1ts-bm15","journal-title":"IEEE Dataport"},{"key":"1038_CR112","doi-asserted-by":"publisher","unstructured":"Roque, A.D.S., Alves LMDS, de\u00a0Freitas, E.P.: CAN-Modes: In-vehicle datasets generation and analysis in different driving situations. In: 2024 Workshop on Communication Networks and Power Systems (WCNPS) https:\/\/doi.org\/10.1109\/WCNPS65035.2024.10814379, https:\/\/ieeexplore.ieee.org\/document\/10814379 (2024)","DOI":"10.1109\/WCNPS65035.2024.10814379"},{"key":"1038_CR113","doi-asserted-by":"publisher","DOI":"10.21227\/24m9-a446","author":"M Sami","year":"2019","unstructured":"Sami, M.: Intrusion detection in CAN bus. IEEE Dataport (2019). https:\/\/doi.org\/10.21227\/24m9-a446","journal-title":"IEEE Dataport"},{"key":"1038_CR114","doi-asserted-by":"publisher","unstructured":"Sami, M., Ibarra, M., Esparza, A.C., Al-Jufout, S., Aliasgari, M., Mozumdar, M.: Rapid, multi-vehicle and feed-forward neural network based intrusion detection system for controller area network bus. In: 2020 IEEE Green Energy and Smart Systems Conference (IGESSC) https:\/\/doi.org\/10.1109\/IGESSC50231.2020.9285088, https:\/\/ieeexplore.ieee.org\/document\/9285088 (2020)","DOI":"10.1109\/IGESSC50231.2020.9285088"},{"key":"1038_CR115","unstructured":"Sch\u00fc\u00dfler, J.: Erpressungstrojaner \u201chighwayman\u201d zielt auf autofahrer. Heise Medien (2016)"},{"key":"1038_CR116","unstructured":"scikit-learn developers: Developing scikit-learn estimators (1.5.1). scikit-learn: Machine Learning in Python. https:\/\/scikit-learn.org\/stable\/developers\/develop.html (2024)"},{"key":"1038_CR117","unstructured":"scikit-learn developers: accuracy_score. scikit-learn: Machine Learning in Python. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.metrics.accuracy_score.html (2025)"},{"key":"1038_CR118","unstructured":"scikit-learn developers: f1_score. scikit-learn: Machine Learning in Python. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.metrics.f1_score.html#sklearn.metrics.f1_score (2025)"},{"key":"1038_CR119","unstructured":"scikit-learn developers: precision_score. scikit-learn: Machine Learning in Python. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.metrics.precision_score.html (2025)"},{"key":"1038_CR120","unstructured":"scikit-learn developers: recall_score. scikit-learn: Machine Learning in Python. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.metrics.recall_score.html#sklearn.metrics.recall_score (2025)"},{"key":"1038_CR121","doi-asserted-by":"publisher","unstructured":"Seeam, A., Ogbeh, O.S., Guness, S., Bellekens, X.: Threat modeling and security issues for the internet of things. In: 2019 Conference on Next Generation Computing Applications (NextComp) https:\/\/doi.org\/10.1109\/NEXTCOMP.2019.8883642, https:\/\/ieeexplore.ieee.org\/document\/8883642 (2019)","DOI":"10.1109\/NEXTCOMP.2019.8883642"},{"key":"1038_CR122","unstructured":"Seo, E., Song, H.M., Kim, H.K.: Car-hacking dataset for the intrusion detection. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/car-hacking-dataset (2018)"},{"key":"1038_CR123","doi-asserted-by":"publisher","unstructured":"Seo, E., Song, H.M., Kim, H.K.: GIDS: GAN based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST) https:\/\/doi.org\/10.1109\/PST.2018.8514157, https:\/\/ieeexplore.ieee.org\/document\/8514157 (2018)","DOI":"10.1109\/PST.2018.8514157"},{"key":"1038_CR124","doi-asserted-by":"publisher","unstructured":"Shakarian, P., Shakarian, J., Ruef, A.: Chapter 13 - attacking Iranian nuclear facilities: Stuxnet. In: Introduction to Cyber-Warfare, Syngress, pp. 223\u2013239, https:\/\/doi.org\/10.1016\/B978-0-12-407814-7.00013-0, https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780124078147000130 (2013)","DOI":"10.1016\/B978-0-12-407814-7.00013-0"},{"key":"1038_CR125","doi-asserted-by":"publisher","first-page":"27","DOI":"10.3233\/JCS-230027","volume":"32","author":"S Sharmin","year":"2024","unstructured":"Sharmin, S., Mansor, H., Kadir, A.F.A., Aziz, N.A.: Benchmarking frameworks and comparative studies of controller area network (CAN) intrusion detection systems: a review. J. Comput. Secur. 