{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T16:38:05Z","timestamp":1782405485073,"version":"3.54.5"},"reference-count":47,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2023,3,28]],"date-time":"2023-03-28T00:00:00Z","timestamp":1679961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Research Foundation of Korea (NRF) grant","award":["NRF-2021R1A2C2011082"],"award-info":[{"award-number":["NRF-2021R1A2C2011082"]}]},{"name":"Korea government (MSIT)","award":["NRF-2021R1A2C2011082"],"award-info":[{"award-number":["NRF-2021R1A2C2011082"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>For in-vehicle network communication, the controller area network (CAN) broadcasts to all connected nodes without address validation. Therefore, it is highly vulnerable to all sorts of attack scenarios. This research proposes a novel intrusion detection system (IDS) for CAN to identify in-vehicle network anomalies. The statistical characteristics of attacks provide valuable information about the inherent intrusion patterns and behaviors. We employed two real-world attack scenarios from publicly available datasets to record a real-time response against intrusions with increased precision for in-vehicle network environments. Our proposed IDS can exploit malicious patterns by calculating thresholds and using the statistical properties of attacks, making attack detection more efficient. The optimized threshold value is calculated using brute-force optimization for various window sizes to minimize the total error. The reference values of normality require a few legitimate data frames for effective intrusion detection. The experimental findings validate that our suggested method can efficiently detect fuzzy, merge, and denial-of-service (DoS) attacks with low false-positive rates. It is also demonstrated that the total error decreases with an increasing attack rate for varying window sizes. The results indicate that our proposed IDS minimizes the misclassification rate and is hence better suited for in-vehicle networks.<\/jats:p>","DOI":"10.3390\/s23073554","type":"journal-article","created":{"date-parts":[[2023,3,29]],"date-time":"2023-03-29T01:33:00Z","timestamp":1680053580000},"page":"3554","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":50,"title":["Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7211-4646","authenticated-orcid":false,"given":"Junaid","family":"Khan","sequence":"first","affiliation":[{"name":"Department of Information and Communication Engineering, Dongguk University, Seoul 04620, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4661-7044","authenticated-orcid":false,"given":"Dae-Woon","family":"Lim","sequence":"additional","affiliation":[{"name":"Department of Information and Communication Engineering, Dongguk University, Seoul 04620, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4114-4935","authenticated-orcid":false,"given":"Young-Sik","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Information and Communication Engineering, Chosun University, Gwangju 61452, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"616","DOI":"10.1109\/JIOT.2021.3084796","article-title":"MTH-IDS: A Multitiered Hybrid Intrusion Detection System for Internet of Vehicles","volume":"9","author":"Yang","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MDAT.2019.2899062","article-title":"Survey of automotive controller area network intrusion detection systems","volume":"36","author":"Young","year":"2019","journal-title":"IEEE Des. Test"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"2124","DOI":"10.1109\/JIOT.2021.3090397","article-title":"Vehicleeids: A novel external intrusion detection system based on vehicle voltage signals","volume":"9","author":"Xun","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"10880","DOI":"10.1109\/TVT.2021.3106940","article-title":"Anomaly Detection for In-Vehicle Network Using CNN-LSTM With Attention Mechanism","volume":"70","author":"Sun","year":"2021","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"166855","DOI":"10.1109\/ACCESS.2021.3136147","article-title":"An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform","volume":"9","author":"Pinheiro","year":"2021","journal-title":"IEEE Access"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"162401","DOI":"10.1109\/ACCESS.2021.3130495","article-title":"Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses","volume":"9","author":"Elkhail","year":"2021","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"7572","DOI":"10.1109\/JIOT.2021.3130054","article-title":"Autonomous Driving Security: State of the Art and Challenges","volume":"9","author":"Gao","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kang, M.J., and Kang, J.W. (2016). Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE, 11.","DOI":"10.1371\/journal.pone.0155781"},{"key":"ref_9","unstructured":"Kim, J., Shin, N., Jo, S.Y., and Kim, S.H. (2017, January 13\u201316). Method of intrusion detection using deep neural network. Proceedings of the 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Jeju, Republic of Korea."