CANDoSA: A Hardware Performance

Counter-Based Intrusion Detection System for DoS

Attacks on Automotive CAN bus
Franco Oberti Stefano Di Carlo Alessandro Savino
Dumarey Softronix Control and Computer Eng. Dep. Control and Computer Eng. Dep.
Dumarey Politecnico di Torino Politecnico di Torino
Torino, Italy Torino, Italy Torino, Italy
ORCID: 0000-0001-7974-9505 ORCID: 0000-0002-7512-5356 ORCID: 0000-0003-0529-7950
arXiv:2507.14739v1 [[Link]] 19 Jul 2025

Abstract—The Controller Area Network (CAN) protocol, es- risks such as Denial-of-Service (DoS) attacks and data injec-
sential for automotive embedded systems, lacks inherent security tion, making robust, multi-layered cybersecurity frameworks
features, making it vulnerable to cyber threats, especially with essential [6].
the rise of autonomous vehicles. Traditional security measures
offer limited protection, such as payload encryption and message Regulations like United Nations Regulation No. 155 (UNR
authentication. This paper presents a novel Intrusion Detection 155) and United Nations Regulation No. 156 (UNR 156) re-
System (IDS) designed for the CAN environment, utilizing quire manufacturers to implement Cybersecurity Management
Hardware Performance Counters (HPCs) to detect anomalies Systems (CSMSs) to ensure compliance [7]. Standards such as
indicative of cyber attacks. A RISC-V-based CAN receiver is
ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering
simulated using the gem5 simulator, processing CAN frame
payloads with AES-128 encryption as FreeRTOS tasks, which (ISO 21434) emphasize the need for intrusion detection to
trigger distinct HPC responses. Key HPC features are optimized protect communication networks [8].
through data extraction and correlation analysis to enhance A common cybersecurity approach includes deploying In-
classification efficiency. Results indicate that this approach could trusion Detection Systems (IDSs) that analyze network traf-
significantly improve CAN security and address emerging chal-
lenges in automotive cybersecurity. fic in real-time to identify threats. These systems leverage
Index Terms—Security, CAN Networks, Intrusion Detection signature-based detection, anomaly detection, and machine
Systems, Hardware Performance Counters, Automotive learning to monitor networks like CAN and Ethernet [9], while
host-based IDSs enhance security by tracking critical ECUs
modifications.
I. I NTRODUCTION
This paper presents research on a novel IDS aimed at
Modern vehicles are now interconnected platforms capa- improving attack detection on CAN networks by assessing
ble of semi-autonomous decision-making and Over-the-Air Hardware Performance Counters (HPCs) deviations in ap-
(OTA) updates. This integration of automotive engineering and plication execution. We use a RISC-V microprocessor as
information technology necessitates a rethinking of vehicle a representative architecture for next-generation automotive
architectures to ensure functionality, performance, efficiency, systems [10].
and resilience. The paper is structured as follows: Section II provides back-
Vehicle communication utilizes networks such as Controller ground information, Section III describes the IDS framework,
Area Network (CAN), Long-Term Evolution (LTE), Fifth Gen- Section IV outlines the simulation environment, Section V
eration Mobile Network (5G), and Ethernet to enable advanced discusses results, and Section VI concludes the paper.
features like Advanced Driver Assistance Systems (ADAS),
Vehicle-to-Everything (V2X), and cloud-based services [1], II. BACKGROUND
[2]. However, this connectivity increases vulnerability to cyber
threats [3], [4], including vehicle hijacking, Electronic Control Automotive IDSs encompass signature-based, anomaly-
Units (ECUs) manipulation, and ransomware attacks [5]. The based, and hybrid approaches for vehicle cybersecurity [11].
shift to Software Defined Vehicle (SDV) introduces additional Signature-based systems detect known threats using predefined
patterns, while anomaly-based solutions leverage Machine
This work was supported by Project SERICS through the MUR National Learning (ML) and Artificial Intelligence (AI) to identify novel
Recovery and Resilience Plan, funded by the European Union NextGener- attacks through behavioral analysis [12]. Hybrid approaches
ationEU under Grant PE00000014, project COLTRANE-V funded by the combine these methods for comprehensive protection, though
Ministero dell’Università e della Ricerca within the PRIN 2022 program
(D.D.104 - 02/02/2022), and Project Vitamin-V funded by the European they face challenges in balancing detection accuracy with
Union: Project 101093062. resource constraints.
 Recent advances have integrated sophisticated ML tech- CAN CONTROLLER ECU with RISC-V INTRUSION DETECTION
niques, particularly for CAN bus monitoring. The CAN-BERT SYSTEM

