CCID-CAN: Cross-Chain Intrusion Detection on CAN Bus for Autonomous Vehicles

Autonomous vehicles (AVs) rely on controller area network (CAN), which ensures the communication between massive electronic control units (ECUs) and passenger safety. Although CAN is a lightweight and reliable broadcast protocol, its vulnerability has caused CAN to confront serious security threats. Adversaries and malicious organizations can impair CAN bus in a variety of ways, such as injecting malicious messages into CAN bus. These malicious messages can directly intervene the functions inside AVs. Therefore, this article proposes a novel cross-chain-based intrusion detection for CAN bus (CCID-CAN) model that uses rule-based Valid Bit index (VBIN) model for initial intrusion detection on CAN bus inside AVs, followed by the Kalman filter and Naïve Bayes model for detecting attacks missed in the VBIN, where a cross-chain mechanism implements the exchange of attack logs among connected AVs that may not trust each other so as to optimize the Naïve Bayes detector. Afterwards, a series of experiments against several types of attacks are conducted on real vehicle supported by XPeng, and the results reveal that the CCID-CAN model outperforms existing models in terms of detection performance, time overhead, and memory footprint. In addition, attack log exchange for cross-chain networks in this proposed model is of high performance in latency, memory footprint, and throughput.