Shallow Learning-Based Intrusion Detection System for In-Vehicle Network: ASIC Implementation

Abstract

This paper presents an Application-Specific Integrated Circuit (ASIC) implementation and Field-Programmable Gate Array (FPGA) verification of a Convolutional Neural Network (CNN)-based Intrusion Detection System (IDS) designed to enhance the security of an in-vehicle Controller Area Network (CAN) BUS and detect malicious messages. The CNN model employs a lightweight architecture with a single convolution layer using a 2 × 2 kernel and integrates a filter algorithm optimized for Fuzzy and Spoofing attacks to improve the performance. The IDS is implemented on an Electronic Control Unit platform powered by an ARM Cortex-M3 core and uses SRAM to store the parameters utilized by the CNN model and filter algorithm, targeting ASIC implementation with TSMC 180 nm technology. Functional verification was conducted by configuring a simplified CAN bus environment using the Xilinx Nexys Video FPGA and PEAK-System PCAN-USB, which was validated in real-time against DoS, Spoofing, and Fuzzy attack scenarios. The proposed lightweight CNN-based IDS achieved a fast detection speed of 0.0233 ms and an average accuracy of 99.6879%, thereby demonstrating its potential to enhance the security of in-vehicle CAN BUS.

1. Introduction

The automotive industry has recently required significant computational performance due to the advances in Advanced Driving Assistance Systems (ADASs) and autonomous driving technologies [1,2]. Furthermore, the growing network connectivity with electric devices to accommodate various vehicle features has significantly elevated the importance of Controller Area Network (CAN) BUS, the primary communication protocol for vehicles [2,3].

The CAN bus enables efficient data exchange among various Electronic Control Units (ECUs) within the vehicle, thereby supporting a wide range of functionalities. However, owing to a lack of security features, they are vulnerable to malicious attacks. An attacker can gain access to a network and manipulate it, posing a serious threat to the safety of drivers and passengers [3].

To address the threats posed by the lack of security features, various models have been implemented to Intrusion Detection Systems (IDS) [4], such as Convolutional Neural Network (CNN)-based IDS using Inception-ResNet [5] and Generative Adversarial Networks (GAN)-based IDS using an Auxiliary Classifier [6]. However, Deep Learning approach is often unsuitable for vehicles due to its high computational complexity and the limited resources available in vehicle environments.

This paper proposes a lightweight CNN-based IDS using shallow learning to address the security vulnerabilities of the CAN BUS and establish an IDS for vehicle networks. The proposed approach includes Application Specific Integrated Circuit (ASIC) implementation and Field Programmable Gate Array (FPGA) verification of an IDS. The proposed IDS can be summarized as follows.

• The error-handling mechanism of the CAN protocol is utilized to impose communication penalties on the hacked ECU or isolate them from the bus.
• Data preprocessing methods, such as Sliding Window and Data Insertion, are utilized to facilitate the real-time analysis of ongoing communication data.
• The CNN model performs multiclass classification to identify attack types, and the corresponding filter algorithm is applied to mitigate performance degradation caused by the lightweight design.

2. Background

2.1. CAN

CAN is a network protocol designed to communicate among various ECUs within a vehicle. In the CAN protocol, each data packet is assigned a unique message ID to form a message-based communication structure [7,8]. This allows all ECUs within the network to control communication independently without a central control unit. Additionally, it provides error detection and recovery features capable of identifying and managing various types of errors.

Additionally, as shown in Figure 1, the ECU within a vehicle adopts a multi-master architecture, where collisions can occur if multiple ECUs attempt to communicate simultaneously. To prevent this, an arbitration process is performed to determine the communication priority. The arbitration process operates on a bit-level comparison. When a Dominant Bit (Logic 0) and a Recessive Bit (Logic 1) are transmitted simultaneously, the Dominant Bit takes precedence. Through this method, the message IDs are compared, and ultimately, the message with the lowest ID is assigned the highest priority.

2.1.1. Frame

A CAN Frame is the basic unit of data transmission, containing the transmitted data, along with its associated control information. CAN Frames are categorized into four types: Data Frame, Remote Frame, Overload Frame, and Error Frame, each serving the following roles, respectively:

• Remote Frame: A frame used to request data associated with a specific message ID. It does not transmit any data but only includes the ID for the request.
• Overload Frame: A frame transmitted when the network is in an overloaded state, temporarily halting communication and requesting additional time for data processing.
• Error Frame: A frame transmitted when an error is detected, notifying the network of its occurrence.
• Data Frame: A frame used for actual data transmission, sending information from the transmitting ECU to receiving ECU.

