Machine Learning-Based Intrusion Detection System for Automotive Ethernet: Detecting Cyber-Attacks with a Low-Cost Platform

  • Pedro R. X. Carmo UFPE
  • Paulo Freitas de Araujo-Filho UFPE / Université du Québec
  • Divanilson R. Campelo UFPE
  • Eduardo Freitas UFPE
  • Assis T. de Oliveira Filho UFPE
  • Djamel F. H. Sadok UFPE


Automotive Ethernet is being adopted in vehicles to provide the larger throughput that is required by autonomous vehicles. However, these vehicles may be subject to several cyber-attacks that compromise their operation and passengers' safety. This work proposes an Intrusion Detection System (IDS) that detects stream injection attacks on automotive Ethernet networks. The proposed IDS is based on feature generation and the XGBoost machine learning algorithm. Experimental results show that our proposed IDS achieves 0.9805 of AUCROC and a detection time of 620µs that allows real-time intrusion detection while using an inexpensive hardware platform, such as a Raspberry Pi. This is extremely important as cost is one of the automotive industry's main concerns.


(2016). IEEE Standard for a Transport Protocol for Time-Sensitive Applications in Bridged Local Area Networks. IEEE Std 1722-2016 (Revision of IEEE Std 1722-2011), pages 1–233.

Alkhatib, N., Ghauch, H., and Danger, J.-L. (2021). SOME/IP Intrusion Detection using Deep Learning-based Sequential Models in Automotive Ethernet Networks. In 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 0954–0962.

Alkhatib, N., Mushtaq, M., Ghauch, H., and Danger, J.-L. (2022). AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in Automotive Ethernet Networks. arXiv preprint arXiv:2202.00045.

AUTOSAR (2016). SOME/IP protocol specification. [online] Available: [link].

Bandur, V., Selim, G., Pantelic, V., and Lawford, M. (2021). Making the Case for Centralized Automotive E/E Architectures. IEEE Transactions on Vehicular Technology, 70(2):1230–1245.

Bello, L. L. (2011). The Case for Ethernet in Automotive Communications. SIGBED Rev., 8(4):7–15.

Bergstra, J., Komer, B., Eliasmith, C., Yamins, D., and Cox, D. D. (2015). Hyperopt: a python library for model selection and hyperparameter optimization. Computational Science & Discovery, 8(1):014008.

Chen, T. and Guestrin, C. (2016). XGBoost: A Scalable Tree Boosting System. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’16, pages 785–794, New York, NY, USA. ACM.

Choi, W., Joo, K., Jo, H. J., Park, M. C., and Lee, D. H. (2018). Voltageids: Lowlevel communication characteristics for automotive intrusion detection system. IEEE Transactions on Information Forensics and Security, 13(8):2114–2129.

El-Rewini, Z., Sadatsharan, K., Selvaraj, D. F., Plathottam, S. J., and Ranganathan, P. (2020). Cybersecurity challenges in vehicular communications. Vehicular Communications, 23:100214.

Freitas De Araujo-Filho, P., Pinheiro, A. J., Kaddoum, G., Campelo, D. R., and Soares, F. L. (2021). An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform. IEEE Access, 9:166855–166869.

Jeong, S., Jeon, B., Chung, B., and Kim, H. K. (2021a). Automotive Ethernet intrusion dataset. Available at

Jeong, S., Jeon, B., Chung, B., and Kim, H. K. (2021b). Convolutional neural networkbased intrusion detection system for AVTP streams in automotive Ethernet-based networks. Vehicular Communications, 29:100338.

Kang, M.-J. and Kang, J.-W. (2016). A novel intrusion detection method using deep neural network for in-vehicle network security. In 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring), pages 1–5. IEEE.

Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., and Savage, S. (2010). Experimental Security Analysis of a Modern Automobile. In 2010 IEEE Symposium on Security and Privacy, pages 447–462.

Liu, J., Zhang, S., Sun, W., and Shi, Y. (2017). In-Vehicle Network Attacks and Countermeasures: Challenges and Future Directions. IEEE Network, 31(5):50–58.

Markovitz, M. andWool, A. (2017). Field classification, modeling and anomaly detection in unknown CAN bus networks. Vehicular Communications, 9:43–52.

Matheus, K. and Königseder, T. (2021). Automotive Ethernet. Cambridge University Press, 3 edition.

Porter, D. (2018). 100BASE-T1 Ethernet: the evolution of automotive networking. Texas Instruments, Techn. Ber.

Wu, W., Li, R., Xie, G., An, J., Bai, Y., Zhou, J., and Li, K. (2020). A Survey of Intrusion Detection for In-Vehicle Networks. IEEE Transactions on Intelligent Transportation Systems, 21(3):919–933.
Como Citar

Selecione um Formato
CARMO, Pedro R. X.; ARAUJO-FILHO, Paulo Freitas de; CAMPELO, Divanilson R.; FREITAS, Eduardo; OLIVEIRA FILHO, Assis T. de; SADOK, Djamel F. H.. Machine Learning-Based Intrusion Detection System for Automotive Ethernet: Detecting Cyber-Attacks with a Low-Cost Platform. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 40. , 2022, Fortaleza. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2022 . p. 196-209. ISSN 2177-9384. DOI: