CYBERSECURITY • MACHINE LEARNING

Car Hacking IDS

Intrusion Detection System for detecting malicious CAN Bus traffic.
Built using Random Forests and my custom TRCC clustering algorithm, trained on the Car-Hacking Dataset

Overview

This project focused on building an Intrusion Detection System (IDS) for in-vehicle networks using the Car-Hacking Dataset. Modern vehicles rely on the CAN Bus, which is vulnerable to attacks such as DoS (Denial of Service), Fuzzy attacks, and gear/RPM manipulation. The goal was to detect these anomalies reliably using machine learning techniques.

Technical Highlights

Dataset: Car-Hacking Dataset (OCS Lab)
Features: CAN ID frequency, Time difference, Data byte patterns
Model: Random Forest Classifier (baseline)
Custom Algorithm: TRCC (Tissue Response & Cytokine Clustering)
Metrics: Accuracy, Attack Precision, ARI, Purity
Frameworks: Python (scikit-learn, pandas, matplotlib, Optuna)
Hardware: Tested locally on CPU + NVIDIA RTX 3060 GPU

Results

The Random Forest baseline achieved 85% accuracy with perfect attack precision on DoS and Fuzzy datasets. The TRCC clustering algorithm outperformed K-Means and DBSCAN on non-convex/noisy subsets, achieving better silhouette scores and clustering purity.

Challenges & Solutions

CAN traffic is highly imbalanced, with normal data dominating attack traffic. To address this, I engineered custom features such as time-difference signals and CAN ID frequency, which improved detection of stealthy attacks. The TRCC algorithm introduced immune-inspired clustering, allowing for more robust separation in unlabeled data.