In this study, only Error and Data Frames were considered. The CAN Data Frame is shown in Figure 2, and the role of each field is as follows.

The Start of Frame (SOF) is a single bit that signals the start of a frame, enabling the ECU connected to the network to recognize and synchronize the beginning of the frame accordingly.

The Arbitration Field contains the unique ID of the message and is responsible for determining its priority. It is composed of the Identifier (ID) and Remote Transmission Request (RTR). The ID is 11 bits long in the CAN Standard and 29 bits long in the Extended format. In this study, the Standard format is used, with the ID set to 11 bits. The RTR is a single bit used to differentiate between Data Frames and Remote Frames. A Dominant Bit is used to indicate a Data Frame.

The control Field contains information regarding the size and type of the Data Field of the current frame. It is composed of 6 bits, including Reserved Bits and the Data Length Code (DLC). The Reserved Bits are the two bits allocated to the future functionality. In this study, DLC was limited to values between 0 and 8.

The data Field contains the actual transmitted data. The size of the data is determined by the DLC, and the data are transmitted in the order of Most Significant Bit.

The CRC Field performs error detection in the frames. It is composed of a Cyclic Redundancy Check (CRC) Sequence and a Delimiter Bit. The CRC Sequence contained a 15-bit CRC value calculated using the SOF, Arbitration Field, Control Field, Data Field, and the CRC-15 Polynomial. The Delimiter Bit is a single Recessive Bit used to mark the end of a CRC Field. The transmitted CRC value in the CRC Sequence is compared with the CRC value calculated using the receiving ECU. If the values do not match, the receiving ECU can request the transmitting ECU to resend the frame.

The ACK Field indicates to the transmitting ECU whether data were successfully received by the receiving ECU. It comprises an ACK Slot and the Delimiter Bit. If the data were successfully received, a Dominant Bit was transmitted in the ACK Slot.

The End of Frame (EOF) is the field that signals the End of Frame. It comprises seven consecutive Recessive Bits.

The Interframe Space (IFS) represents the gap between frames. It consists of three consecutive Recessive Bits indicating the minimum interval between frames. This prevents collisions between consecutive frames and enhances communication reliability.

2.1.2. Error Handling

CAN communication detects and manages errors in stages such as error detection, error counter management, and error state transitions. It can identify five types of errors: Bit, Stuff, CRC, Form, and ACK Error.

A Bit Error occurs when the bit transmitted by the sending ECU is different from the actual bit received by the CAN BUS. However, exceptions include cases where a Stuff Bit or the ACK Slot is transmitted as a Dominant Bit, in which no Bit Error is triggered [7,8]. In addition, Bit Errors do not occur when a transmitting ECU in the Passive Error Flag state detects a Dominant Bit.

A Stuff Error occurs when the sixth consecutive identical bit appears in an encoded Frame Field, violating the bit-stuffing rule. As shown in Figure 3, bit-stuffing is used to maintain synchronization and assist in error detection during data transmission. This method inserts the opposite bit when five identical consecutive bits are detected.

A CRC Error occurs when the CRC value calculated by the receiving ECU is different from the CRC value transmitted by the sending ECU.

Form Error occurs when a fixed-format Bit Field, such as a Delimiter Bit or EOF contains a bit that does not conform to the required format. However, a Form Error does not occur if the receiving ECU detects a Dominant Bit in the last bit of the EOF or monitors a Dominant Bit in the last bit of the Error Delimiter.

An ACK Error occurs when, after sending a message, the transmitting ECU detects a Recessive Bit in the ACK Slot instead of a Dominant Bit from the receiving ECU connected to a CAN BUS.

The ECUs connected to the CAN BUS exist in one of three error states, as shown in Figure 4. These states are managed through a Transmission Error Counter (TEC), which counts errors occurring during transmission, and the Receive Error Counter (REC), which counts errors occurring during reception. When an error is detected, the TEC typically increases by eight and the REC increases by one [5,6]. Conversely, when communication occurs without errors, both the TEC and REC decrease by 1.

