pith. sign in

arxiv: 2406.07125 · v1 · pith:F5V2FGBZnew · submitted 2024-06-11 · 💻 cs.CR · cs.AI· cs.LG

CARACAS: vehiCular ArchitectuRe for detAiled Can Attacks Simulation

Sadek Misto Kirdi , Nicola Scarano , Franco Oberti , Luca Mannella , Stefano Di Carlo , Alessandro Savino This is my paper

Pith reviewed 2026-05-24 00:12 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LG
keywords CAN bus attackssynthetic datasetsSimulink modelingvehicular securityintrusion detection systemsBattery Electric Vehicletorque control attacksattack simulation
0
0 comments X

The pith

A Simulink vehicle model with CAN message control and attack injection generates synthetic datasets of Controller Area Network attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents CARACAS as a way to create large synthetic CAN attack datasets by building a full vehicular model in Simulink that handles component control through CAN messages and injects attacks directly into the simulation. This approach targets the shortage of real attack data needed to train modern intrusion detection systems for vehicle networks. The authors demonstrate it with a Battery Electric Vehicle model that applies torque control attacks under two different scenarios. If the generated data proves representative, researchers could produce varied attack traces without needing access to physical vehicles or exposing them to risk.

Core claim

CARACAS is a Simulink-based vehicular architecture that includes component control via CAN messages and attack injection capabilities, enabling the generation of synthetic CAN attack datasets; the paper shows its use on a Battery Electric Vehicle model focused on torque control attacks in two distinct scenarios.

What carries the argument

CARACAS, the Simulink vehicular model that couples CAN message-based component control with attack injection.

If this is right

  • Synthetic datasets produced this way can supplement or replace scarce real CAN attack captures for training intrusion detection systems.
  • Attack injection inside the model allows controlled variation of scenarios without hardware modifications.
  • The BEV torque control examples show the framework can target specific control functions in electric vehicles.
  • The same modeling structure can be extended to other vehicle subsystems that communicate over CAN.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the synthetic data matches real distributions closely enough, the method could lower the barrier for academic groups without vehicle testbeds.
  • The approach might be combined with existing CAN simulators to study attack propagation across multiple ECUs.
  • Validation against additional attack types beyond torque control would test whether the framework generalizes.

Load-bearing premise

The Simulink model of vehicle behavior and CAN bus messages produces attack data that is close enough to real vehicles to be useful for training detection systems.

What would settle it

Collect real CAN traces from a physical vehicle executing the same torque control attacks and measure how well classifiers trained on the synthetic data perform on the real traces.

Figures

Figures reproduced from arXiv: 2406.07125 by Alessandro Savino, Franco Oberti, Luca Mannella, Nicola Scarano, Sadek Misto Kirdi, Stefano Di Carlo.

Figure 1
Figure 1. Figure 1: Full BEV Simulink model [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Torque request schema through CAN. into the model. The designed system and the interactions among the blocks are graphically represented in [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Torque attack injector integration into the CAN model. [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Step signal injected to simulate a braking torque. [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Torque without any attack vs Torque with the attack while the vehicle is in Extra Urban Driving Cycle. [PITH_FULL_IMAGE:figures/full_fig_p005_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Velocity trajectory during torque attack and in regular driving condition while the vehicle is in Extra Urban Driving [PITH_FULL_IMAGE:figures/full_fig_p005_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Torque without and with the attack while the vehicle is in Cruise Mode. [PITH_FULL_IMAGE:figures/full_fig_p006_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Velocity trajectory during torque attack and in regular driving condition while the vehicle is in Cruise Mode. [PITH_FULL_IMAGE:figures/full_fig_p006_8.png] view at source ↗
read the original abstract

Modern vehicles are increasingly vulnerable to attacks that exploit network infrastructures, particularly the Controller Area Network (CAN) networks. To effectively counter such threats using contemporary tools like Intrusion Detection Systems (IDSs) based on data analysis and classification, large datasets of CAN messages become imperative. This paper delves into the feasibility of generating synthetic datasets by harnessing the modeling capabilities of simulation frameworks such as Simulink coupled with a robust representation of attack models to present CARACAS, a vehicular model, including component control via CAN messages and attack injection capabilities. CARACAS showcases the efficacy of this methodology, including a Battery Electric Vehicle (BEV) model, and focuses on attacks targeting torque control in two distinct scenarios.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The paper introduces CARACAS, a Simulink-based vehicular architecture for modeling a Battery Electric Vehicle (BEV) with CAN message component control and attack injection. It focuses on generating synthetic CAN attack datasets, specifically demonstrating torque control attacks in two scenarios to support IDS development.

