You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

CANDefender – DoS Detection Model

Model Summary
This model detects DoS attacks on the CAN bus. It was trained on approximately 4.6 million real CAN frames (both normal traffic and DoS data). The core is an LSTM architecture that processes the CAN ID and the 8-byte payload to classify each frame as either “DoS” or “Normal.”


Performance

Test Accuracy: ~94.06%
Confusion Matrix (DoS vs. Normal):

True \ Pred DoS (pred) Normal (pred)
DoS 3,632,463 2,120
Normal 272,327 716,544
  • Recall (DoS): ~99.94%
  • Recall (Normal): ~72%

Interpretation: Almost no DoS frames are missed, but ~28% of normal traffic is misclassified as DoS (higher false alarms).


Intended Use

  • Goal: Real-time DoS detection on CAN bus data.
  • Limitations:
    • Focus on DoS only (other attack types like Fuzzy, Gear, RPM not covered).
    • Tends to over-classify normal frames as DoS (False Positives around 28%).

How to Use

import torch
import numpy as np
from can_defender_dos import CANLSTM  # replace with your actual import

# Example frame: [CAN_ID, b0, b1, ..., b7]
frame = [0x315, 0x12, 0x4F, 0xA2, 0x00, 0x00, 0x78, 0x1C, 0xAA]

# Convert to the same shape as the model expects: (batch_size, seq_len, features)
x_np = np.array(frame, dtype=np.float32).reshape(1, 1, 9)

model = CANLSTM(input_dim=9, hidden_dim=64, num_classes=2)
model.load_state_dict(torch.load("candefender_dos_final.pt"))
model.eval()

with torch.no_grad():
    logits = model(torch.from_numpy(x_np))
    pred = torch.argmax(logits, dim=1).item()
    print("Prediction:", "DoS" if pred == 0 else "Normal")

Training Configuration

  • Architecture: LSTM (64 hidden units) + final linear output
  • Optimizer: Adam, LR=1e-3
  • Epochs: ~20 (stopped when performance saturated)
  • Dataset: 4.6 million CAN frames, including normal + DoS

Limitations & Next Steps

  • False Positives: ~28% of normal frames labeled as DoS. Might be acceptable for high security environments, but can be reduced via further tuning or additional features (time windows, frequency, etc.).
  • Focus on DoS: Future expansions for multi-class detection (Fuzzy, Gear, RPM) are possible.
  • Potential Enhancements: Weighted loss for normal class, real-time deployment with window-based sequences, or transformer-based architectures.

License & Contact

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model is not currently available via any of the supported Inference Providers.
The model cannot be deployed to the HF Inference API: The model has no library tag.