Error Active is the default state of an ECU that allows normal participation in CAN BUS communication. When either the TEC or REC reaches 128, the state transitions to Error Passive. If the counters fall below 128, the state reverts to Error Active. Additionally, when an error occurs, the ECU transmits an Active Error Frame, as shown in Figure 5.

Passive error is a state in which the ECU transmits a Passive Error Frame when an error occurs, as shown in Figure 6. After transmitting the Passive Error Frame, any subsequent transmission requires the ECU to wait before retrying. If TEC exceeds 255, the ECU transitions to a bus-off state.

A bus-off is a state in which the ECU can no longer participate in communication and cannot influence the bus. This occurs when an ECU is isolated from the network. If 11 consecutive Recessive Bits are detected 128 times on the bus, the TEC and REC are reset to zero, and the ECU transitions back to the error-active state.

2.1.3. Attack Type

Network attacks within vehicles involve hacking an ECU to inject malicious messages into the CAN BUS, thereby disrupting the normal functionality of the vehicle [9]. This study addresses Denial of Service (DoS), Fuzzy, and Spoofing attacks.

DoS Attack is, as shown in Figure 7, where a hacked ECU leverages the CAN communication arbitration process to send a large number of low-priority messages, disrupting normal communication. By transmitting these messages repeatedly at short intervals, an attack can saturate the CAN BUS, thereby preventing the transmission of legitimate messages.

A Fuzzy Attack, as depicted in Figure 8, involves transmitting messages with randomly generated IDs and data to the CAN BUS. This disrupts the transmission of legitimate messages and causes devices to malfunction. From the perspective of the hacker, the attack is relatively simple to execute, as it only requires sending messages with random IDs and data. However, these messages are uncommon in normal communication scenarios, which makes them easier to detect from the perspective of an IDS.

A Spoofing Attack, as shown in Figure 9, occurs when a compromised ECU monitors messages transmitted on the CAN BUS for a period of time and then impersonates a legitimate ECU to send false data to the bus. By mimicking a specific ECU, the attack causes other ECUs to operate based on incorrect information. In some cases, the attack replicates the exact data of legitimate messages, making a distinction between normal and malicious messages difficult for the receiving ECU. This makes the attack particularly dangerous from the perspective of the driver.

3. CNN-Based Intrusion Detection System Model

3.1. CNN Model

This study proposes a lightweight CNN model with a simplified Multi-Layer Perceptron (MLP) structure and a single convolution layer, based on shallow learning designed for a vehicle IDS, as shown in Figure 10.

The proposed model uses 11 CAN IDs, each consisting of 11 bits, as the input. It uses a 16 × 2 × 2 kernel to form a 16 × 10 × 10 convolution layer, followed by a 2 × 2 filter to construct a 16 × 5 × 5 max-pooling layer. The processed data are then passed through two fully connected layers. The first fully connected layer reduces the input of 400 nodes to 32 nodes, and the second fully connected layer further reduces the input to four nodes. These four nodes represent the classification results, indicating whether the current CAN BUS message is normal, or belongs to one of the following attack types: DoS, Fuzzy, or Spoofing. Based on the detected attack type, the message was processed using the corresponding filter algorithm [10] to determine whether it was an actual attack.

3.2. Data Preprocessing

The lightweight CNN model used in this study is designed to process the status of data frame shown in CAN BUS in real time, as shown in Figure 11, 11-bit CAN IDs were preprocessed using Sliding Window and Data Insertion method to generate a convolution layer input in the form of 11 × 11.

A Sliding Window is a technique that processes specific segments of continuous data by selecting and shifting them over a defined range. In this study, as shown in Figure 12a, the current CAN ID on the CAN BUS is placed at the bottom of the matrix, whereas the earliest received CAN ID is positioned at the top. When a new CAN ID arrives, the earliest CAN ID is removed, and the previous data shift upward, creating space for the current CAN ID at the bottom. This approach has the advantage of allowing individual evaluation of each CAN ID. However, this poses challenges in assessing the state of current CAN ID because of the emphasis on historical data.

Data Insertion is a preprocessing technique used to address the difficulty of assessing the state of the current CAN ID in the Sliding Window method. As shown in Figure 12b, this technique appends the three most recent CAN IDs to the previous eight CAN IDs to create an 11×11 structure. By placing more emphasis on the current CAN IDs, this method provides the advantage of evaluating the state of the current CAN ID more accurately.

