MIDS: Detecting Stealthy Masquerade and Tampering Attacks on CAN Bus via Bidirectional Mamba

2026-06-17 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, quick

Summary

The Mamba Intrusion Detection System (MIDS) is a novel dual-stream framework designed to detect stealthy masquerade and tampering attacks on the Controller Area Network (CAN) bus in modern vehicles. Unlike existing systems focused on fabrication attacks, MIDS specifically addresses masquerade scenarios where an internal adversary substitutes legitimate frames, preserving traffic periodicity and evading traditional defenses. MIDS processes CAN identifiers and payloads in parallel, reconstructing their joint temporal semantics using bidirectional selective state-space modeling. Evaluated on over 100 million CAN frames from a Tesla Model 3, including 54 synthesized masquerade attack variants, MIDS achieved an F1 score of 96.94% with a 1.147 ms single-window inference latency. It also demonstrated strong generalization, attaining F1 scores from 93.70% to 99.61% on four public benchmarks (ROAD, CrySyS, OTIDS, CT&T), outperforming eight reproduced baselines by up to 13.94 percentage points.

Key takeaway

For AI Security Engineers developing intrusion detection systems for automotive CAN buses, you should prioritize solutions capable of detecting stealthy masquerade attacks. MIDS demonstrates that combining parallel processing of CAN identifiers and payloads with bidirectional selective state-space modeling significantly improves detection accuracy. Consider integrating similar dual-stream architectures to achieve high F1 scores and real-time inference latency, enhancing vehicle cybersecurity against sophisticated internal adversaries.

Key insights

MIDS uses bidirectional Mamba to detect stealthy CAN bus masquerade attacks, outperforming baselines with low latency.

Principles

• Address masquerade attacks specifically.
• Preserve traffic periodicity for stealth.
• Combine ID and payload semantics.

Method

MIDS employs a dual-stream framework, processing CAN identifiers and payloads in parallel, then reconstructs joint temporal semantics via bidirectional selective state-space modeling.

In practice

• Deploy MIDS for real-time CAN bus security.
• Evaluate IDS against masquerade attack variants.
• Utilize bidirectional state-space models.

Topics

• CAN Bus Security
• Intrusion Detection Systems
• Masquerade Attacks
• Mamba Models
• State-Space Models
• Automotive Cybersecurity

Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Security Engineer

Related on AIssential

• TinyML-Driven Cybersecurity for Autonomous Spacecraft: Latency-Accuracy Analysis for SPARTA RF and Cyber Threat Detection — TinyML for autonomous spacecraft cybersecurity demands balancing microsecond latency with detection accuracy, favoring Logistic Regression as a baseline and MLP for optimal trade-offs.
• FlowGuard: Flow Matching for Identity-Independent Detection of Data-Free Model Stealing Attacks on Energy System Intrusion Detection Systems — FlowGuard detects data-free model stealing in energy IDS by identifying synthetic queries as out-of-distribution via flow matching.
• SoK: AI-Augmented Binary Reversing — A new SoK unifies AI-augmented binary reversing, mapping 144 papers across 22 domains with a comprehensive taxonomy.
• Resource-Aware Deployment Optimization for Collaborative Intrusion Detection in Layered Networks — A CIDS framework dynamically optimizes detector allocation for adaptive, efficient intrusion detection on edge devices.
• Nothing To Detect — Agentic AI's primary security threat is authorized malicious action, shifting focus from detection to governance of permission models.
• Spoon-feeding a Monster — Autonomous security testing requires separating LLM reasoning from deterministic execution to ensure ground truth and prevent hallucinations.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.