GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network

GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network Pengdong Ye, Yanhua Liang, Yutao Bie, Guihe Qin, Jiaru Song, Yingqing Wang, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-5729072/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 15 You are reading this latest preprint version Abstract With the rapid development of automotive technology, the security of In-Vehicle Network (IVN) has received more and more attention. The Controller Area Network (CAN), which is widely used for in-vehicle communication, faces significant security risks due to its inherent vulnerabilities. These risks can result in issues such as attacks, data leakage, and abnormal functioning of vehicle systems. Currently, the mainstream security protection approach is the Intrusion Detection System (IDS). Graph-based IDSs have been widely studied due to their ability to extract large amounts of information and achieve high detection accuracy. However, the detection accuracy of existing methods for spoofing and replay attacks remains suboptimal. To address this issue, this paper proposes a graph theory-based decision tree IDS, named GDT-IDS, tailored to the characteristics of spoofing and replay attacks. Specifically, we introduce three novel graph features—time difference, betweenness centrality, and graph density—into the detection system, which significantly enhance the detection accuracy for various types of attacks, particularly replay and spoofing. In addition, the proposed method can effectively perform multi-class classification of mixed attacks with high accuracy. Moreover, it reduces training and testing times compared to other graph theory-based methods. In conclusion, this method not only demonstrates exceptional experimental performance but also provides a novel perspective and a potential solution for traditional IDS design. Controller area network Intrusion detection system Decision tree Graph density Time difference Betweenness centrality Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Editorial decision: Revision requested 01 Feb, 2025 Reviews received at journal 31 Jan, 2025 Reviews received at journal 29 Jan, 2025 Reviews received at journal 17 Jan, 2025 Reviewers agreed at journal 17 Jan, 2025 Reviewers agreed at journal 16 Jan, 2025 Reviewers agreed at journal 14 Jan, 2025 Reviewers agreed at journal 14 Jan, 2025 Reviewers agreed at journal 13 Jan, 2025 Reviewers agreed at journal 13 Jan, 2025 Reviewers agreed at journal 12 Jan, 2025 Reviewers invited by journal 12 Jan, 2025 Editor assigned by journal 31 Dec, 2024 Submission checks completed at journal 31 Dec, 2024 First submitted to journal 29 Dec, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-5729072","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":396213342,"identity":"a7211291-a40d-4c04-9a0f-ac9658c4a64d","order_by":0,"name":"Pengdong Ye","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Pengdong","middleName":"","lastName":"Ye","suffix":""},{"id":396213344,"identity":"8a188a31-fef0-498d-8ec0-3221fc83d24d","order_by":1,"name":"Yanhua Liang","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA0klEQVRIie3LMQrCMBiG4T8UOrW6xkHrEVocvUzFoZPg5KSSEEgX3QVP4eaYENBFOhfs4AUE3XQQbHIAUzfBvMuXwP8AuFy/GPaIqKeHcv3zGxFkyACxb4ieEfGakvhMqXjuFxljQQy3mYL2llhIJYlcn44TWhO0KRTgSlhIOSIi5AdDvJAriHFqJ/LFDxnS5NWUqJDPU0NQE9LRpMtFQpk/lasiC3BpIa1yrO5XvoySnO0uj9mw195YSF+YUZAQAP0OPt/XRcTMEiLrqcvlcv1tb5bUSmCyd6aPAAAAAElFTkSuQmCC","orcid":"","institution":"Jilin University","correspondingAuthor":true,"prefix":"","firstName":"Yanhua","middleName":"","lastName":"Liang","suffix":""},{"id":396213346,"identity":"f036b063-fca8-4351-b142-9aeed7f099e8","order_by":2,"name":"Yutao Bie","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Yutao","middleName":"","lastName":"Bie","suffix":""},{"id":396213347,"identity":"bef26fc1-603b-4164-9921-f1ef70ea5563","order_by":3,"name":"Guihe Qin","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Guihe","middleName":"","lastName":"Qin","suffix":""},{"id":396213348,"identity":"c0918bc7-22eb-4822-9699-194c6ab20fa3","order_by":4,"name":"Jiaru Song","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Jiaru","middleName":"","lastName":"Song","suffix":""},{"id":396213349,"identity":"a9972c46-1324-4352-8741-cec484333035","order_by":5,"name":"Yingqing Wang","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Yingqing","middleName":"","lastName":"Wang","suffix":""},{"id":396213350,"identity":"2f0faf7c-dae0-470a-879f-80d065c986bb","order_by":6,"name":"Wanning Liu","email":"","orcid":"","institution":"Jilin University","correspondingAuthor":false,"prefix":"","firstName":"Wanning","middleName":"","lastName":"Liu","suffix":""}],"badges":[],"createdAt":"2024-12-29 08:38:07","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-5729072/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-5729072/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":72789378,"identity":"35fc625d-fd5a-4787-b2fa-1c41bac960c5","added_by":"auto","created_at":"2025-01-02 07:44:48","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":4507023,"visible":true,"origin":"","legend":"","description":"","filename":"GDTIDS.pdf","url":"https://assets-eu.researchsquare.com/files/rs-5729072/v1_covered_53950da2-ac5d-412a-8b20-5e8cec733f23.