AI-based Intrusion Detection Systems for In-Vehicle Networks: A Survey SAMPATH RAJAPAKSHA and HARSHA KALUTARAGE, Robert Gordon University, UK M.OMAR AL-KADRI, Birmingham City University, UK ANDREI PETROVSKI, Robert Gordon University, UK GARIKAYI MADZUDZO and MADELINE CHEAH, Horiba Mira Ltd, UK The Controller Area Network (CAN) is the most widely used in-vehicle communication protocol, which still lacks the implementation of suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyber attacks. Various Intrusion Detection Systems (IDSs) have been developed to detect these attacks. However, the high generalization capabilities of Artiicial Intelligence (AI) make AI-based IDS an excellent countermeasure against automotive cyber attacks. This article surveys AI-based in-vehicle IDS over the period of 2016-2022 (August) with a novel taxonomy. It reviews the detection techniques, attack types, features, and benchmark datasets. Furthermore, the paper discusses the security of AI models, necessary steps to develop AI-based IDSs in the CAN bus, identiies the limitations of existing proposals and gives recommendations for future research directions. CCS Concepts: • Security and privacy → Network security; Intrusion detection systems. Additional Key Words and Phrases: Intrusion detection system (IDS), in-vehicle network, Controller Area Network (CAN), Machine learning, Automotive cybersecurity 1 INTRODUCTION Modern automobiles are becoming intelligent, complex, and highly connected. In 1980, a vehicle had just 1% of electronic equipment in comparison to its mechanical counterparts. However, nowadays, electronic components have increased up to 50% [148]. This will continue to increase with the advent of autonomous cars, which will rely on powerful computer systems, a range of sensors, networking, and satellite navigation, all of which require electronics. Furthermore, modern vehicles embody software that exceeds 100 million lines of code, and it is expected to grow beyond 300 million lines of code in the near future [24]. Software on modern automobiles run on 70-100 microprocessor-based Electronic Control Units (ECUs) that are networked throughout the vehicle [24]. More than 125 million cars with embedded connectivity will be shipped worldwide between 2018 and 2022 [125]. This connectivity to the outside world makes modern automobiles part of the Internet of Things (IoT) [148]. In addition to a large number of ECUs, modern vehicles are equipped with multiple sensors, actuators, cameras, radars, communication devices, etc [2, 22]. These systems are intended to improve performance, eiciency, intelligent services, and safety for automobile users by collecting and interpreting diferent data [22]. However, at the same time, these systems make modern automobiles signiicantly more complex. Authors’ addresses: Sampath Rajapaksha, s.rajapaksha@rgu.ac.uk; Harsha Kalutarage, h.kalutarage@rgu.ac.uk, Robert Gordon Uni- versity, Aberdeen, UK; M.Omar Al-Kadri, Birmingham City University, Birmingham, UK, omar.alkadri@bcu.ac.uk; Andrei Petrovski, Robert Gordon University, Aberdeen, UK, a.petrovski@rgu.ac.uk; Garikayi Madzudzo, garikayi.madzudzo@horiba-mira.com; Madeline Cheah, madeline.cheah@horiba-mira.com, Horiba Mira Ltd, Nuneaton, UK. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proit or commercial advantage and that copies bear this notice and the full citation on the irst page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior speciic permission and/or a fee. Request permissions from permissions@acm.org. © 2022 Association for Computing Machinery. 0360-0300/2022/11-ART $15.00 https://doi.org/10.1145/3570954 ACM Comput. Surv.