CANGuard: A Spatio-Temporal CNN-GRU-Attention Hybrid Architecture for Intrusion Detection in In-Vehicle CAN Networks

Imagine your modern car is no longer just a machine with an engine and wheels; it's a rolling smartphone on four wheels. It talks to other cars, traffic lights, and the cloud. This is the Internet of Vehicles (IoV).

But just like your phone, if someone hacks into its internal communication system, they can make the car do terrible things—like suddenly stopping on a highway or accelerating when you don't want it to. The "language" all the car's computers use to talk to each other is called the CAN bus. Unfortunately, this language was designed decades ago without any built-in locks or passwords. It's like a walkie-talkie where anyone can jump on the channel and shout fake instructions.

This paper introduces CANGuard, a new digital bodyguard designed to protect these cars. Here is how it works, explained simply:

1. The Problem: The "Fake Shouters"

In a car, the Engine Control Unit (ECU) tells the brakes to work, and the speedometer tells the dashboard how fast you're going.

DoS Attacks (Denial of Service): Imagine a bully standing in a hallway screaming so loudly that no one else can talk. The car's computers get flooded with noise and can't hear the real instructions.
Spoofing Attacks: Imagine a thief putting on a disguise and pretending to be the driver. They whisper fake orders like "Turn off the brakes" or "Steer left," and the car obeys because it thinks it's the real driver.

2. The Solution: CANGuard (The Super-Security Guard)

The authors built a smart AI system called CANGuard to stand watch over the car's internal conversations. Instead of just looking at one message at a time, it uses a "hybrid" brain made of three special tools working together:

The CNN (The Pattern Spotter): Think of this as a detective with a magnifying glass. It looks at a single message and checks the tiny details (the "spatial" features). It asks, "Does this message look weird compared to a normal one? Is the data inside scrambled?"
The GRU (The Time Traveler): This part is like a novelist who remembers the whole story. It doesn't just look at one message; it looks at the sequence of messages. It asks, "Did the speed jump from 0 to 100 in one millisecond? That's impossible for a real car, so it must be a fake!" It understands the timing and flow of the conversation.
The Attention Mechanism (The Spotlight): Imagine a teacher grading a test who uses a highlighter. The AI doesn't waste energy reading every single word. The "Attention" part highlights the most important words (or data bytes) and ignores the boring stuff. It says, "Hey, look at this specific number in the message; that's where the thief is hiding!"

3. How They Trained It

The researchers didn't just guess; they fed this AI a massive library of car traffic data called CICIoV2024. This library contained millions of examples of:

Normal driving (Benign).
Bullying attacks (DoS).
Thief attacks (Spoofing) trying to change the speed, RPM, or steering.

They taught the AI to spot the difference between a real car conversation and a fake one. They even used a technique called SMOTE, which is like a photocopier that creates extra practice exams for the rare types of attacks so the AI doesn't get confused by them.

4. The Results: A Near-Perfect Score

When they tested CANGuard, it was incredibly good at its job.

It got 99.89% accuracy.
To put that in perspective: If you watched 10,000 car messages, it would only make a mistake on about one of them.
It beat all the other security systems currently in use.

5. Why It's Trustworthy (The "Why" Factor)

One of the coolest parts of this paper is that the AI doesn't just say "HACK DETECTED." It explains why.
Using a tool called SHAP, the researchers asked the AI, "Which part of the message made you think it was a hack?"

The Answer: The AI pointed to specific "bytes" (chunks of data) in the message, specifically DATA 4 and DATA 5.
The Metaphor: It's like a security guard saying, "I didn't arrest this guy because he looked suspicious; I arrested him because he was holding a fake ID in his left hand, and that's where the thieves always hide their fakes." This makes the system transparent and trustworthy for engineers.

Summary

CANGuard is a high-tech security system for cars that combines:

Eyes to see details (CNN).
Memory to understand the story (GRU).
Focus to ignore distractions (Attention).

It learns to spot hackers trying to take over a car's brain, doing so with near-perfect accuracy and explaining its reasoning. It's a major step toward making our future self-driving cars safe from digital hijackers.

1. Problem Statement

The Internet of Vehicles (IoV) relies heavily on the Controller Area Network (CAN) bus for communication between Electronic Control Units (ECUs). However, the CAN protocol lacks built-in security mechanisms (such as authentication and encryption), making it highly vulnerable to cyberattacks.

Key Threats: The paper focuses on Denial-of-Service (DoS) attacks, which flood the bus to cause communication breakdowns, and Spoofing attacks, which inject malicious data to impersonate ECUs and alter vehicle functions (e.g., speed, steering, braking).
Limitations of Existing Solutions: Current Intrusion Detection Systems (IDS) often struggle with:
- Limited temporal modeling capabilities (failing to capture sequence dependencies).
- Insufficient focus on critical features.
- High false-positive rates.
- Lack of interpretability (the "black box" nature of deep learning).

