Abstract
As modern vehicles continue to evolve, advanced technologies are integrated to enhance the driving experience. A key enabler of this advancement is the Controller Area Network (CAN) bus, which facilitates seamless communication between vehicle components. Despite its widespread adoption, the CAN bus was not designed with security as a priority, making it vulnerable to various attacks. In this paper, we propose CANGuard, an Intrusion Detection System (IDS) designed to detect attacks on the CAN network and identify the originating node in real time. Using a simulated CAN-enabled system with four nodes representing diverse vehicle components, we generated a dataset featuring Denial-of-Service (DoS) attacks by exploiting the arbitration feature of the CAN bus, which prioritizes high-criticality messages (e.g., engine control) over lower-criticality ones (e.g., infotainment). We trained and evaluated several machine learning models for their ability to detect attacks and pinpoint the responsible node. Results indicate that Gradient Boosting outperformed other models, achieving high accuracy in both attack detection and node identification. While the Multi-Layer Perceptron (MLP) model demonstrated strong attack detection performance, it struggled with node identification, achieving less than 50% accuracy. These findings underscore the potential of tree-based models for real-time IDS applications in CAN-enabled vehicles.