model [13] applies language modeling to analyze network

traffic patterns, while traditional classifiers like Support Vector
Machines (SVMs) and Deep Neural Networks (DNNs) detect
various attacks, including DoS and impersonation attempts
[14], [15]. Half-Duplex
Vehicle security employs both network-based IDSs and Communication
with ECU ML Classifier
Host-Based Intrusion Detection Systems (HIDSs). Network
solutions monitor communication channels, while HIDSs pro-
tect individual ECUs through power signature analysis and
host hardening techniques [16]. Commercial implementations Fig. 1: General workflow for attack detection.
combine these approaches with cloud computing and big
data analytics for real-time threat detection [17], though high
computational requirements can impact response times [11]. A. Classification Framework
Key challenges include achieving high True Positive Rate
The classification step is crucial for ensuring a fair analysis
(TPR) while maintaining low latency in resource-constrained
of HPC data. Initially, the raw data undergoes preprocessing to
environments. Future directions focus on integrating hardware
standardize and normalize features, eliminating discrepancies
security modules (Trusted Platform Modules (TPMs), Hard-
from differing scales and filtering out irrelevant data. This
ware Security Modules (HSMs)) with software-based detection
process enhances comparability and lays a foundation for
[17], implementing federated learning for privacy-preserved
accurate analysis. Two key transformations are applied:
model training [14], and developing standardized evaluation
frameworks [18]. Recent research also explores HPCs event 1) Mean and Scale Transformation: This reduces disper-
counting for detecting malware and microarchitectural attacks sion in HPC values, mitigating the impact of outliers
[19], [20]. from simulation timing or workload variations.
2) Correlation Analysis for Feature Reduction: This
III. H ARDWARE -BASED I NTRUSION D ETECTION analysis identifies and removes highly correlated fea-
F RAMEWORK tures, reducing dimensionality while retaining the most
This section outlines the framework of the IDS, aimed at predictive variables. The refined dataset focuses on HPC
developing a HIDS to identify attacks by detecting behavioral features that distinguish normal from anomalous traffic.
deviations in the application on the ECU and analyzing CAN The classification employs Binary Classification Models
data (see Figure 1). The approach consists of three phases that to differentiate regular traffic from attacks. We utilize an
transform raw CAN data into an effective online inference unsupervised One-Class Classifier trained solely on standard
model using HPC event counting: traffic data, which requires less training data and effectively
1) Data Collection: Data is gathered from the CAN net- detects anomalies by identifying deviations from the estab-
work and organized into samples, which may be benign lished dataset. This approach ensures robust detection without
or malicious. This setup facilitates the detection of constant updates, enhancing our cybersecurity efforts.
deviations in the ECU ’s behavior, signaling potential
attacks. While it limits detectable scenarios, it effectively IV. S IMULATION OF ECU-CAN SYSTEMS
identifies intrusion events like DoS attacks, which over-
whelm ECU functionality, and frame spoofing attacks, To deploy a realistic ECU configuration, a CAN re-
where false messages are injected. ceiver integrated with a RISC-V architecture is implemented
2) Frame Processing and HPC Logging: The CAN data on the gem5 simulator. The setup is configured using
is processed by an application on the ECU, activating riscv/fs_linux.py, which establishes a RISC-V Timing
the Perfomance Monitoring Unit (PMU) to log HPC Simple CPU, DDR4 RAM, L1/L2 caches, and a 1.0 GHz
values. This logging captures events during frame pro- clocked system, reflecting a typical embedded system. This
cessing, providing insights into the ECU ’s state and controlled environment overcomes physical board limitations,
performance. Currently, HPC data is collected only at enabling precise observation and manipulation of CAN com-
execution’s end, limiting real-time detection but remain- munication and HPC triggering. The simulation runs in gem5’s
ing crucial for identifying performance deviations [21]. Full System (FS) mode, emulating critical hardware compo-
3) Offline Training and Online Inference: The classifica- nents and supporting complex software like Linux or Real-
tion model undergoes offline training, processing HPC Time Operating System (RTOS) (e.g., FreeRTOS [22]).
values through feature selection to identify key features CAN communication involves two components:
and optimize classifier parameters. Once trained, the in- • CAN Controller Transmitter: A Python script reads
ference model continuously monitors CAN data to detect datasets, constructs CAN frames, and writes them to a
attacks based on deviations in the ECU ’s behavior. shared file. Frames are generated by parsing components
 zero, causing arbitration delays for legitimate frames. The
CAN IDS
Dataset One-Class SVM dataset contains 119,000 attack-free messages and 118,000
(script)
DoS attack [Link] evaluate the IDS framework, we
{identifier, DLC, payload}
used the unsupervised One-Class SVM [30], implemented
CAN Payload via sklearn [31]. This model, trained on attack-free data,
Receiver AES