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"the-journal-of-supercomputing","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"","sideBox":"Learn more about [The Journal of Supercomputing](https://www.springer.com/journal/11227)","snPcode":"11227","submissionUrl":"https://submission.nature.com/new-submission/11227/3","title":"The Journal of Supercomputing","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Controller area network, Intrusion detection system, Decision tree, Graph density, Time difference, Betweenness centrality","lastPublishedDoi":"10.21203/rs.3.rs-5729072/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-5729072/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eWith the rapid development of automotive technology, the security of In-Vehicle Network (IVN) has received more and more attention. The Controller Area Network (CAN), which is widely used for in-vehicle communication, faces significant security risks due to its inherent vulnerabilities. These risks can result in issues such as attacks, data leakage, and abnormal functioning of vehicle systems. Currently, the mainstream security protection approach is the Intrusion Detection System (IDS). Graph-based IDSs have been widely studied due to their ability to extract large amounts of information and achieve high detection accuracy. However, the detection accuracy of existing methods for spoofing and replay attacks remains suboptimal. To address this issue, this paper proposes a graph theory-based decision tree IDS, named GDT-IDS, tailored to the characteristics of spoofing and replay attacks. Specifically, we introduce three novel graph features\u0026mdash;time difference, betweenness centrality, and graph density\u0026mdash;into the detection system, which significantly enhance the detection accuracy for various types of attacks, particularly replay and spoofing. In addition, the proposed method can effectively perform multi-class classification of mixed attacks with high accuracy. Moreover, it reduces training and testing times compared to other graph theory-based methods. In conclusion, this method not only demonstrates exceptional experimental performance but also provides a novel perspective and a potential solution for traditional IDS design.\u003c/p\u003e","manuscriptTitle":"GDT-IDS: Graph-based Decision Tree Intrusion Detection System for Controller Area Network","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-01-02 07:28:31","doi":"10.21203/rs.3.rs-5729072/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-02-02T01:15:36+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-02-01T03:17:35+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-01-29T05:47:58+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-01-18T04:04:36+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"258919124778625709554647083213904677547","date":"2025-01-18T02:59:59+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"215838853938837251818901476601806530431","date":"2025-01-17T04:30:55+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"164011817006388281229188951665631003218","date":"2025-01-15T01:35:01+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"276645537180511099210279225171802747713","date":"2025-01-15T00:14:58+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"237174628880463305833142721023127238641","date":"2025-01-13T11:06:27+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"178523661309007893950339857556026988110","date":"2025-01-13T07:44:54+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"122435461532680041929094861389906351509","date":"2025-01-13T03:19:29+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-01-12T22:16:43+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-12-31T13:59:12+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-12-31T13:57:46+00:00","index":"","fulltext":""},{"type":"submitted","content":"The Journal of Supercomputing","date":"2024-12-29T08:30:17+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"the-journal-of-supercomputing","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"","sideBox":"Learn more about [The Journal of Supercomputing](https://www.springer.com/journal/11227)","snPcode":"11227","submissionUrl":"https://submission.nature.com/new-submission/11227/3","title":"The Journal of Supercomputing","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"dd63eabf-fa6c-48bc-9f89-11efc5b63037","owner":[],"postedDate":"January 2nd, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2025-02-22T16:23:19+00:00","versionOfRecord":[],"versionCreatedAt":"2025-01-02 07:28:31","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-5729072","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-5729072","identity":"rs-5729072","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}