Significance. If the simulation accurately captures real vehicle dynamics and attack behaviors, CARACAS could address the scarcity of labeled CAN attack data, enabling safer and more reproducible research on automotive intrusion detection. Simulation-based dataset generation is a practical approach given the risks of real-world attack collection.

major comments (1)
  1. [Abstract] Abstract: the central claim that CARACAS 'showcases the efficacy' of the methodology for synthetic dataset generation lacks any supporting validation data, error metrics, fidelity measures, or comparison against real CAN traces; this directly undermines assessment of whether the BEV torque-control model and attack injection produce useful data.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their review and address the major comment below.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central claim that CARACAS 'showcases the efficacy' of the methodology for synthetic dataset generation lacks any supporting validation data, error metrics, fidelity measures, or comparison against real CAN traces; this directly undermines assessment of whether the BEV torque-control model and attack injection produce useful data.

    Authors: We agree that the abstract claim lacks supporting validation. The manuscript presents the CARACAS Simulink architecture, CAN message control, and attack injection for a BEV model, with demonstrations limited to two torque-control attack scenarios for synthetic data generation. No error metrics, fidelity measures, or real-trace comparisons are included, as the work centers on the modeling framework rather than empirical validation of dynamics. We will revise the abstract to remove the 'showcases the efficacy' phrasing and clarify the scope as model design and attack simulation capability. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper describes a Simulink-based simulation framework (CARACAS) for generating synthetic CAN attack datasets via a BEV model with torque-control attack injection. No equations, fitted parameters, predictions, or self-citations are present that reduce any claimed result to its own inputs by construction. The central claim is the feasibility of the modeling approach itself, which is self-contained and does not rely on any load-bearing derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The central claim rests on domain assumptions about model fidelity that are not evidenced in the abstract; no free parameters or invented entities beyond the framework name itself are identifiable from available text.

axioms (2)
  • domain assumption Simulink can be used to create a sufficiently accurate model of vehicle component control via CAN messages.
    Invoked by the claim that the framework harnesses modeling capabilities for realistic simulation.
  • domain assumption Attack models can be represented robustly enough in simulation to produce useful synthetic data.
    Directly stated in the abstract as coupled with robust representation of attack models.
invented entities (1)
  • CARACAS framework no independent evidence
    purpose: To enable detailed simulation of CAN attacks and synthetic dataset generation for a BEV model.
    Newly introduced named architecture whose independent evidence is not provided in the abstract.

pith-pipeline@v0.9.0 · 5664 in / 1361 out tokens · 26818 ms · 2026-05-24T00:12:09.256849+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

26 extracted references · 26 canonical work pages

  1. [1]

    Kim and R

    S. Kim and R. Shrestha, Automotive Cyber Security: Introduction, Challenges, and Standardization . Springer Nature Singapore, 2021

    work page 2021

  2. [2]

    Global automotive cybersecurity report

    Upstream, “Global automotive cybersecurity report.” upstream.auto. https://upstream.auto/reports/global-automotive-cybersecurity-report/ (accessed May 20, 2024)

    work page 2024

  3. [3]

    Can specification 2.0: Protocol and implementations 921603,

    C. P. Szydlowski, “Can specification 2.0: Protocol and implementations 921603,” in SAE Technical Paper 921603, 1992

    work page 1992

  4. [4]

    State-of-the-art survey on in-vehicle net- work communication ¨can-bus¨security and vulnerabilities,

    O. Avatefipour and H. Malik, “State-of-the-art survey on in-vehicle net- work communication ¨can-bus¨security and vulnerabilities,” International Journal of Computer Science and Network, vol. 6, pp. 720–727, 12 2017

    work page 2017

  5. [5]

    Taurum p2t: Advanced secure can-fd architecture for road vehicle,

    F. Oberti, E. Sanchez, A. Savino, F. Parisi, and S. di Carlo, “Taurum p2t: Advanced secure can-fd architecture for road vehicle,” in2021 IEEE 27th International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1–7, 2021

    work page 2021

  6. [6]

    CAN-MM: Multiplexed Message Authentication Code for Controller Area Network Message Authentication in Road Vehicles,

    F. Oberti, A. Savino, E. Sanchez, P. Casasso, F. Parisi, and S. D. Carlo, “CAN-MM: Multiplexed Message Authentication Code for Controller Area Network Message Authentication in Road Vehicles,” IEEE Trans- actions on Vehicular Technology, pp. 1–13, 2024

    work page 2024

  7. [7]

    A method for translating automotive body-related can messages based on labeled bits,

    Z. Bi, G. Xu, C. Wang, G. Xu, and S. Zhang, “A method for translating automotive body-related can messages based on labeled bits,” Applied Sciences, vol. 13, no. 3, 2023

    work page 2023

  8. [8]