3.3. Filter

The lightweight CNN model proposed in this study, which uses only a single convolutional layer, shows a lower performance compared to standard CNNs. To address this limitation, a Cross-Check Rule-Based Filter algorithm is introduced to enhance the detection capabilities of the model [10]. Of the three available filter algorithms, this study focuses on those targeting Spoofing and Fuzzy attacks because these demonstrate significant performance degradation.

For DoS Attacks, rely solely on the IDS determination results without using the filter algorithm. For Spoofing Attacks, the filter algorithm was refined by revising Rule 2 and introducing Rule 3. For Fuzzy Attacks, modifications included removing Rule 1 and adjusting Rule 2. These improvements were made to enhance detection accuracy while maintaining compatibility with the lightweight CNN-based IDS.

The Spoofing Filter Algorithm detects Spoofing attacks that exploit normal IDs by assigning predefined ${FP}_{Max}$ values to each normal ID. To determine if an attack is taking place, the algorithm compares this value with the number of times the IDS has identified the attacked ID as malicious (Rule 1). Additionally, because Spoofing attacks often use the same ID with repeated Data Fields, the algorithm calculates and compares the Hamming Distance between Data Fields of the same ID to determine if an ongoing attack (Rule 2). Because normal communication can also involve the use of the same ID with repeated Data Fields, the algorithm mitigates performance degradation caused by Rule 2 by reviewing previous IDS results for the same ID to make a final determination (Rule 3). (Algorithm 1).

Algorithm 1: Spoofing Attack

The Fuzzy Filter Algorithm detects Fuzzy attacks that involve the transmission of randomly generated IDs and Data Fields by analyzing the Hamming Distance between Data Fields with the same ID in normal data. The algorithm determines the maximum Hamming Distance, $H_{Max}$ from the normal data and compares it with the Hamming Distance between Data Fields with the same ID during communication to identify an attack (Rule 1). Because randomly transmitted IDs and Data Fields typically exhibit higher Hamming Distances than normal IDs and Data Fields, the algorithm can effectively detect such attacks. (Algorithm 2).

Algorithm 2: Fuzzy Attack

4. Hardware Implementation

The hardware architecture of an in-vehicle IDS using a lightweight CNN model is shown in Figure 13. The IDs transmitted on the CAN BUS were processed using Data Preprocessing to form an 11 × 11 input structure, which was converted to match the kernel size for feature extraction. The converted values are used for Convolution and Max Pooling, followed by operations in Dense Layer 1 and 2. Finally, the data communicated on the CAN BUS and the output from Dense Layer 2 were provided as inputs to the filter, which produced the final attack determination.

4.1. Parameter

This study presented a lightweight CNN model tailored for in-vehicle networks, trained using 32-bit floating-point data. However, this format leads to high resource consumption and slower detection speeds when implemented in hardware [11].

To overcome these challenges, as shown in Figure 14, a fixed-point representation was adopted, eliminating the need for normalization. Additionally, all parameters were quantized to 16 bits. This optimization effectively reduced resource usage and enhanced detection speed.

Additionally, two 16 KB SRAM modules were utilized to store the parameters required for the CNN and filter. To enable real-time attack detection on messages transmitted over the CAN BUS, as shown in Figure 15, the parameters required for the next operation are preloaded from the SRAM into the buffer while the Dense Layer 1 computation is underway [12,13]. This approach ensures seamless execution of subsequent operations, enabling uninterrupted real-time processing.

4.2. Convolution, Max Pooling, Fully Connected Layer

The main operations in a CNN are performed by the convolution layer and the pooling layer, which require optimization for hardware implementation [14,15,16].

This study utilizes the hardware architecture of the convolution layer, as shown in Figure 16, where 11 × 11 input is processed through feature extraction and transformed into a 2 × 2 output. Feature input value consists of binary values (1 and 0), allowing the multiplication operations in the convolution process to be replaced by AND operations. This approach significantly reduces resource usage and optimizes the hardware for real-time processing.

Additionally, we propose modifying the computational sequence shown in Figure 17a to the sequence shown in Figure 17b, for only four values required for Max Pooling were processed through convolution operations and stored in the registers for comparison. By performing computations only on necessary values, this method reduces resource usage and, regardless of the input format, the Max Pooling result can be output in only four cycles, minimizing the latency.