32, 27 (2024). https:\/\/doi.org\/10.3233\/JCS-230027","journal-title":"J. Comput. Secur."},{"key":"1038_CR126","doi-asserted-by":"publisher","first-page":"1790","DOI":"10.1109\/TC.2017.2700277","volume":"66","author":"S Shreejith","year":"2017","unstructured":"Shreejith, S., Mundhenk, P., Ettner, A., Fahmy, S.A., Steinhorst, S., Lukasiewycz, M., Chakraborty, S.: VEGa: A high performance vehicular ethernet gateway on hybrid FPGA. IEEE Trans. Comput. 66, 1790\u20131803 (2017). https:\/\/doi.org\/10.1109\/TC.2017.2700277","journal-title":"IEEE Trans. Comput."},{"key":"1038_CR127","doi-asserted-by":"publisher","unstructured":"Siddiqui, A.S., Gui, Y., Plusquellic, J., Saqib, F.: Secure communication over CANBus. In: 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS) https:\/\/doi.org\/10.1109\/MWSCAS.2017.8053160, https:\/\/ieeexplore.ieee.org\/document\/8053160 (2017)","DOI":"10.1109\/MWSCAS.2017.8053160"},{"key":"1038_CR128","unstructured":"Song, H.M., Kim, H.K.: CAN signal extraction and translation dataset. Hacking and Countermeasure Research Lab. https:\/\/ocslab.hksecurity.net\/Datasets\/can-signal-extraction-and-translation-dataset (2020)"},{"key":"1038_CR129","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1109\/MDAT.2020.3011036","volume":"38","author":"HM Song","year":"2020","unstructured":"Song, H.M., Kim, H.K.: Discovering CAN specification using on-board diagnostics. IEEE Des. Test 38, 93\u2013103 (2020). https:\/\/doi.org\/10.1109\/MDAT.2020.3011036","journal-title":"IEEE Des. Test"},{"issue":"100","key":"1038_CR130","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.vehcom.2019.100198","volume":"21","author":"HM Song","year":"2019","unstructured":"Song, H.M., Woo, J., Kim, H.K.: In-vehicle network intrusion detection using deep convolutional neural network. Veh. Commun. 21(100), 198 (2019). https:\/\/doi.org\/10.1016\/j.vehcom.2019.100198","journal-title":"Veh. Commun."},{"key":"1038_CR131","doi-asserted-by":"publisher","unstructured":"Stabili, D., Marchetti, M.: Detection of missing CAN messages through inter-arrival time analysis. In: 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall) https:\/\/doi.org\/10.1109\/VTCFall.2019.8891068, https:\/\/ieeexplore.ieee.org\/document\/8891068 (2019)","DOI":"10.1109\/VTCFall.2019.8891068"},{"key":"1038_CR132","unstructured":"Stabili, D., Marchetti, M.: Resources for automotive cyber-security research: Bus-off dataset. Web Engineering and Benchmarking Laboratory. https:\/\/weblab.ing.unimore.it\/people\/stabili\/resources\/ (2019)"},{"key":"1038_CR133","doi-asserted-by":"publisher","first-page":"11540","DOI":"10.1109\/TVT.2022.3190721","volume":"71","author":"D Stabili","year":"2022","unstructured":"Stabili, D., Ferretti, L., Andreolini, M., Marchetti, M.: DAGA: detecting attacks to in-vehicle networks via n-gram analysis. IEEE Trans. Veh. Technol. 71, 11540\u201311554 (2022). https:\/\/doi.org\/10.1109\/TVT.2022.3190721","journal-title":"IEEE Trans. Veh. Technol."},{"key":"1038_CR134","unstructured":"Stabili, D., Ferretti, L., Andreolini, M., Marchetti, M.: Resources for automotive cyber-security research: DAGA dataset. Web Engineering and Benchmarking Laboratory. https:\/\/weblab.ing.unimore.it\/people\/stabili\/resources\/ (2022)"},{"key":"1038_CR135","doi-asserted-by":"publisher","unstructured":"Swessi, D., Idoudi, H.: A comparative review of security threats datasets for vehicular networks. In: 2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT) https:\/\/doi.org\/10.1109\/3ICT53449.2021.9581683, https:\/\/ieeexplore.ieee.org\/document\/9581683 (2021)","DOI":"10.1109\/3ICT53449.2021.9581683"},{"key":"1038_CR136","doi-asserted-by":"publisher","unstructured":"Szydlowski, C.P.: CAN specification 2.0: Protocol and implementations. SAE Technical Paper. https:\/\/doi.org\/10.4271\/921603, https:\/\/www.sae.org\/publications\/technical-papers\/content\/921603\/ (1992)","DOI":"10.4271\/921603"},{"key":"1038_CR137","doi-asserted-by":"publisher","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. https:\/\/doi.org\/10.1109\/CISDA.2009.5356528, https:\/\/ieeexplore.ieee.org\/document\/5356528 (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"1038_CR138","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: ISCX NSL-KDD dataset 2009. University of New Brunswick. https:\/\/www.unb.ca\/cic\/datasets\/nsl.html (2009)"},{"key":"1038_CR139","unstructured":"Tindell, K.: CAN injection: keyless car theft. Canis Automotive Labs. https:\/\/kentindell.github.io\/2023\/04\/03\/can-injection\/ (2023)"},{"key":"1038_CR140","unstructured":"Ueda, H., Kurachi, R., Takada, H., Mizutani, T., Inoue, M., Horihata, S.: Security authentication system for in-vehicle network. Sei Technical Review. https:\/\/global-sei.com\/technology\/tr\/bn81\/pdf\/81-01.pdf (2015)"},{"key":"1038_CR141","unstructured":"United States Department of Transportation: Bureau of Transportation Statistics. Average age of automobiles and trucks in operation in the united states. National Transportation Statistics. https:\/\/www.bts.gov\/content\/average-age-automobiles-and-trucks-operation-united-states (2024)"},{"key":"1038_CR142","doi-asserted-by":"publisher","unstructured":"University of Turku: CAN bus dataset collected from a heavy-duty truck. Fairdata https:\/\/doi.org\/10.23729\/3160254e-85e9-4268-a636-5b3e54091706, https:\/\/etsin.fairdata.fi\/dataset\/7586f24f-c91b-41df-92af-283524de8b3e (2021)","DOI":"10.23729\/3160254e-85e9-4268-a636-5b3e54091706"},{"key":"1038_CR143","doi-asserted-by":"publisher","unstructured":"Vahidi, A., Rosenstatter, T., Mowla, N.I.: Systematic evaluation of automotive intrusion detection datasets. In: Proceedings of the 6th ACM Computer Science in Cars Symposium (CSCS\u201922). https:\/\/doi.org\/10.1145\/3568160.3570226, https:\/\/dl.acm.org\/doi\/10.1145\/3568160.3570226 (2022)","DOI":"10.1145\/3568160.3570226"},{"key":"1038_CR144","doi-asserted-by":"publisher","unstructured":"Verendel, V., Nilsson, D.K., Larson, U.E., Jonsson, E.: An approach to using honeypots in in-vehicle networks. In: 2008 IEEE 68th Vehicular Technology Conference. https:\/\/doi.org\/10.1109\/VETECF.2008.260, https:\/\/ieeexplore.ieee.org\/document\/4657092 (2008)","DOI":"10.1109\/VETECF.2008.260"},{"key":"1038_CR145","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.10462796","author":"ME Verma","year":"2020","unstructured":"Verma, M.E., Bridges, R.A., Iannacone, M.D., Hollifield, S.C., Moriano, P., Hespeler, S.C., Kay, B., Combs, F.L.: Real ORNL automotive dynamometer (ROAD) CAN intrusion dataset. Zenodo (2020). https:\/\/doi.org\/10.5281\/zenodo.10462796","journal-title":"Zenodo"},{"key":"1038_CR146","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0296879","author":"ME Verma","year":"2024","unstructured":"Verma, M.E., Bridges, R.A., Iannacone, M.D., Hollifield, S.C., Moriano, P., Hespeler, S.C., Kay, B., Combs, F.L.: A comprehensive guide to CAN IDS data and introduction of the ROAD dataset. PLoS ONE (2024). https:\/\/doi.org\/10.1371\/journal.pone.0296879","journal-title":"PLoS ONE"},{"key":"1038_CR147","unstructured":"Voss, W.: SAE j1939 bandwidth, busload and message frame frequency. Copperhill Technologies: Blog. https:\/\/copperhilltech.com\/blog\/sae-j1939-bandwidth-busload-and-message-frame-frequency\/ (2019)"},{"key":"1038_CR148","doi-asserted-by":"crossref","unstructured":"Wang, D., Ganesan, S.: Automotive network security. In: 2021 IEEE International Conference on Electro Information Technology (EIT). https:\/\/ieeexplore.ieee.org\/document\/9491889 (2021)","DOI":"10.1109\/EIT51626.2021.9491889"},{"key":"1038_CR149","doi-asserted-by":"publisher","unstructured":"Wang, Q., Sawhney, S.: VeCure: A practical security framework to protect the CAN bus of vehicles. In: 2014 International Conference on the Internet of Things (IOT). https:\/\/doi.org\/10.1109\/IOT.2014.7030108, https:\/\/ieeexplore.ieee.org\/document\/7030108 (2014)","DOI":"10.1109\/IOT.2014.7030108"},{"key":"1038_CR150","unstructured":"Wolf, M., Lambert, R.: Hacking Trucks - Cybersecurity Risks and Effective Cybersecurity Protection for Heavy Duty Vehicles. Gesellschaft f\u00fcr Informatik, Bonn, pp. 45\u201360. Lecture Notes in Informatics (LNI), https:\/\/dl.gi.de\/items\/5dd03474-71ca-4c58-97ed-b2be501b1238 (2017)"},{"key":"1038_CR151","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1109\/TITS.2014.2351612","volume":"16","author":"S Woo","year":"2014","unstructured":"Woo, S., Jo, H.J., Lee, D.H.: A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans. Intell. Transp. Syst. 16, 993\u20131006 (2014). https:\/\/doi.org\/10.1109\/TITS.2014.2351612","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"1038_CR152","doi-asserted-by":"publisher","first-page":"919","DOI":"10.1109\/TITS.2019.2908074","volume":"21","author":"W Wu","year":"2019","unstructured":"Wu, W., Li, R., Xie, G., An, J., Bai, Y., Zhou, J., Li, K.: A survey of intrusion detection for in-vehicle networks. IEEE Trans. Intell. Transp. Syst. 21, 919\u2013933 (2019). https:\/\/doi.org\/10.1109\/TITS.2019.2908074","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"1038_CR153","doi-asserted-by":"crossref","unstructured":"Yang, L., Moubayed, A., Hamieh, I., Shami, A.: Tree-based intelligent intrusion detection system in internet of vehicles. In: 2019 IEEE Global Communications Conference (GLOBECOM). https:\/\/ieeexplore.ieee.org\/document\/9013892 (2019)","DOI":"10.1109\/GLOBECOM38437.2019.9013892"},{"issue":"105","key":"1038_CR154","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1016\/j.dib.2020.105149","volume":"29","author":"M Zago","year":"2020","unstructured":"Zago, M., Longari, S., Tricarico, A., Carminati, M., P\u00e9rez, M.G., P\u00e9rez, G.M., Zanero, S.: ReCAN\u2014dataset for reverse engineering of controller area networks. Data Brief 29(105), 149 (2020). https:\/\/doi.org\/10.1016\/j.dib.2020.105149","journal-title":"Data Brief"},{"key":"1038_CR155","doi-asserted-by":"publisher","DOI":"10.17632\/76knkx3fzv.2","author":"M Zago","year":"2020","unstructured":"Zago, M., Longari, S., Tricarico, A., Carminati, M., P\u00e9rez, M.G., P\u00e9rez, G.M., Zanero, S.: ReCAN data - reverse engineering of controller area networks. Mendeley Data (2020). https:\/\/doi.org\/10.17632\/76knkx3fzv.2","journal-title":"Mendeley Data"},{"key":"1038_CR156","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Liu, T., Zhao, H., Ma, C.: Risk analysis of CAN bus and ethernet communication security for intelligent connected vehicles. In: 2021 IEEE International Conference on Artificial Intelligence and Industrial Design (AIID). https:\/\/ieeexplore.ieee.org\/document\/9491889 (2021)","DOI":"10.1109\/AIID51893.2021.9456534"},{"key":"1038_CR157","doi-asserted-by":"publisher","unstructured":"Zheng, B., Li, W., Deng, P., G\u00e9rard, L., Zhu, Q., Shankar, N.: Design and verification for transportation system security. In: DAC\u201915: Proceedings of the 52nd Annual Design Automation Conference, pp. 1\u20136, https:\/\/doi.org\/10.1145\/2744769.2747920 (2015)","DOI":"10.1145\/2744769.2747920"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01038-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01038-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01038-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T11:38:23Z","timestamp":1760614703000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01038-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,18]]},"references-count":157,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["1038"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01038-8","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,18]]},"assertion":[{"value":"18 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no relevant financial or non-financial interests to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"193"}}