Abstract: A controller area network (CAN) lacks security features such as message encryption and sender authentication, making it vulnerable to malicious network attacks that can compromise both human and road safety. In light of this situation, a feature fusion-based intrusion detection method for CAN is proposed. This method focused on the relationships between internal features of messages rather than their temporal order. Firstly, global features and group features extracted from CAN messages were fused, and a multi-encoder network was employed to detect various types of injection attacks. Additionally, a self-attention mechanism was incorporated to generate interpretable weights for different features, which measured their importance. Experimental validation was conducted using a dataset constructed from real vehicles. The detection accuracy of single injection attacks surpassed 97%, while the overall detection accuracy for multiple injection attacks was 98.23%, outperforming existing methods. This demonstrates the high accuracy and robustness of the proposed intrusion detection system.

Key words: controller area networks, intrusion detection system, feature fusion, self-attention mechanism, injection attacks