Safeguarding GRU-Based Intrusion Detection Systems From Adversarial Attacks With Dynamic Label Watermark in CAN Bus Communication

Intrusion Detection Systems (IDS) for Control Area Network (CAN) bus communication using deep learning models face threats from adversarial black-box attacks in the Internet of Vehicles (IoVs). Although watermark techniques are proposed as defences, they lack concealment and are vulnerable. Current watermark methods for time-series data-based applications need cloud-based verification and terminal-based generation, and they cannot meet real-time requirements with large resources. To address these issues, we propose a real-time Gated Recurrent Units (GRU) based IDS with for CAN bus communication via a novel dynamic label watermark (DLW) method. In detail, we design a multi-task learning structure at the terminal side only to detect conventional intrusion attacks. At the same time, we propose a novel dynamic label watermark method applied to time-series data to defend against adversarial black-box attacks. Experimental results show that for the detection of Denial of Service (DoS), Revolutions Per Minute (RPM) spoofing, and fuzzing attacks, our model achieves 1.00000, 1.00000, and close to 1.00000 with the recall, accuracy, F1 score, and precision, respectively. For detection of gear spoofing, our model with the same metrics achieves 1.00000, which are 0.0882, 0.0001, 0.0459, and 0.0208 better than CANLite and the same as ConvLSTMGNB. Finally, we construct a new adversarial black-box attack embedded with four attacks above to validate the resistance and performance of our model (achieving 116 KB code size), which is 58% smaller, 0.9%-35.7% faster, and 1.52%-10.5% improvement of same metrics compared to baseline model (LSTM).