CAN CAN Hardware

identifies anomalies by establishing a boundary around the
Performance
Transmitter
(script)
Messages
Counters
normal class. Training utilized 20% to 95% of the attack-free
data, with the remaining 5% reserved for testing alongside the
Mean & full attack dataset.
Scale +
[Link] Correlation After parameter tuning, the OneClassSVM was configured
with an Radial Basis Function (RBF) kernel, ν = 0.2, and
Fig. 2: gem5 [24] experimental environment γ = auto. This setup effectively detected anomalies within
the dataset.
We implemented the two methods outlined in Section III-A
like identifiers, Data Length Code (DLC), and payloads
to streamline our data. We standardized the input values,
and converting them into frames.
which ranged from 10−7 to 1010 , to achieve a mean of
• CAN Controller Receiver: A FreeRTOS task reads
zero and a standard deviation of one, ensuring uniformity in
and processes frame data from shared files, simulating
our analysis. We computed correlation coefficients for each
memory-mapped access in the absence of a complete
input parameter with the output parameter, excluding any that
hardware counterpart.
were uncalculable or did not meet the 0.9 threshold. This
Since the gem5 RISC-V microprocessor lacks a PMU, procedure ultimately informed the final selection in Table I.
HPCs-like data are derived from gem5 logs [23]. The simula- While the number of HPCs corresponds to the actual number
tor tracks around 1200 architectural events in [Link], of available counters, it is essential to note that the study’s
offering a broader dataset than physical PMU counters. A objective is to assess their effectiveness. It is plausible that by
Python script parses these logs to extract and reshape HPC- pinpointing a subset of HPCs, acceptable classification results
like data for training and testing detection models, following can still be achieved with a limited number of physical counter
preprocessing steps outlined in Section III-A. registers [32].
V. E XPERIMENTAL R ESULTS Table I lists all selected logs, which include events that may
not be available in standard RISC-V implementations, such
The experimental setup, shown in Figure 2, features an
as CVA6 [28], due to their optional nature. We also provide
AES-128 encryption task as a reference application. This
x86 similarity data [25]. Notably, the caches exhibit many
task processes 16-byte plaintext blocks with a 16-byte key
similar events. Demand misses occur when the CPU requests
to produce ciphertext. It runs as a FreeRTOS task, receiving
an instruction not in the cache, requiring a fetch from lower
payloads as CAN frames from the CAN receiver described in
memory levels. Read requests are a subset tracked when a read
IV. This setup simulates a realistic automotive environment
is issued to the gem5 cache component. This differentiation
by combining FreeRTOS and HPC evolution beyond the AES
may not exist in real HPCs, but our preprocessing reveals that
algorithm.
the information content does not fully overlap.
NODE A NODE C This study evaluates the effectiveness of one-class classifi-
cation techniques in identifying various types of cyber attacks
