This repository contains the source code and supporting material for a project on intrusion detection for Controller Area Network (CAN) traffic using deep learning. The project explores multiple architectures (LSTM, autoencoder, fuzzy logic and attention mechanisms) across MATLAB, TensorFlow and PyTorch implementations.
The data used in this project consists of CAN frames labelled as normal or attack traffic. Models are trained to recognise anomalous or malicious behaviour such as denial-of-service (DoS) patterns on the bus.
final_code/Matlab/– Final MATLAB demonstrator for the CAN IDS, including live scripts (MLX) and plotting utilities.TensorFlow/– TensorFlow implementation with Jupyter notebooks (e.g.LSTM-AE.ipynb,LSTM_fuzzy.ipynb,main.ipynb) and apreprocess.pyhelper that prepares sequence data for training.PyTorch/– PyTorch implementation with LSTM-based sequence models for DoS and fuzzy attacks, plus saved models and results.Installations Guide.docx,Installations and User Guide.pdf– Original installation and usage documentation for the final code.
matlab/– Earlier MATLAB version of the CAN IDS (live scripts, trained networks, plots and data preparation utilities).Avancements/,état de l'art/– Project management and literature review material.Rapport Projet.docx,Rapport_Projet_Final.*,Final_Presentation_CANIDS.*,V2_Final_Presentation_CANIDS.*– Project reports and presentation slides.
The deep learning models operate on CAN traffic exported to CSV. The TensorFlow preprocessing script (final_code/TensorFlow/preprocess.py) expects at least the following columns:
timestamp– Time of the CAN frame.arbitration_id– CAN identifier in hexadecimal form (converted to decimal during preprocessing).data_field– Payload bytes encoded as a hexadecimal string.attack– Binary label indicating normal (0) or attack (1) traffic.
From these raw fields, additional features such as inter-frame time intervals, per-byte payload values and local frequency-based statistics are derived and assembled into sliding windows for sequence models.
Depending on which implementation you want to run, you will typically need:
- Python 3 with scientific Python libraries (NumPy, pandas) and the relevant deep learning framework (TensorFlow or PyTorch), plus scikit-learn for dataset utilities.
- MATLAB with the Deep Learning Toolbox for the MATLAB-based experiments.
- Jupyter Notebook or JupyterLab if you want to run the
.ipynbnotebooks interactively.
For detailed, step-by-step environment setup tailored to this project, please refer to:
final_code/Installations and User Guide.pdffinal_code/Installations Guide.docx
- Prepare a Python environment with TensorFlow, NumPy, pandas and scikit-learn installed.
- Place your CAN CSV file in a known location and update any file paths used in
preprocess.pyor the notebooks if necessary. - Launch Jupyter and open one of the notebooks in
final_code/TensorFlow/(for examplemain.ipynb,LSTM-AE.ipynborLSTM_fuzzy.ipynb). - Execute the notebook cells to preprocess the data, train the model and evaluate detection performance.
- Prepare a Python environment with PyTorch, NumPy and pandas installed.
- Start Jupyter and open the notebooks in
final_code/PyTorch/(e.g.pytorch_LSTM_DoS_seq.ipynb,pytorch_LSTM_Fuzzy_seq.ipynb). - Follow the notebook instructions to load data, train the LSTM models and inspect the saved results under
model&results/.
- Open MATLAB and add the relevant folder (
final_code/Matlab/ormatlab/) to your MATLAB path. - Open one of the live scripts such as
LSTM_NIDS.mlx,NIDS_DoS.mlxorNIDS_Attention.mlx. - Run the script sections in order to prepare the data, train the networks and generate the provided plots.
This repository reflects a completed student project and accompanying report. The code is primarily intended for research, study and reproduction of the original experiments. It may require minor adaptation (paths, library versions, dataset locations) to run in a new environment.
This work makes extensive use of the "can-train-and-test: A curated CAN dataset for automotive intrusion detection" dataset.
If you use this repository in your own research or publications, please also cite the original dataset paper:
- Brooke Lampe and Weizhi Meng, "can-train-and-test: A curated CAN dataset for automotive intrusion detection".