As modern vehicles increasingly rely on data-driven detection mechanisms, ensuring their resilience to carefully crafted perturbations becomes critical for operational safety. This thesis investigates the trade-off between baseline detection performance and adversarial robustness in machine learning-based Intrusion Detection Systems (IDS) for Controller Area Network (CAN) environments. The work establishes a comprehensive experimental framework grounded in clearly defined threat models, curated datasets, and reproducible evaluation procedures. Within this framework, two adversarial training strategies are studied: a self-adaptive adversarial training approach derived from the methodology proposed by Marchiori et al., and a novel teacher-guided adversarial training strategy that decouples adversarial example generation from the optimization of the target model. Extensive experiments are carried out to assess detection performance and adversarial resistance in various configurations. The findings shed light on the ways in which various training paradigms affect robustness and show the circumstances in which adversarial training increases resilience without appreciably lowering baseline performance. Methodological issues for evaluating robustness in the CAN domain in addition to empirical evaluation are addressed, highlighting the significance of context-aware evaluation protocols. Lastly, directions for future work are described, including the exploration of complementary analysis techniques and broader threat scenarios. Overall, this work advances our knowledge of adversarial robustness in automotive IDS and offers helpful advice for creating detection systems that are more resilient.
Poiché i veicoli moderni si affidano sempre più a sistemi di rilevamento basati sui dati, garantire la loro resilienza a perturbazioni accuratamente studiate diventa fondamentale per la sicurezza operativa. Questa tesi indaga il compromesso tra prestazioni di rilevamento di base e robustezza avversariale nei sistemi di rilevamento delle intrusioni (IDS) basati sul machine learning per ambienti Controller Area Network (CAN). Il lavoro stabilisce un quadro sperimentale completo basato su modelli di minaccia chiaramente definiti, dataset curati e procedure di valutazione riproducibili. All'interno di questo framework, vengono studiate due strategie di addestramento avversariale: un approccio di addestramento avversariale auto-adattivo derivato dalla metodologia proposta da Marchiori et al. e una nuova strategia di addestramento avversariale guidata da un insegnante che disaccoppia la generazione di esempi avversari dall'ottimizzazione del modello target. Vengono condotti esperimenti approfonditi per valutare le prestazioni di rilevamento e la resistenza avversariale in varie configurazioni. I risultati fanno luce sui modi in cui i vari paradigmi di addestramento influenzano la robustezza e mostrano le circostanze in cui l'addestramento avversariale aumenta la resilienza senza ridurre sensibilmente le prestazioni di base. Vengono affrontate questioni metodologiche per la valutazione della robustezza nel dominio CAN, oltre alla valutazione empirica, evidenziando l'importanza di protocolli di valutazione che tengano conto del contesto. Infine, vengono descritte le direzioni per i lavori futuri, tra cui l'esplorazione di tecniche di analisi complementari e scenari di minaccia più ampi. Nel complesso, questo lavoro amplia la nostra conoscenza della robustezza avversariale nei sistemi IDS per il settore automobilistico e offre utili consigli per la creazione di sistemi di rilevamento più resilienti.
Adapt or get schooled: two methods of adversarial training for CAN intrusion detection systems
Viti, Stefano
2024/2025
Abstract
As modern vehicles increasingly rely on data-driven detection mechanisms, ensuring their resilience to carefully crafted perturbations becomes critical for operational safety. This thesis investigates the trade-off between baseline detection performance and adversarial robustness in machine learning-based Intrusion Detection Systems (IDS) for Controller Area Network (CAN) environments. The work establishes a comprehensive experimental framework grounded in clearly defined threat models, curated datasets, and reproducible evaluation procedures. Within this framework, two adversarial training strategies are studied: a self-adaptive adversarial training approach derived from the methodology proposed by Marchiori et al., and a novel teacher-guided adversarial training strategy that decouples adversarial example generation from the optimization of the target model. Extensive experiments are carried out to assess detection performance and adversarial resistance in various configurations. The findings shed light on the ways in which various training paradigms affect robustness and show the circumstances in which adversarial training increases resilience without appreciably lowering baseline performance. Methodological issues for evaluating robustness in the CAN domain in addition to empirical evaluation are addressed, highlighting the significance of context-aware evaluation protocols. Lastly, directions for future work are described, including the exploration of complementary analysis techniques and broader threat scenarios. Overall, this work advances our knowledge of adversarial robustness in automotive IDS and offers helpful advice for creating detection systems that are more resilient.| File | Dimensione | Formato | |
|---|---|---|---|
|
2026_03_Viti_Executive Summary.pdf
accessibile in internet per tutti
Dimensione
374.01 kB
Formato
Adobe PDF
|
374.01 kB | Adobe PDF | Visualizza/Apri |
|
2026_03_Viti_Tesi.pdf
accessibile in internet per tutti
Dimensione
1.28 MB
Formato
Adobe PDF
|
1.28 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/251740