CAN CAN
without prior knowledge of their characteristics. We focused
0x00 Delayed 0x00 Delayed on these methods’ detection capabilities by varying the size
of the attack-free training set, analyzing 1,500 CAN frames
CAN Network
processed by the AES task. Smaller training set sizes, starting
with 75 frames, yielded inconclusive results and have been
0x00
Packet flooding excluded from the final manuscript for clarity and integrity.
0x00
In Figure 4, we present essential performance metrics,
CAN
specifically accuracy and the F1 score (see equation 1), as
we vary the percentage of the dataset utilized for training.
NODE B
The accuracy metric assesses the ratio of correctly predicted
Fig. 3: Schematic of the DoS attack instances to the total number of predictions made. Meanwhile,
the F1 score offers a balanced evaluation of precision and
The dataset, sourced from [29], was collected via the OBD- recall, making it particularly valuable in situations with im-
II port of a KIA SOUL car and includes regular (attack- balanced class distributions.
free) data and three attack types: Fuzzy, Impersonation, and
DoS. For this study, we focused on the DoS attack, where TP
a malicious node injects CAN frames with an identifier of F1 = (1)
T P + 12 (F N + F P )
 TABLE I: Selected Events from gem5 logs (all start from system.)
gem5 Event gem5 Meaning RISC-V HPC Similarity x86 HPC Similarity [25]
[Link] Committed instructions minstret (Retired instruction counter) [26] INST [Link]
[Link] Fetched branch instructions Branch instructions event (PULP) [27] BR INST [Link] BRANCHES
[Link]::[Link] Demand hits in the data cache L1 D-Cache hit event (PULP) [27] MEM LOAD RETIRED.L1 HIT
[Link]::[Link] Demand misses in the data cache L1 D-Cache miss event (PULP) [27] MEM LOAD RETIRED.L1 MISS
[Link]::[Link] Read request hits in the data cache Load access event (CVA6) [28] MEM LOAD RETIRED.L1 HIT (subset)
[Link]::[Link] Read request misses in the data cache Load access event (CVA6) [28] MEM LOAD RETIRED.L1 MISS (subset)
[Link]::[Link] Write request hits in the data cache Store access event (CVA6) [28] MEM STORE RETIRED.L1 HIT
[Link]::[Link] Write request misses in the data cache Store access event (CVA6) [28] MEM STORE RETIRED.L1 MISS
[Link]::[Link] Demand hits in the instruction cache L1 I-Cache hit event (PULP) [27] [Link]
[Link]::[Link] Demand misses in the instruction cache L1 I-Cache miss event (PULP) [27] [Link]
[Link]::[Link] Read request hits in the instruction cache Instruction fetch event (CVA6) [28] [Link] (subset)
[Link]::[Link] Read request misses in the instruction cache Instruction fetch event (CVA6) [28] [Link] (subset)
[Link]::[Link] Demand hits in the L2 cache L2 cache hit event (if implemented in PULP/CVA6) MEM LOAD RETIRED.L2 HIT
[Link]::[Link] Demand misses in the L2 cache (instructions) L2 cache miss event (if implemented in PULP/CVA6) MEM LOAD RETIRED.L2 MISS (for instructions)
[Link]::[Link] Demand misses in the L2 cache (data) L2 cache miss event (if implemented in PULP/CVA6) MEM LOAD RETIRED.L2 MISS (for data)
[Link]::total Total demand misses in the L2 cache Total L2 cache miss event (if implemented in PULP/CVA6) L2 [Link]