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Wang, Y., Chia, D.W.M., and Ha, Y. (2020, January 9\u201312). Vulnerability of deep learning model based anomaly detection in vehicle network. Proceedings of the 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS), Springfield, MA, USA.","DOI":"10.1109\/MWSCAS48704.2020.9184472"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1016\/j.cose.2013.11.003","article-title":"Towards a distributed secure in-vehicle communication architecture for modern vehicles","volume":"40","author":"Patsakis","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2960407","article-title":"Security in automotive networks: Lightweight authentication and authorization","volume":"22","author":"Mundhenk","year":"2017","journal-title":"ACM Trans. Des. Autom. Electron. Syst. (TODAES)"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Radu, A.I., and Garcia, F.D. (2016, January 26\u201330). LeiA: A lightweight authentication protocol for CAN. Proceedings of the European Symposium on Research in Computer Security, Heraklion, Greece.","DOI":"10.1007\/978-3-319-45741-3_15"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Taylor, A., Japkowicz, N., and Leblanc, S. (2015, January 14\u201316). Frequency-based anomaly detection for the automotive CAN bus. Proceedings of the 2015 World Congress on Industrial Control Systems Security (WCICSS), London, UK.","DOI":"10.1109\/WCICSS.2015.7420322"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Moore, M.R., Bridges, R.A., Combs, F.L., Starr, M.S., and Prowell, S.J. (2017, January 4\u20136). Modeling inter-signal arrival times for accurate detection of can bus signal injection attacks: A data-driven approach to in-vehicle intrusion detection. Proceedings of the 12th Annual Conference on Cyber and Information Security Research, Oak Ridge, TN, USA.","DOI":"10.1145\/3064814.3064816"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Stabili, D., and Marchetti, M. (2019, January 22\u201325). Detection of missing can messages through inter-arrival time analysis. Proceedings of the 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall), Honolulu, HI, USA.","DOI":"10.1109\/VTCFall.2019.8891068"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Gmiden, M., Gmiden, M.H., and Trabelsi, H. (2016, January 19\u201321). An intrusion detection method for securing in-vehicle CAN bus. Proceedings of the 2016 17th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA), Sousse, Tunisia.","DOI":"10.1109\/STA.2016.7952095"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"42422","DOI":"10.1109\/ACCESS.2020.2975893","article-title":"Normal and malicious sliding windows similarity analysis method for fast and accurate IDS against DoS attacks on in-vehicle networks","volume":"8","author":"Ohira","year":"2020","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Tomlinson, A., Bryans, J., Shaikh, S.A., and Kalutarage, H.K. (2018, January 25\u201328). Detection of automotive CAN cyber-attacks by identifying packet timing anomalies in time windows. Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Luxembourg.","DOI":"10.1109\/DSN-W.2018.00069"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Baldini, G. (2020). On the application of entropy measures with sliding window for intrusion detection in automotive in-vehicle networks. Entropy, 22.","DOI":"10.3390\/e22091044"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Sagong, S.U., Ying, X., Clark, A., Bushnell, L., and Poovendran, R. (2018, January 11\u201313). Cloaking the clock: Emulating clock skew in controller area networks. Proceedings of the 2018 ACM\/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS), Porto, Portugal.","DOI":"10.1109\/ICCPS.2018.00012"},{"key":"ref_22","unstructured":"Cho, K.T., and Shin, K.G. (2016, January 10\u201312). Fingerprinting electronic control units for vehicle intrusion detection. Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"2300","DOI":"10.1109\/TIFS.2019.2895957","article-title":"Shape of the cloak: Formal analysis of clock skew-based intrusion detection system in controller area networks","volume":"14","author":"Ying","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Martinelli, F., Mercaldo, F., Nardone, V., and Santone, A. (2017, January 9\u201312). Car hacking identification through fuzzy logic algorithms. Proceedings of the 2017 IEEE international conference on fuzzy systems (FUZZ-IEEE), Naples, Italy.","DOI":"10.1109\/FUZZ-IEEE.2017.8015464"},{"key":"ref_25","first-page":"1","article-title":"Multi-attack and multi-classification intrusion detection for vehicle-mounted networks based on mosaic-coded convolutional neural network","volume":"12","author":"Hu","year":"2022","journal-title":"Sci. Rep."},{"key":"ref_26","first-page":"100198","article-title":"In-vehicle network intrusion detection using deep convolutional neural network","volume":"21","author":"Song","year":"2020","journal-title":"Veh. Commun."},{"key":"ref_27","first-page":"52","article-title":"Anomaly intrusion detection method for vehicular networks based on survival analysis","volume":"14","author":"Han","year":"2018","journal-title":"Veh. Commun."},{"key":"ref_28","unstructured":"Corrigan, S. (2002). Introduction to the Controller Area Network (CAN), Application Report SLOA101, August 2002, Texas Instruments."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Yang, L., Moubayed, A., Hamieh, I., and Shami, A. (2019, January 9\u201313). Tree-based intelligent intrusion detection system in internet of vehicles. Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Big Island, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013892"},{"key":"ref_30","unstructured":"Hartwich, F.l. (2012, January 5\u20136). CAN with flexible data-rate. Proceedings of the 13th international CAN Conference (iCC), Hambacher, Germany."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"4413","DOI":"10.1109\/TIE.2017.2762638","article-title":"A quantitative performance study on CAN and CAN FD vehicular networks","volume":"65","author":"Zago","year":"2017","journal-title":"IEEE Trans. Ind. Electron."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"2248","DOI":"10.1109\/TITS.2016.2519464","article-title":"A practical security architecture for in-vehicle CAN-FD","volume":"17","author":"Woo","year":"2016","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Cho, K., and Shin, K.G. (November, January 30). Viden: Attacker Identification on In-Vehicle Networks. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA.","DOI":"10.1145\/3133956.3134001"},{"key":"ref_34","first-page":"1","article-title":"Exploring attack surfaces of voltage-based intrusion detection systems in controller area networks","volume":"2018","author":"Sagong","year":"2018","journal-title":"ESCAR Eur."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Li, D., Tian, M., Jiang, R., and Yang, K. (August, January 30). Exploiting Temperature-Varied Voltage Fingerprints for In-vehicle CAN Intrusion Detection. Proceedings of the ACM Turing Award Celebration Conference-China (ACM TURC 2021), Hefei, China.","DOI":"10.1145\/3472634.3472662"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Song, H.M., Kim, H.R., and Kim, H.K. (2016, January 13\u201315). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. Proceedings of the 2016 International Conference on Information Networking (ICOIN), Kota Kinabalu, Malaysia.","DOI":"10.1109\/ICOIN.2016.7427089"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"M\u00fcter, M., and Asaj, N. (2011, January 5\u20139). Entropy-based anomaly detection for in-vehicle networks. Proceedings of the 2011 IEEE Intelligent Vehicles Symposium (IV), Baden-Baden, Germany.","DOI":"10.1109\/IVS.2011.5940552"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Marchetti, M., Stabili, D., Guido, A., and Colajanni, M. (2016, January 7\u20139). Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. Proceedings of the 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI), Bologna, Italy.","DOI":"10.1109\/RTSI.2016.7740627"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"45233","DOI":"10.1109\/ACCESS.2018.2865169","article-title":"Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks","volume":"6","author":"Wu","year":"2018","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Seo, E., Song, H.M., and Kim, H.K. (2018, January 28\u201330). Gids: Gan based intrusion detection system for in-vehicle network. Proceedings of the 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland.","DOI":"10.1109\/PST.2018.8514157"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"1913","DOI":"10.1109\/TNSM.2020.3038991","article-title":"CANnolo: An anomaly detection system based on LSTM autoencoders for controller area network","volume":"18","author":"Longari","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"5081","DOI":"10.1109\/TITS.2020.3046974","article-title":"CAN-Bus Attack Detection With Deep Learning","volume":"22","author":"Amato","year":"2021","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"79","DOI":"10.4236\/wet.2018.94007","article-title":"Classification approach for intrusion detection in vehicle systems","volume":"9","author":"Alshammari","year":"2018","journal-title":"Wirel. Eng. Technol."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"58621","DOI":"10.1109\/ACCESS.2021.3073057","article-title":"WINDS: A wavelet-based intrusion detection system for Controller Area Network (CAN)","volume":"9","author":"Bozdal","year":"2021","journal-title":"IEEE Access"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"2366","DOI":"10.1109\/TITS.2021.3088998","article-title":"Histogram-Based Intrusion Detection and Filtering Framework for Secure and Safe In-Vehicle Networks","volume":"23","author":"Derhab","year":"2021","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"1484","DOI":"10.1109\/TVT.2019.2961344","article-title":"Saiducant: Specification-based automotive intrusion detection using controller area network (can) timing","volume":"69","author":"Olufowobi","year":"2019","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"185489","DOI":"10.1109\/ACCESS.2020.3029307","article-title":"Lstm-based intrusion detection system for in-vehicle can bus communications","volume":"8","author":"Hossain","year":"2020","journal-title":"IEEE Access"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/7\/3554\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:05:23Z","timestamp":1760123123000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/7\/3554"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,28]]},"references-count":47,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2023,4]]}},"alternative-id":["s23073554"],"URL":"https:\/\/doi.org\/10.3390\/s23073554","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,28]]}}}