By modifying the computation sequence, the Feature, Convolution, Max Pooling, and Fully Connected Layer 1 operations can be structured into a pipelined architecture, as shown in Figure 18. According to

Table 1. Performance comparison based on pipelining and execution order.

Method	Detected Time (ms)	Resource (LUT)
Pipeline + Propose Step	0.023	11,062
Not Pipeline + General Step	0.012	32,291

, comparing the parallel processing of Convolution and Max Pooling operations with their reuse in a pipelined structure shows a 65% reduction in LUT usage. However, this increased detection time, which is a drawback. This is addressed by comparing the detection time with the criteria for determining whether the current message in the CAN communication is valid. The results show that even with a longer detection time, the determination of attack for the current frame is possible. Regarding ECU transmission, a message can be considered valid if no errors occur up to the last bit of the EOF. Similarly, for receiving ECU, a message is considered valid if no errors occur up to the bit immediately preceding the last bit of the EOF. Considering the worst-case scenario with a CAN communication speed of 500 Kbps, DLC of 0, and no Stuff bits, the minimum time required to invalidate a message is calculated as follows:

$$Minimum Time={\displaystyle \frac{Frame bit at Worst Case}{Baud Rate}}$$

(1)

To invalidate a message, the transmitting ECU must detect an error within $0.088 \mathrm{m}\mathrm{s}$, whereas the receiving ECU must detect an error within $0.086 \mathrm{m}\mathrm{s}$. Thus, the proposed IDS in this study is sufficient to detect attacks and invalidate the message because it has a detection time of $0.0234 \mathrm{m}\mathrm{s}$. Additionally, by implementing a pipelined structure, the Dense 1 operation can proceed without the need for a flattening process, which means that no additional registers are required.

This study utilized the structure of the Processing Engine as shown in Figure 19, within the Fully Connected Layer. The Processing Engine receives a 16-bit input and executes the Multiply-Accumulate (MAC) operation, but during computation, overflow may occur due to the limitations of the 16-bit fixed-point representation. To address this issue, as depicted in Figure 20, the 16-bits input is extended to 32-bits during the MAC operation [17,18]. Once the computation is complete, the result is converted back to 16-bits for output. This approach effectively resolves the overflow problem while enhancing the accuracy of the computation process.

4.3. Filter

The hardware design of the filter structure is shown in Figure 21. The filter register is a crucial component in the process. At the start of CAN communication, it reads and stores the values of ${FP}_{Max}$ and $H_{Max}$ values from the SRAM, which are essential for the Spoofing and Fuzzy attack detection algorithms. During communication, the register also holds the current CAN ID, DATA, Hamming Distance, and attack counter. The output from Dense 2 is routed to all detection algorithms. If no attack is identified, the output is marked as Normal (Logic 0). Conversely, if a Fuzzy, DoS, or Spoofing attack is detected, the output is marked as Attack (Logic 1), triggering an Error Frame on the CAN BUS.

5. Validation and Performance Evaluation

5.1. Verification Environment

In this study, the dataset configuration used for training the lightweight CNN model in the IDS is shown in

Table 2. Configuring the dataset used to train the lightweight CNN model.

Attack Type	# of Messages	# of Normal Messages	# of Injection Messages
DoS	3,665,771	3,078,250	587,521
Fuzzy	6,838,860	3,347,013	491,847
Gear (Spoofing)	4,443,142	3,845,890	597,252
RPM (Spoofing)	4,621,702	3,966,805	654,897
Normal	988,987	988,872

. This dataset was constructed by recording CAN traffic from a real vehicle through the OBD-II port. The DoS attack uses CAN ID “0×000”, the Fuzzy attack utilizes random values for both CAN ID and DATA, and the Spoofing attack uses information related to RPM and Gear, along with the corresponding CAN ID [5,9,19,20]. Additionally, the dataset configuration used for verification, with 100,000 instances of each attack type used for testing is shown in

Table 3. Configuring the data set used for FPGA validation.

Attack Type	# of Normal Messages	# of Injection Messages
DoS	76,327	23,673
Fuzzy	87,979	12,021
Gear (Spoofing)	81,183	18,817
RPM (Spoofing)	81,048	18,952

.