1 1
0.95 0.95
0.9
0.9
0.85
0.8 0.85
Accuracy

F1-Score
0.75 0.8
0.7 0.75
0.65
0.7
0.6
0.65
0.55
0.5 0.6
20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95
Percentage of Training data over attack free dataset Percentage of Training data over attack free dataset

(a) Attack detection Accuracy (b) Attack detection F1-score

Fig. 4: IDS performances on DoS attack, considering a training set from 20% to 95% of the attack-free dataset in [29]

The results show that the one-class classifier effectively iden- VI. C ONCLUSION
tifies all malicious samples, but its performance heavily relies
on the training set size. Achieving 90% accuracy requires This paper introduced a novel IDS approach utilizing HPCs
over 75% of the training data (between 75% and 80% in Fig. for detection. Initial findings demonstrate the feasibility of
4a). This limitation means that without a sufficiently large detecting attack CAN data, although detection quality remains
and diverse training set, the model may misclassify legitimate limited. The primary challenge is the need for a large dataset
traffic as malicious, as indicated by the F1-score in Fig. 4b, to train an effective model, indicating further experiments
which highlights the risk of high False Positive Rate (TPR) are necessary. Future work should explore various attacks,
with inadequate training data. applications, and more complex RTOS scenarios.
Additionally, research will focus on adapting IDS capabili-
Additionally, the classifier’s ability to detect attacks depends ties for safety-critical real-time embedded systems, a vital step
on accumulating HPC data over time, preventing instantaneous toward developing a comprehensive IDS. The ultimate aim is
or real-time intrusion detection. This latency poses challenges to create an advanced IDS that integrates CAN bus anomaly
for immediate threat response and concerns environments detection and HIDS into a unified module.
requiring prompt action against security breaches, which will
be addressed in future work.
ACKNOWLEDMENTS
While the current classifier does not support real-time
IDS deployment, it demonstrates that malicious activities can This paper is based on the work conducted by Gaspard
cause significant deviations in application processing patterns. Henri Guy Michel as part of their Master’s thesis at Politecnico
Understanding these deviations could enhance future detection di Torino. Their dedication and research have significantly
algorithms and overall cybersecurity measures. contributed to the findings and insights.
 R EFERENCES [20] D. Kasap, A. Carpegna, A. Savino, and S. Di Carlo, “Micro-architectural
features as soft-error markers in embedded safety-critical systems:
preliminary study,” in 2023 IEEE European Test Symposium (ETS),
[1] A. Brown and B. Green, “The evolution of in-vehicle networks: From 2023, pp. 1–5.
can to ethernet,” Journal of Automotive Networking, vol. 15, no. 3, pp. [21] A. P. Kuruvila, X. Meng, S. Kundu, G. Pandey, and K. Basu, “Explain-
567–580, 2022. able machine learning for intrusion detection via hardware performance
[2] J. Miller and D. Smith, “A survey on vehicle communication protocols: counters,” IEEE Transactions on Computer-Aided Design of Integrated
Can, lin, and ethernet,” IEEE Transactions on Vehicular Technology, Circuits and Systems, vol. 41, no. 11, pp. 4952–4964, 2022.
vol. 72, no. 5, pp. 1123–1135, 2023. [22] FreeRTOS, “Freertos documentation,” 2024, [Link]
[3] M. Williams, “Cybersecurity threats in modern vehicles,” IEEE Security Documentation/RTOS [Link]. [Online]. Available: [Link]
& Privacy, vol. 21, no. 4, pp. 45–52, 2023. [Link]/Documentation/RTOS [Link]
[4] K. Anderson and L. Schmidt, “The security implications of remote [23] S. Dutto, A. Savino, and S. Di Carlo, “Exploring deep learning for in-
firmware updates and diagnostics in modern vehicles,” IEEE Transac- field fault detection in microprocessors,” in 2021 Design, Automation &
tions on Intelligent Transportation Systems, vol. 24, no. 1, pp. 121–135, Test in Europe Conference & Exhibition (DATE), 2021, pp. 1456–1459.
2023. [24] J. Lowe-Power, “Gem5 documentation,” Gem5, 2024, [Link]
[5] M. Davis and A. Lopez, “Case studies of vehicle hijacking and ecu [Link]/documentation/. [Online]. Available: [Link]
manipulation attacks,” Journal of Automotive Cyber Threats, vol. 9, documentation/
no. 4, pp. 98–112, 2024. [25] Intel Corporation, Intel® 64 and IA-32 Architectures Software
