GIDS: GAN based Intrusion Detection System for In-Vehicle Network

Eunbi Seo; Huy Kang Kim; Hyun Min Song

arxiv: 1907.07377 · v1 · pith:XDY3REDOnew · submitted 2019-07-17 · 💻 cs.CR

GIDS: GAN based Intrusion Detection System for In-Vehicle Network

Eunbi Seo , Hyun Min Song , Huy Kang Kim This is my paper

Pith reviewed 2026-05-24 20:39 UTC · model grok-4.3

classification 💻 cs.CR

keywords intrusion detection systemGANCAN busin-vehicle networkanomaly detectionunknown attacksdeep learning

0 comments

The pith

A GAN trained only on normal CAN bus messages can detect unknown vehicle network attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes GIDS, an intrusion detection system that uses a generative adversarial network to model the normal traffic patterns on a vehicle's Controller Area Network bus. Because vehicle networks have very few documented attack signatures and any false alarm can endanger the driver, the system learns exclusively from ordinary messages rather than requiring examples of attacks. If the model works, it identifies previously unseen intrusions by flagging messages that deviate from the learned normal distribution. A sympathetic reader would care because this unsupervised approach could protect cars against new threats without constant manual labeling of attack data.

Core claim

GIDS trains a Generative Adversarial Network on normal CAN bus messages so that the discriminator learns to recognize deviations as attacks; experiments show high detection accuracy against four unknown attacks without any labeled attack data.

What carries the argument

The GAN discriminator that scores real CAN messages against those generated from the learned normal distribution, serving as the anomaly detector.

If this is right

IDS for vehicles can function without any attack examples or signature updates.
Detection of novel attacks becomes possible in real time on the CAN bus.
False-positive rates can be kept low enough to avoid interfering with vehicle safety systems.
The same training approach could extend to other in-vehicle protocols that lack built-in security.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

If the GAN generalizes across different vehicle models, manufacturers could deploy a single pre-trained model rather than retraining per car type.
Combining GIDS with lightweight post-processing on the ECU might allow on-board deployment without heavy computational overhead.
The method highlights a broader pattern where anomaly detection via generative models can substitute for supervised classification in domains with scarce attack labels.

Load-bearing premise

The distribution of normal CAN messages can be captured well enough by a GAN that any deviation reliably signals an attack rather than normal variation or model error.

What would settle it

Running GIDS on a large set of normal but previously unseen CAN traffic and measuring whether the false-positive rate stays low enough for safety-critical use.

read the original abstract

A Controller Area Network (CAN) bus in the vehicles is an efficient standard bus enabling communication between all Electronic Control Units (ECU). However, CAN bus is not enough to protect itself because of lack of security features. To detect suspicious network connections effectively, the intrusion detection system (IDS) is strongly required. Unlike the traditional IDS for Internet, there are small number of known attack signatures for vehicle networks. Also, IDS for vehicle requires high accuracy because any false-positive error can seriously affect the safety of the driver. To solve this problem, we propose a novel IDS model for in-vehicle networks, GIDS (GAN based Intrusion Detection System) using deep-learning model, Generative Adversarial Nets. GIDS can learn to detect unknown attacks using only normal data. As experiment result, GIDS shows high detection accuracy for four unknown attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

GIDS applies a standard GAN to CAN-bus anomaly detection for unknown attacks but the abstract supplies no data sizes, baselines, threshold method, or score distributions, so the high-accuracy claim stays unverified.

read the letter

The paper's core idea is to train a GAN only on normal CAN traffic and then use it to spot four unknown attacks. That framing matches a real gap in automotive security, where signatures are scarce and false positives matter for safety. The work correctly notes that traditional signature-based IDS fall short here and that unsupervised methods could help. Beyond that, not much is new; it ports an existing GAN architecture to this domain without new variants or theory. The abstract reports high detection accuracy on the four attacks, but supplies none of the supporting numbers or checks one would need to evaluate it. No dataset sizes, no attack descriptions, no baseline comparisons, no error bars, and no training or architecture details appear. The stress-test concern lands: nothing shows that the GAN's anomaly scores on held-out normal traffic stay tight enough to separate attacks without post-hoc tuning on attack data. CAN traffic includes periodic messages and state-dependent changes that could easily produce score overlap if the generator misses modes. Without histograms, threshold selection method, or temporal modeling confirmation, the separation claim cannot be assessed. The paper is aimed at automotive security researchers who might want to experiment with GANs for IDS. A reader seeking a reproducible method or solid evidence will find little to use. It does not look ready for serious referee time; the missing experimental substance would require major additions before review makes sense.