2. Methodology: CANGuard Architecture

The authors propose CANGuard, a hybrid deep learning model designed to capture both spatial and temporal features of CAN bus traffic. The methodology follows a systematic pipeline:

A. Data Source and Preprocessing

Dataset: The CICIoV2024 dataset was used, containing over 1.4 million samples with 12 features. It includes six classes: BENIGN (normal), DoS, and four specific Spoofing attacks (GAS, RPM, SPEED, STEERING WHEEL).
Preprocessing Steps:
1. Cleaning: Removal of duplicate rows and exclusion of non-features (ID, category, label).
2. Sequence Construction: Sliding windows were applied to create temporal sequences ( $T$ time steps) to model dependencies.
3. Class Imbalance Handling: BorderlineSMOTE was used to synthetically generate samples for minority classes, followed by class weighting during training.
4. Normalization: Z-score standardization was applied to ensure stable gradient convergence.

B. Model Architecture

The model integrates three complementary components:

CNN Module (Spatial Feature Extraction):
- Consists of three sequential Conv1D layers (64, 128, and 256 filters) with ReLU activation.
- Includes Batch Normalization, Max Pooling, and Dropout (0.3) to prevent overfitting.
- Function: Extracts local spatial patterns from the CAN payload data.
GRU Module (Temporal Pattern Recognition):
- Utilizes two stacked Bidirectional GRU layers (128 and 64 units).
- Function: Captures temporal dependencies and context from both preceding and subsequent time steps in the sequence.
Attention Mechanism:
- Computes attention weights ( $\alpha_t$ ) to dynamically prioritize the most informative time steps and features.
- Function: Enhances interpretability and focuses the model on critical parts of the input sequence, generating a context vector for classification.
Classification Head:
- Fully connected dense layers (256 and 128 neurons) with ReLU and Dropout, followed by a Softmax layer for 6-class output.

C. Training Strategy

Optimizer: Adam with a learning rate of 0.001.
Loss Function: Categorical Crossentropy.
Regularization: Dropout, L2 regularization, Batch Normalization, Early Stopping (patience=10), and Gradient Clipping.
Hardware: Trained using GPU acceleration.

3. Key Contributions

Novel Hybrid Architecture: Introduction of CANGuard, a spatio-temporal CNN-GRU-Attention model specifically optimized for IoV CAN bus traffic.
Sequence-Aware Representation: Effective modeling of temporal payload dependencies using sliding windows and Bidirectional GRUs.
Component-wise Ablation: A rigorous study quantifying the individual and combined impact of CNN, GRU, and Attention modules.
Explainability (SHAP): Utilization of SHAP (SHapley Additive exPlanations) to interpret model decisions, specifically identifying which data bytes (DATA 0–7) drive the detection of attacks.
State-of-the-Art Baseline: Establishment of a high-performance benchmark on the CICIoV2024 dataset for multi-class intrusion detection.

4. Results and Evaluation

The model was evaluated on the CICIoV2024 dataset and compared against existing state-of-the-art methods.

Performance Metrics: CANGuard achieved 99.89% across Accuracy, Precision, Recall, and F1-Score.
Comparison:
- Outperformed Deep Neural Networks (Neto et al.) which achieved 96% accuracy.
- Surpassed traditional ML methods (Logistic Regression, AdaBoost) which scored significantly lower (49–51% F1-score).
- Showed superior performance compared to other deep learning models on different datasets (e.g., UNSW-NB15, CICIDS2017).
Ablation Study:
- CNN Only: 99.33% accuracy (Good spatial extraction, poor temporal modeling).
- GRU Only: 99.04% accuracy (Good temporal modeling, lower precision).
- CNN + GRU: 99.86% accuracy (Demonstrated complementary strengths).
- Full Model (CNN + GRU + Attention): 99.89% accuracy. The addition of attention provided a 2.45% improvement over the CNN+GRU baseline, proving its critical role in feature refinement.
Feature Importance (SHAP Analysis):
- The analysis revealed that DATA 4 and DATA 5 bytes of the CAN payload are the most significant features for distinguishing attacks.
- This aligns with the nature of spoofing attacks in the dataset, where specific payload bytes are manipulated to alter vehicle signals (speed, RPM, etc.).

5. Significance and Future Work

Significance: CANGuard provides a scalable, high-accuracy, and explainable solution for securing IoV environments. By combining deep learning with attention mechanisms, it not only detects attacks with near-perfect accuracy but also explains why a detection was made, which is crucial for trust in safety-critical systems.
Limitations: The current study is limited to offline evaluation on a single dataset and lacks real-time deployment testing or adversarial robustness analysis.
Future Directions: The authors plan to extend the work to cross-dataset evaluations, online real-time CAN bus monitoring, and testing against adversarial attacks to ensure robustness in real-world scenarios.