[6] T. Nguyen and R. Patel, “Denial-of-service and spoofing attacks in Developer’s Manual, 2021, document Number: 325384-074US.
automotive networks: A security framework,” Journal of Automotive [Online]. Available: [Link]
Cybersecurity, vol. 8, no. 1, pp. 25–40, 2024. develop/articles/[Link]
[7] E. Jones, “The role of intrusion detection systems in automotive cyber- [26] RISC-V Foundation, The RISC-V Instruction Set Manual, Volume
security,” Automotive Cybersecurity Review, vol. 8, no. 2, pp. 30–45, II: Privileged Architecture, 2021. [Online]. Available: [Link]
2024. technical/specifications/
[8] L. Schmidt and K. Anderson, “Automotive cybersecurity engineering: [27] PULP Platform, “Pulp platform documentation,” 2021, accessed:
Practical applications of iso 21434,” IEEE Transactions on Vehicular 2023-03-13. [Online]. Available: [Link]
Technology, vol. 73, no. 2, pp. 234–249, 2024. [28] OpenHW Group, “Cva6 user manual,” 2021, accessed: 2023-03-13.
[9] S. Kim and W. Chang, “The role of intrusion detection systems in [Online]. Available: [Link]
automotive cybersecurity,” IEEE Security & Privacy, vol. 22, no. 3, pp. [29] H. Lee, S. H. Jeong, and H. K. Kim, “Otids: A novel intrusion detection
50–65, 2023. system for in-vehicle network by using remote frame,” in 2017 15th
Annual Conference on Privacy, Security and Trust (PST), 2017, pp. 57–
[10] L. Cuomo, C. Scordino, A. Ottaviano, N. Wistoff, R. Balas, L. Benini,
5709.
E. Guidieri, and I. M. Savino, “Towards a risc-v open platform for next-
[30] A. M. Mahfouz, A. Abuhussein, D. Venugopal, and S. Shiva, “Network
generation automotive ecus,” in 2023 12th Mediterranean Conference on
intrusion detection model using one-class support vector machine,”
Embedded Computing (MECO), 2023, pp. 1–8.
in Advances in Machine Learning and Computational Intelligence.
[11] J. Luo, Y. Jiang, J. Wu, Z. Ding, and X. Zheng, “A survey on intrusion Springer, 2020, pp. 77–87.
detection for connected and autonomous vehicles,” IEEE Internet of [31] S. learn, “Scikit learn documentation,” 2024, [Link]
Things Journal, vol. 10, no. 13, pp. 11 841–11 869, 2023. stable/. [Online]. Available: [Link]
[12] J. D. Frechette, P. Tsai, and E. Lam, “Systems and methods for in- [32] C. P. Chenet, A. Savino, and S. Di Carlo, “Zero-day hardware-supported
vehicle communication and control,” US Patent US10 630 699B2, 2020. malware detection of stack buffer overflow attacks: An application
[Online]. Available: [Link] exploiting the cv32e40p risc-v core,” in 2025 IEEE 26th Latin American
en Test Symposium (LATS), 2025, pp. 1–6.
[13] N. Alkhatib, M. Mushtaq, H. Ghauch, and J.-L. Danger, “ CAN-BERT
do it? Controller Area Network Intrusion Detection System based
on BERT Language Model ,” in 2022 IEEE/ACS 19th International
Conference on Computer Systems and Applications (AICCSA). Los
Alamitos, CA, USA: IEEE Computer Society, Dec. 2022, pp.
1–8. [Online]. Available: [Link]
AICCSA56895.2022.10017800
[14] B. S. Bari, K. Yelamarthi, and S. Ghafoor, “Intrusion detection in
vehicle controller area network (can) bus using machine learning: A
comparative performance study,” Sensors, vol. 23, no. 7, p. 3610, 2023.
[Online]. Available: [Link]
[15] B. Alzahrani, A. Alshahrani, A. Alzahrani, F. Alshahrani, M. Alshahrani,
M. Alzahrani, and S. Alzahrani, “A comprehensive survey of cyberat-
tacks on evs: Research domains, attacks, defensive mechanisms, and
verification methods,” Transportation Engineering, vol. 12, p. 100187,
2023.
[16] S. Khandelwal and S. Shanker, “Phidias: Power signature host-based
intrusion detection in automotive systems,” in Proceedings of the
2024 ACM SIGSAC Conference on Computer and Communications
Security, 2024. [Online]. Available: [Link]
3689939.3695780
[17] B. Alzahrani, A. Alshahrani, A. Alzahrani, F. Alshahrani, M. Alshahrani,
M. Alzahrani, and S. Alzahrani, “A comprehensive review of ai based
intrusion detection system,” ICT Express, 2024.
[18] M. L. Bouchouia, H. Khemissa, E. Gherbi, M. Tami, D. Lopes,
N. Alkhatib, and M. Ayrault, “Cybersecurity metrics for ai-based in-
vehicle intrusion detection systems,” in 2024 IEEE Vehicular Networking
Conference (VNC), 2024, pp. 269–270.
[19] E. Magliano, A. Carpegna, A. Savino, and S. D. Carlo, “A micro
architectural events aware real-time embedded system fault injector,”
in 2024 IEEE 25th Latin American Test Symposium (LATS), 2024, pp.
1–6.