Hugging Face's logo

Keyven
/
CanDefender-Fuzzy

English
German
automotive
IDS
CAN
CANIDS
AutomotiveSecurity
Cybersecurity
Model card Files Community
CanDefender-Fuzzy / README.md
Keyven's picture
Keyven
Update README.md
38bc4b3 verified
preview code
|
raw
history blame contribute delete
2.6 kB
metadata
license: cc-by-nc-nd-4.0
language:
  - en
  - de
tags:
  - automotive
  - IDS
  - CAN
  - CANIDS
  - AutomotiveSecurity
  - Cybersecurity

CANDefender – Fuzzy Attack Detection Model

Model Summary
This model detects Fuzzy attacks on the CAN bus. It was trained on 4.73 million real CAN frames, including normal data and Fuzzy-labeled data. The model uses an LSTM architecture that processes the CAN ID and 8-byte payload to classify each frame as either “Fuzzy” or “Normal.”

Performance

Test Accuracy: ~94.09%
Confusion Matrix (Fuzzy vs. Normal):

True \ Pred Fuzzy (pred) Normal (pred)
Fuzzy 3,737,645 13,379
Normal 266,808 722,063
  • Recall (Fuzzy): ~99.6% (very few Fuzzy frames missed)
  • Recall (Normal): ~73% (about 27% false positives on Normal)

Intended Use

  • Goal: Real-time detection of Fuzzy attacks on the CAN bus.
  • Limitations:
    • Focused on Fuzzy vs. Normal classification only (other attacks handled in separate models).
    • Tends to misclassify ~27% of normal frames as Fuzzy (relatively high false alarms).

How to Use 

import torch
import numpy as np
from can_defender_fuzzy import CANLSTM  # Adjust import name

# Example frame => [CAN_ID, b0..b7]
frame = [0x315, 0x12, 0x4F, 0xA2, 0x00, 0x00, 0x78, 0x1C, 0xAA]

x_np = np.array(frame, dtype=np.float32).reshape(1,1,9)

model = CANLSTM(input_dim=9, hidden_dim=64, num_classes=2)
model.load_state_dict(torch.load("can_lstm_model_final.pt"))
model.eval()

with torch.no_grad():
    logits = model(torch.from_numpy(x_np))
    pred = torch.argmax(logits, dim=1).item()
    print("Prediction:", "Fuzzy" if pred == 0 else "Normal")

Training Configuration

  • Architecture: LSTM (64 hidden units), final linear layer → 2 classes (Fuzzy vs. Normal)
  • Optimizer: Adam (lr=1e-3)
  • Epochs: ~30 (stopped once performance stabilized)
  • Dataset: 4.73 million CAN frames

Limitations & Next Steps

  • False Positives: ~27% of normal frames get labeled as Fuzzy. Acceptable for high-sensitivity scenarios, but can be improved (weighted loss, time-window approach, etc.).
  • Scope: Only focuses on Fuzzy detection. Other attacks (DoS, Gear, RPM) are separate.

Potential Enhancements:

  • Weighted training or additional features (delta-time, frequency)
  • Window-based LSTM or transformers for sequence data

License & Contact