The FPGA verification environment used to validate the real-time response of the lightweight CNN-based IDS proposed in this study is shown in Figure 22. The verification environment utilizes Universal Asynchronous Receiver Transmitter (UART) communication was used to transmit the IDS results to a PC, and the PEAK system’s PCAN-USB was employed to implement the transmitting ECU on the CAN BUS. An API was developed in Python to control PCAN-USB. The TLE 9250 V transceiver was used to convert the CAN-H and CAN-L signals, as well as for RX and TX signal conversion. In addition, a Nexys Video FPGA board was selected for debugging to provide the necessary resources for the verification process. The verification sequence is as follows.

• Transmit the test data to the CAN BUS through the PCAN USB using the PCAN API.
• Transmit data from the CAN BUS to the FPGA, where the verification system is implemented via a transceiver.
• The FPGA board transmits signals, such as ACK and error flags, to the CAN BUS while sending the IDS results to the PC via UART.

To check for errors during the transmission and reception processes, PCAN View and an oscilloscope were used to monitor the transmission/reception waveforms and data.

5.2. Performance Evaluation

We compared the performance of different data preprocessing methods applied to the same lightweight CNN model, utilizing dataset used for model training, to verify that the proposed Data Insertion method can assist in determining attacks in real time. Specifically, we evaluated the performance of using the Sliding Window method alone and the combined approach of Sliding Window and Data Insertion. As shown in

Table 4. Comparison of accuracy based on data preprocessing methods.

Attack	Sliding Window (%)	Sliding Window + Data Insertion (%)
DoS	90.4153	99.9255
Fuzzy	87.2578	98.4888
Gear (Spoofing)	86.1185	97.9245
RPM (Spoofing)	86.9854	97.8995

, the combined approach of Sliding Window and Data Insertion achieved a 10% performance improvement compared to using the Sliding Window method alone.

For IDS performance evaluation on the FPGA, 100,000 test datasets were used, and the evaluation was based on the metrics of accuracy, precision, recall, and F1-Score. The accuracy represents the ratio of correct predictions made by the IDS. Precision refers to the proportion of actual attacks among instances that the IDS identified as attacks. Recall measures the proportion of actual attacks correctly identified by an IDS. The F1-Score is the harmonic mean of precision and recall, offering a balanced evaluation, particularly for imbalanced datasets.

For this evaluation, the following terms were defined: True Positive (TP) refers to instances in which the IDS correctly identified an attack, and True Negative (TN) refers to instances in which the IDS correctly identified a normal message. A false Positive (FP) refers to instances in which the IDS incorrectly identifies a normal message as an attack, and a False Negative (FN) refers to instances in which the IDS incorrectly identifies an attack as normal.

$$Accuracy={\displaystyle \frac{TP+TN}{TP+FP+TN+FN}}$$

(2)

$$Precision={\displaystyle \frac{TP}{TP+FP}}$$

(3)

$$Recall={\displaystyle \frac{TP}{TP+FN}}$$

(4)

$$F1-Score={\displaystyle \frac{2\ast Precision\ast Recall}{Precision\ast Recall}}$$

(5)

The software and hardware performance metrics for the lightweight CNN model with filters applied are shown in

Table 5. Lightweight CNN model software performance indicators.

Attack Type	Accuracy (%)	Precision (%)	Recall (%)	F1 Score (%)
DoS	99.9255	99.6212	99.9983	99.8094
Fuzzy	98.4888	96.6246	94.1021	95.3467
Gear (Spoofing)	97.9245	91.8077	96.4587	94.0758
RPM (Spoofing)	97.8995	91.1108	97.5583	94.2244

and

Table 6. Filter application performance indicators of lightweight CNN-based IDS implemented in hardware.

Attack Type	Accuracy (%)	Precision (%)	Recall (%)	F1 Score (%)
DoS	99.9540 → 99.9110	99.8061 → 99.6255	100 → 100	99.9029 → 99.8124
Fuzzy	98.7479 → 99.3039	95.8294 → 94.6605	93.6611 → 99.8419	94.7329 → 97.1822
Gear (Spoofing)	97.7508 → 99.6790	90.7757 → 98.6583	98.0071 → 99.6493	94.2529 → 99.1513
RPM (Spoofing)	97.9738 → 99.8580	91.4244 → 99.5365	98.5542 → 99.7151	94.8555 → 99.6257

. An evaluation was conducted for four types of attacks: DoS, Fuzzy, Gear (Spoofing), and RPM (Spoofing). The data format used in the software implementation was a 32-bit floating point, whereas the hardware implementation utilized a 16-bit fixed-point representation.

