{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T02:35:10Z","timestamp":1769049310770,"version":"3.49.0"},"reference-count":42,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2024,4,28]],"date-time":"2024-04-28T00:00:00Z","timestamp":1714262400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Trade, Industry, and Energy (MOTIE)","award":["RS-2022-00155731"],"award-info":[{"award-number":["RS-2022-00155731"]}]},{"name":"Ministry of Trade, Industry, and Energy (MOTIE)","award":["RS-2023-00232192"],"award-info":[{"award-number":["RS-2023-00232192"]}]},{"name":"Ministry of Trade, Industry, and Energy (MOTIE)","award":["20023805"],"award-info":[{"award-number":["20023805"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.<\/jats:p>","DOI":"10.3390\/s24092807","type":"journal-article","created":{"date-parts":[[2024,4,29]],"date-time":"2024-04-29T08:49:24Z","timestamp":1714380564000},"page":"2807","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["A Novel Architecture for an Intrusion Detection System Utilizing Cross-Check Filters for In-Vehicle Networks"],"prefix":"10.3390","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8934-7162","authenticated-orcid":false,"given":"Hyungchul","family":"Im","sequence":"first","affiliation":[{"name":"Department of Intelligent Semiconductors, Soongsil University, Seoul 06978, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1488-3488","authenticated-orcid":false,"given":"Donghyeon","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Intelligent Semiconductors, Soongsil University, Seoul 06978, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3407-6236","authenticated-orcid":false,"given":"Seongsoo","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Intelligent Semiconductors, Soongsil University, Seoul 06978, Republic of Korea"}]}],"member":"1968","published-online":{"date-parts":[[2024,4,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/2.976923","article-title":"Expanding automotive electronic systems","volume":"35","author":"Leen","year":"2002","journal-title":"Computer"},{"key":"ref_2","first-page":"31","article-title":"Cyberattacks and Countermeasures For In-Vehicle Networks","volume":"54","author":"Aliwa","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"ref_3","first-page":"100349","article-title":"A comprehensive survey on vehicular networking for safe and efficient driving in smart transportation: A focus on systems, protocols, and applications","volume":"31","author":"Jeong","year":"2021","journal-title":"Veh. Commun."},{"key":"ref_4","unstructured":"(2024, March 15). Upstream Security\u2019s 2021 Global Automotive Cybersecurity Report. Available online: https:\/\/upstream.auto\/2021report."},{"key":"ref_5","unstructured":"Hoppe, T., and Dittman, J. (2007, January 4). Sniffing\/replay attacks on CAN buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy. Proceedings of the 2nd Workshop Embedded System Security (WESS), Salzburg, Austria."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Yang, L., Moubayed, A., Hamieh, I., and Shami, A. (2019, January 9\u201313). Tree-based intelligent intrusion detection system in internet of vehicles. Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013892"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Martinelli, F., Mercaldo, F., Nardone, V., and Santone, A. (2017, January 9\u201312). Car hacking identification through fuzzy logic algorithms. Proceedings of the 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), Naples, Italy.","DOI":"10.1109\/FUZZ-IEEE.2017.8015464"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"127580","DOI":"10.1109\/ACCESS.2019.2937576","article-title":"An Intelligent Secured Framework for Cyberattack Detection in Electric Vehicles\u2019 CAN Bus Using Machine Learning","volume":"7","author":"Avatefipour","year":"2019","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"99595","DOI":"10.1109\/ACCESS.2021.3095962","article-title":"Comparative performance evaluation of intrusion detection based on machine learning in in-vehicle controller area network bus","volume":"9","author":"Moulahi","year":"2021","journal-title":"IEEE Access"},{"key":"ref_10","first-page":"100198","article-title":"In-vehicle network intrusion detection using deep convolutional neural network","volume":"21","author":"Song","year":"2020","journal-title":"Veh. Commun."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"2547","DOI":"10.1109\/LCOMM.2022.3195486","article-title":"Domain adversarial neural network-based intrusion detection system for in-vehicle network variant attacks","volume":"26","author":"Wei","year":"2022","journal-title":"IEEE Commun. Lett."},{"key":"ref_12","first-page":"100471","article-title":"A hybrid deep learning based intrusion detection system using spatial\u2013temporal representation of in-vehicle network traffic","volume":"35","author":"Lo","year":"2022","journal-title":"Veh. Commun."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"96081","DOI":"10.1109\/ACCESS.2023.3304331","article-title":"A novel hybrid quantum-classical framework for an in-vehicle controller area network intrusion detection","volume":"11","author":"Salek","year":"2023","journal-title":"IEEE Access"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"10660","DOI":"10.1109\/TVT.2017.2714704","article-title":"AVE: Autonomous vehicular edge computing framework with ACO-based scheduling","volume":"66","author":"Feng","year":"2017","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/JPROC.2022.3226481","article-title":"Efficient acceleration of deep learning inference on resource-constrained edge devices: A review","volume":"111","author":"Shuvo","year":"2023","journal-title":"Proc. IEEE"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1186\/s13638-019-1484-3","article-title":"Intrusion detection system for automotive controller area network (CAN) bus system: A review","volume":"2019","author":"Lokman","year":"2019","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"6123","DOI":"10.1109\/TITS.2021.3078740","article-title":"A survey of attacks on controller area networks and corresponding countermeasures","volume":"23","author":"Jo","year":"2022","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_18","first-page":"1843","article-title":"Analysis of recent deep-learning-based intrusion detection methods for in-vehicle network","volume":"24","author":"Wang","year":"2023","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"119771","DOI":"10.1016\/j.eswa.2023.119771","article-title":"A survey of deep learning-based intrusion detection in automotive applications","volume":"221","author":"Lampe","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"e1648","DOI":"10.7717\/peerj-cs.1648","article-title":"In vehicle network intrusion detection systems: A systematic survey of deep learning-based approaches","volume":"9","author":"Luo","year":"2023","journal-title":"PeerJ Comput. Sci."