    Peace of mind car hacking relay attack,

    Stelvio Forum, “Peace of mind car hacking relay attack,” 2023

    work page 2023

  9. [9]

    A survey of attacks on controller area networks and corresponding countermeasures,

    H. J. Jo and W. Choi, “A survey of attacks on controller area networks and corresponding countermeasures,” IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 7, pp. 6123–6141, 2022

    work page 2022

  10. [10]

    Anomaly intrusion detection method for vehicular networks based on survival analysis,

    M. L. Han, B. I. Kwak, and H. K. Kim, “Anomaly intrusion detection method for vehicular networks based on survival analysis,” Vehicular Communications, vol. 14, pp. 52–63, 2018

    work page 2018

  11. [11]

    Security at the Edge for Resource-Limited IoT Devices,

    D. Canavese, L. Mannella, L. Regano, and C. Basile, “Security at the Edge for Resource-Limited IoT Devices,” Sensors, vol. 24, no. 2, 2024

    work page 2024

  12. [12]

    A survey on hardware-based malware detection approaches,

    C. P. Chenet, A. Savino, and S. Di Carlo, “A survey on hardware-based malware detection approaches,” IEEE Access, vol. 12, pp. 54115–54128, 2024

    work page 2024

  13. [13]

    Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network,

    H. M. Song, H. R. Kim, and H. K. Kim, “Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network,” in 2016 International Conference on Information Networking (ICOIN), pp. 63–68, 2016

    work page 2016

  14. [14]

    Lokman, A

    S.-F. Lokman, A. T. Othman, and M.-H. Abu-Bakar, “Intrusion detection system for automotive Controller Area Network (CAN) bus system: a re- Fig. 7: Torque without and with the attack while the vehicle is in Cruise Mode. Fig. 8: Velocity trajectory during torque attack and in regular driving condition while the vehicle is in Cruise Mode. view,”EURASIP Jour...

    work page 2019

  15. [15]

    GIDS: GAN based Intrusion Detection System for In-Vehicle Network,

    E. Seo, H. M. Song, and H. K. Kim, “GIDS: GAN based Intrusion Detection System for In-Vehicle Network,” In 2018 16th Annual Con- ference on Privacy, Security and Trust (PST), pp. 1-6. IEEE, 2018 , 07 2019

    work page 2018

  16. [16]

    Otids: A novel intrusion detection system for in-vehicle network by using remote frame,

    H. Lee, S. H. Jeong, and H. K. Kim, “Otids: A novel intrusion detection system for in-vehicle network by using remote frame,” in 2017 15th Annual Conference on Privacy, Security and Trust (PST) , IEEE, Aug. 2017

    work page 2017

  17. [17]

    A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset,

    M. E. Verma, R. A. Bridges, M. D. Iannacone, S. C. Hollifield, P. Moriano, S. C. Hespeler, B. Kay, and F. L. Combs, “A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset,” PLoS one 19, no. 1 (2024): e0296879 , 12 2020

    work page 2024

  18. [18]

    Simscape

    MATLAB, “Simscape.” https://it.mathworks.com/products/matlab.html,

    work page

  19. [19]

    https://mathworks.com/products/simscape.html (accessed May 20, 2024)

    work page 2024

  20. [20]

    Simulation and model-based design,

    S. Documentation, “Simulation and model-based design,” 2020

    work page 2020

  21. [21]

    Security threats to automotive can networks - practical examples and selected short-term countermeasures,

    T. Hoppe, S. Kiltz, and J. Dittmann, “Security threats to automotive can networks - practical examples and selected short-term countermeasures,” Reliability Engineering & System Safety, vol. 96, no. 1, pp. 11–25, 2011. Special Issue on Safecomp 2008

    work page 2011

  22. [22]

    CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks,

    A. Gazdag, R. Ferenc, and L. Butty ˜A!’n, “CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks,” Scientific Data , vol. 10, Dec. 2023

    work page 2023

  23. [23]

    Automotive controller area network (can) bus intrusion dataset v2,

    G. Dupont, A. Lekidis, J. J. den Hartog, and S. S. Etalle, “Automotive controller area network (can) bus intrusion dataset v2,” 2019

    work page 2019

  24. [24]

    CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data,

    M. Hanselmann, T. Strauss, K. Dormann, and H. Ulmer, “CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data,” IEEE Access, vol. 8, pp. 58194–58205, 2020

    work page 2020

  25. [25]

    CAN Hacker: Tools and Resources for CAN Bus Hacking,

    CAN Hacker, “CAN Hacker: Tools and Resources for CAN Bus Hacking,” 2023. Accessed: 2023-05-05

    work page 2023

  26. [26]

    Candb++ editor,

    Vector Informatik GmbH, “Candb++ editor,” 2024

    work page 2024