A comparison of the results shows that the hardware implementation outperformed the software in some aspects. This improvement is attributed to the difference in the Bit Resolution that occurs when converting from a 32-bit floating point to a 16-bit fixed point during hardware implementation. The CNN model did not achieve the highest possible results because of its lightweight design. A filter algorithm was applied to address this reduced performance. As listed in Table 6, the performance of the model improved significantly, with notable increases in the Recall for the Fuzzy attack and Precision for the Spoofing attack.

The time required by different IDS models to determine an attack is shown in

Table 7. Comparison of inference time with other IDS models.

Model	Latency (ms)	Detection Unit	Platform
ACGAN [6]	0.203	Per CAN frame	Raspberry Pi 4
MA-QCNN [21]	0.43	4 CAN frame	Zynq Ultrascale +
DCNN [5]	5	29 CAN frame	Tesla K80
MTH [22]	0.574	Per CAN frame	Raspberry Pi 3
QMLP [23]	0.24	Per CAN frame	Zynq Ultrascale +
BNN [24]	0.259	30 CAN frame	Zedboard
Proposed IDS	0.023	Per CAN frame	Artix 7

. The proposed IDS is shown to be 0.22 ms faster on average than the fast detection models, QMLP and BNN. As shown in

Table 8. Metric comparison of proposed IDS and other FPGA implementation cases.

Metric	QMLP	BNN	MA-QCNN	Proposed IDS
FPGA Device	Zynq Ultrascale + XCZU7EV	Zedboard XC7Z020	Zynq Ultrascale + XCZU3EG	Nexys Video XC7A200T
LUTs	56,733	33,224	30,726	17,059
FFs	72,146	54,175	48,400	11,062
BRAM (Mb)	3.06	4.85	2.5605	0.288
URAM (Mb)	6.75	0	0	0

, the proposed IDS was implemented with 70% fewer LUTs and 85% fewer FFs than the QMLP, with a memory requirement of 0.288 MB. Additionally, similar to the BNN, the proposed model can perform multiclass classification to determine the type of attack and can also use the filter algorithm for binary classification to detect attacks.

The results of the ASIC implementation of the CNN-based IDS proposed in this study are shown in

Table 9. ASIC implementation of proposed IDS.

Metric	Proposed IDS
Using System Clock	50 MHz
Total area of Chip	1,146,194 gate
Total area of SRAM in IDS	203,876 gate
Single area of IDS(CNN)	135,866 gate
Single area of IDS(Filter)	55,510 gate

. The implementation was based on the TSMC 180 nm process and Synopsys Design Compiler, with a die size of 5000 µm × 5000 µm. The clock used in the ASIC for the IDS was set to 50 MHz, and the Gate Count was calculated based on a 2-input NAND gate. The IDS, including the SRAM used for storing parameters, occupies 39.1762% of the total chip area, while the remaining portion consists of the Cortex-M3 and Debug Logic, and SRAM used by the Core. The utilized area of the total chip is shown in Figure 23, while the blue section represents the unused area.

6. Conclusions

This study aims to detect attacks on in-vehicle networks using a Shallow Learning-based lightweight CNN IDS. The lightweight CNN employs a single Convolution Layer and applies data preprocessing methods such as Sliding Window and Data Insertion for real-time detection. In hardware implementation, the use of a fixed-point representation that does not require normalization, and a pipelined structure resulting from changes in the Convolution operation order, lead to reductions in both resource usage and delay. Additionally, performance degradation caused by the lightweight design is mitigated by up to 8.1121% through the application of filter algorithms to handle Fuzzy and Spoofing attacks.

A total of 400,000 attack injection dataset were used to verify the real-time detection and response actions for DoS, Fuzzy and Spoofing attacks. Despite being implemented utilizing 17,059 LUTs and 191,376 gates, the Shallow Learning-based CNN IDS achieved an accuracy of 99.6879% and a recall of 99.8014% across these three types of attacks. However, the proposed model uses supervised learning, which has the limitation of being unable to detect attack types not present in the training data. This is a known limitation of supervised learning-based IDS. In future research, we plan to implement an IDS with lower resource usage and reduced delay by utilizing an unsupervised