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Song, H.M., Kim, H.R., and Kim, H.K. (2017, January 13\u201315). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. Proceedings of the 2016 International Conference on Information Networking (ICOIN), Kota Kinabalu, Malaysia.","DOI":"10.1109\/ICOIN.2016.7427089"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Young, C., Olufowobi, H., Bloom, G., and Zambreno, J. (2019, January 27). Automotive intrusion detection based on constant can message frequencies across vehicle driving modes. Proceedings of the ACM Workshop on Automotive Cybersecurity, Richardson, TX, USA.","DOI":"10.1145\/3309171.3309179"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Lee, H., Jeong, S.H., and Kim, H.K. (2017, January 28\u201330). OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust (PST), Calgary, AB, Canada.","DOI":"10.1109\/PST.2017.00017"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Kang, M.-J., and Kang, J.-W. (2016). Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE, 11.","DOI":"10.1371\/journal.pone.0155781"},{"key":"ref_25","first-page":"100470","article-title":"Rec-CNN: In-vehicle networks intrusion detection using convolutional neural networks trained on recurrence plots","volume":"35","author":"Desta","year":"2022","journal-title":"Veh. Commun."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"16624","DOI":"10.1109\/TVT.2023.3296705","article-title":"Attack Detection for Intelligent Vehicles via CAN- Bus: A Lightweight Image Network Approach","volume":"72","author":"Gao","year":"2023","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Seo, E., Song, H.M., and Kim, H.K. (2018, January 28\u201330). GIDS: GAN based intrusion detection system for in-vehicle network. Proceedings of the 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland.","DOI":"10.1109\/PST.2018.8514157"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"4467","DOI":"10.1109\/TITS.2021.3055351","article-title":"Threat analysis for automotive CAN networks: A GAN model-based intrusion detection technique","volume":"22","author":"Xie","year":"2021","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"22596","DOI":"10.1109\/TITS.2022.3146024","article-title":"NovelADS: A novel anomaly detection system for intra-vehicular networks","volume":"11","author":"Agrawal","year":"2022","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"166855","DOI":"10.1109\/ACCESS.2021.3136147","article-title":"An efficient intrusion prevention system for CAN: Hindering cyber-attacks with a low-cost platform","volume":"9","author":"Pinheiro","year":"2021","journal-title":"IEEE Access"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"5054","DOI":"10.1109\/TNNLS.2023.3264712","article-title":"Learning to Double-Check Model Prediction From a Causal Perspective","volume":"35","author":"Deng","year":"2024","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_32","first-page":"72","article-title":"Can specification version 2.0","volume":"300240","author":"Bosch","year":"1991","journal-title":"Rober Bousch Gmbh Postfach"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"103091","DOI":"10.1016\/j.cose.2023.103091","article-title":"Flooding attack mitigator for in-vehicle CAN using fault confinement in CAN protocol","volume":"126","author":"Park","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Taylor, A., Leblanc, S., and Japkowicz, N. (2016, January 17\u201319). Anomaly detection in automobile control network data with long short-term memory networks. Proceedings of the 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), Montreal, QC, Canada.","DOI":"10.1109\/DSAA.2016.20"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1083","DOI":"10.1109\/TIFS.2018.2870826","article-title":"Read: Reverse engineering of automotive data frames","volume":"14","author":"Marchetti","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1185","DOI":"10.1109\/TII.2022.3202539","article-title":"TCE-IDS: Time interval conditional entropy- based intrusion detection system for automotive controller area networks","volume":"19","author":"Yu","year":"2023","journal-title":"IEEE Trans. Ind. Informat."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1566","DOI":"10.1109\/TIFS.2023.3240291","article-title":"Federated graph neural network for fast anomaly detection in controller area networks","volume":"18","author":"Zhang","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Olufowobi, H., Hounsinou, S., and Bloom, G. (2019, January 11). Controller area network intrusion prevention system leveraging fault recovery. Proceedings of the ACM Workshop on Cyber-Physical Systems Security Privacy, London, UK.","DOI":"10.1145\/3338499.3357360"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1002\/j.1538-7305.1950.tb00463.x","article-title":"Error detecting and error correcting codes","volume":"29","author":"Hamming","year":"1950","journal-title":"Bell Labs Tech. J."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Stabili, D., Marchetti, M., and Colajanni, M. (2017, January 20\u201322). Detecting attacks to internal vehicle networks through hamming distance. Proceedings of the 2017 AEIT International Annual Conference, Cagliari, Italy.","DOI":"10.23919\/AEIT.2017.8240550"},{"key":"ref_41","unstructured":"Hacking and Countermeasure Research Lab (2024, March 19). Car-Hacking Dataset. Available online: https:\/\/ocslab.hksecurity.net\/Datasets\/car-hacking-dataset."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1109\/JIOT.2021.3098051","article-title":"Machine-learning-assisted security and privacy provisioning for edge computing: A survey","volume":"9","author":"Singh","year":"2022","journal-title":"IEEE Internet Things J."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/9\/2807\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:35:01Z","timestamp":1760106901000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/9\/2807"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,28]]},"references-count":42,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2024,5]]}},"alternative-id":["s24092807"],"URL":"https:\/\/doi.org\/10.3390\/s24092807","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,28]]}}}