The CAN protocol, widely used in vehicles, lacks authentication and encryption, making it prone to spoofing, injection, and denial-of-service attacks. This work proposes a detection method based on physical layer signal analysis and unsupervised learning. A custom testbed of eight Arduino nodes with MCP2515 transceivers emulates nominal and attack traffic. Differential voltage signals (ΔV=CAN−H−CAN−L). are locally captured, segmented, and used to train a lightweight autoencoder. Implemented in TensorFlow, the model achieves 98% accuracy and 93% recall on unauthorized data, and 85% accuracy and 87% recall on spoofed traffic, with 24 ms inference time. The results obtained show that physical layer signals enable efficient and embedded-friendly CAN intrusion detection.
Keywords: CAN Bus Security, Physical-Layer Intrusion Detection, Autoencoder, Embedded Anomaly Detection, Edge Machine Learning.