Referee Report

3 major / 1 minor

Summary. The manuscript proposes GIDS, a GAN-based intrusion detection system for in-vehicle CAN bus networks. Trained exclusively on normal traffic, the model is claimed to detect unknown attacks; the abstract reports high detection accuracy on four such attacks.

Significance. If the empirical separation holds, the work would be a useful contribution to automotive security by demonstrating an unsupervised GAN approach for novel attack detection where labeled data is scarce. The attempt to avoid attack signatures is a strength, but the absence of verifiable experimental details limits assessment of whether the central claim is supported.

major comments (3)

[Abstract and Experimental Results] Abstract and Experimental Results section: the claim of high detection accuracy on four unknown attacks supplies no dataset sizes, number of CAN frames, attack descriptions, baseline comparisons, error bars, or training hyperparameters, preventing verification that the results support the unsupervised detection claim.
[Experimental Results] Experimental Results section: no histograms, statistics, or analysis of anomaly scores (discriminator output or reconstruction error) on held-out normal data versus the four attacks are provided, leaving unverified whether a fixed threshold separates attacks from benign CAN variations without post-hoc tuning on attack data.
[Method] Method section: the architecture description does not specify how temporal or sequential dependencies in CAN frames are modeled (e.g., via recurrent layers or windowing), which is load-bearing for capturing the deterministic periodic patterns plus state-dependent benign deviations in normal traffic.

minor comments (1)

[Method] Notation for the anomaly score and threshold selection procedure should be formalized with an equation to improve clarity.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the detailed and constructive comments. We address each major point below and will revise the manuscript to improve experimental transparency and methodological clarity.

read point-by-point responses

Referee: [Abstract and Experimental Results] Abstract and Experimental Results section: the claim of high detection accuracy on four unknown attacks supplies no dataset sizes, number of CAN frames, attack descriptions, baseline comparisons, error bars, or training hyperparameters, preventing verification that the results support the unsupervised detection claim.

Authors: We agree that the manuscript would be strengthened by including these details. In the revision we will add dataset sizes, total CAN frames for training and testing, descriptions of the four attacks, baseline method comparisons, error bars on accuracy figures, and the full set of GAN training hyperparameters. revision: yes
Referee: [Experimental Results] Experimental Results section: no histograms, statistics, or analysis of anomaly scores (discriminator output or reconstruction error) on held-out normal data versus the four attacks are provided, leaving unverified whether a fixed threshold separates attacks from benign CAN variations without post-hoc tuning on attack data.

Authors: We accept this criticism. The revised Experimental Results section will include histograms and summary statistics of anomaly scores on held-out normal traffic versus each attack, together with an explicit statement that the decision threshold is chosen exclusively from the normal-data distribution. revision: yes
Referee: [Method] Method section: the architecture description does not specify how temporal or sequential dependencies in CAN frames are modeled (e.g., via recurrent layers or windowing), which is load-bearing for capturing the deterministic periodic patterns plus state-dependent benign deviations in normal traffic.

Authors: The referee is correct that the current description is incomplete. We will expand the Method section to specify the exact windowing procedure used to form input sequences and to state whether recurrent layers are present in the generator or discriminator. revision: yes

Circularity Check

0 steps flagged

No circularity; central claim rests on empirical evaluation of GAN anomaly detection on held-out attack traffic.

full rationale

The paper trains a GAN exclusively on normal CAN messages and reports detection accuracy on four separate unknown attack datasets. No equations define the reported accuracy in terms of itself, no fitted parameters are relabeled as predictions, and no self-citation chain is invoked to justify the separation of attack scores. The result is an external measurement on test data, not a tautology.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the unproven domain assumption that a GAN trained only on normal traffic will separate attacks; no free parameters or invented entities are named in the abstract.

axioms (1)

domain assumption A GAN can model the distribution of normal CAN bus traffic sufficiently well that statistical deviations correspond to attacks.
Invoked when the paper states the model learns to detect unknown attacks using only normal data.

pith-pipeline@v0.9.0 · 5670 in / 1084 out tokens · 19328 ms · 2026-05-24T20:39:17.891699+00:00 · methodology

GIDS: GAN based Intrusion Detection System for In-Vehicle Network

Core claim

What carries the argument

If this is right

Where Pith is reading between the lines

Load-bearing premise

What would settle it

discussion (0)