*5.1. Implication*

This study examines the bit-level CAN bus reverse framework using a multiple linear regression model. This framework is the only method that can achieve bit-level reversion. It uses sensor data as the dependent variable and each bit of the CAN message data field as the dependent variable to build a multiple linear regression model to obtain the carving of vehicle behavior for each bit based on the *β*. This study shows that the framework can accurately filter CAN messages related to vehicle behavior, reverse the way each bit represents vehicle behavior, and obtain the length, boundary, and alignment format of the signal. Compared to other methods, the framework can delineate the signal length and message filtering more accurately. In addition, the algorithm uses a globally available standard interface (OBD-II) and common motion sensors to capture CAN traffic and vehicle behavior data, which allows access to data that is not limited by model and make, making the algorithm more usable. The excellent reverse capability of the system can help automotive security researchers to quickly discover how CAN messages describe vehicle behavior when DBC files are not available. It is worth mentioning that attackers may also use our approach to find better attack approaches against cars. Although the framework makes DBC files less secret, it is more meaningful to study the automotive CAN detection and defense attack capabilities. In addition, a better attack prevention system could be developed based on the reverse results of this scheme.

### *5.2. Limitations and Future Work*

The present study has three significant limitations that can be addressed in future studies. First, the lack of extreme data affected the correctness of the experiment. When CAN traffic and vehicle behavior data were acquired, CAN data and sensor data could not cover extreme data, such as vehicle speed reaching 255 km/h, maximum steering wheel angle, and pedal reaching maximum angle. The lack of extreme data departs the highest position in the experimental results, resulting in unsatisfactory experimental results. Future research can obtain extreme data in closed scenarios to optimize the experimental results.

Second, insufficient DBC files. We use open-source DBC descriptions as truth when testing the results of validation experiments in vehicles. However, most of the current open-source DBC files are obtained by extracting the ECU firmware, resulting in a minimal number. This study can obtain the description of CAN messages without firmware, which provides a new idea to obtain DBC files for subsequent studies.

Finally, application limitations. Due to the limited number of test vehicles used, this framework validated its reverse effect in a subset of vehicles. According to the devices and data on which the framework relies, it can be applied to almost all vehicles. To address the difficulty of testing in actual vehicles, software and hardware simulations [55] of the internal networks of vehicles can be investigated in future research to address the application limitations.

**Author Contributions:** Formal analysis, G.X. (Guosheng Xu); Funding acquisition, G.X. (Guosheng Xu) and C.W.; Investigation, S.Z.; Methodology, Z.B. and G.X. (Guoai Xu); Project administration, G.X. (Guoai Xu); Resources, C.W.; Software, Z.B. and S.Z.; Supervision, G.X. (Guoai Xu); Validation, G.X. (Guosheng Xu); Writing—original draft, Z.B. and S.Z.; Writing—review & editing, C.W. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research was funded by the National Natural Science Foundation of China under Grant No. 62102042, and the China Postdoctoral Science Foundation under Grant No. 2021T140074, and the Data Security Risk Monitoring Traceability & Integrated Management Platform project from the 2020 China Industrial Internet Innovation and Development Project.

**Data Availability Statement:** The data presented in this study are available in Section 4.4.1.

**Acknowledgments:** The authors would like to thank the editors and all the reviewers for their valuable comments.

**Conflicts of Interest:** The authors declare no conflict of interest.
