STM32 CAN Attack Detection for Cars

By /

STM32 CAN Attack Detection for Cars

ISEF Category: Embedded Systems

Ready to Turn This Idea Into a Real Project?

This guide was put together with the help of AI research tools to give you a solid starting point. But a competitive science fair project lives in the details: refining your research question, fine-tuning your variables, analyzing your data, and presenting your findings like a seasoned scientist.

For next steps tailored to your interests, skill level, and timeline, work one-on-one with a MehtA+ mentor. Learn more about MehtA+ Science & Engineering Research Mentorship →

Subcategory: Microcontrollers  ·  Difficulty: Advanced  ·  Setup: University Lab  ·  Time: Full Year

The Hook

A car network can be hacked with traffic that looks normal at first glance. That makes attack detection a lot like spotting one fake coin in a jar of real ones. Your job is to teach a small microcontroller to notice the fake fast enough to matter. If you get this right, you are working on a real problem in vehicle security.

What Is It?

Modern cars use a CAN bus, which is a shared message line that lets electronic parts talk to each other. Think of it like a classroom group chat. Every module sends short messages, and the car trusts most of them without much checking. That speed helps the car work smoothly, but it also creates a weak spot.

An injection attack happens when an attacker adds fake CAN messages. A replay attack happens when an attacker copies a real message and sends it again at the wrong time. An autoencoder can help detect both. An autoencoder is a machine learning model that learns the normal pattern of traffic, then flags messages that do not fit that pattern well. Your embedded system runs that model on an STM32 board, so you are not just training a detector, you are also testing whether a small microcontroller can make security decisions in real time.

Why This Is a Good Topic

This topic works well for a science fair because you can measure clear results, like detection rate, false alarms, and response speed. You can also compare different attack types, feature sets, and model sizes. That gives you real engineering choices, not just a yes-or-no demo. The project connects to vehicle cybersecurity, a field that matters as cars add more software and networked control.

Research Questions

  • How does the autoencoder's detection accuracy change when you train on different slices of normal CAN traffic?
  • What is the effect of adding timing features to CAN-bus payload features on replay attack detection?
  • Does a smaller STM32 model keep enough accuracy to detect injection attacks in real time?
  • To what extent does the detector's false positive rate change across different driving scenarios in the dataset?
  • Which CAN message features, payload bytes, timing gaps, or message IDs, contribute most to attack detection?
  • How does the detector's performance compare on injection attacks versus replay attacks?

Basic Materials

  • STM32 microcontroller board with enough flash and RAM for embedded inference.
  • USB cable and serial console access for logging output.
  • Computer with Python installed for training and testing models.
  • Public Car-Hacking dataset or similar CAN-bus traffic dataset.
  • MicroSD card or local storage for saving logs, if your board supports it.
  • Breadboard, jumper wires, and basic prototyping supplies.
  • Bench power supply or safe regulated power source for the board.
  • External monitor or terminal program for reading real-time alerts.

Advanced Materials

  • STM32 development board with floating-point support, if available.
  • CAN transceiver module for interfacing with CAN signals.
  • Logic analyzer or oscilloscope for timing checks on message traffic.
  • SD card logger or high-speed serial logging setup.
  • Laptop or workstation for model training and evaluation.
  • Python environment with NumPy, pandas, scikit-learn, and TensorFlow or PyTorch.
  • Open-source embedded inference tools compatible with STM32.
  • Optional automotive CAN simulator or test bench for safe hardware validation.

Software & Tools

  • Python: Trains the autoencoder, cleans CAN data, and scores detection results.
  • Jupyter Notebook: Helps you inspect features, plots, and error distributions while you tune the model.
  • pandas: Organizes CAN traffic into tables so you can compare normal and attacked messages.
  • scikit-learn: Splits data, scales features, and computes evaluation metrics.
  • TensorFlow Lite for Microcontrollers: Runs a compact neural network on the STM32 board.

Experiment Steps

  1. Define the exact attack types you will test, the traffic windows you will use, and the metrics you care about.
  2. Choose the CAN features that the model can learn from without making the embedded system too slow.
  3. Train a baseline anomaly detector on normal traffic, then compare it with your autoencoder.
  4. Plan how you will convert model output into an on-device alert, a score threshold, or both.
  5. Build a test plan that separates training data, validation data, and attack data so you avoid leakage.
  6. Check whether the embedded version stays accurate after compression, quantization, or other size limits.

Common Pitfalls

  • Training and testing on overlapping CAN sessions, which makes the detector look better than it really is.
  • Using only payload bytes and ignoring timing, which can hide replay attacks that match message content.
  • Picking a threshold on the full dataset, which leaks attack information into your evaluation.
  • Packing too many features into the STM32 model, which makes real-time inference too slow.
  • Treating all attacks as one class, which can mask the fact that injection and replay attacks behave differently.

What Makes This Competitive

A strong version of this project does more than prove anomaly detection works. You would compare several feature sets, test attack types separately, and report false alarms as carefully as missed attacks. You would also show whether the model still works after embedded constraints like quantization or memory limits. That kind of careful tradeoff analysis looks much stronger than a simple demo.

Project Variations

  • Test whether the same detector works on a different public CAN dataset and compare how much the traffic source changes performance.
  • Replace the autoencoder with a lighter anomaly detector, then compare accuracy, memory use, and inference speed on the STM32 board.
  • Focus on timing-only features versus payload-only features to see which signal matters more for replay attack detection.

Learn More

  • NIST National Cybersecurity Center of Excellence: Search for automotive cybersecurity and anomaly detection guidance, plus practical background on securing connected systems.
  • NIH PubMed: Search for review articles on CAN bus intrusion detection and automotive network security.
  • IEEE Xplore: Search for papers on autoencoders, CAN-bus intrusion detection, and embedded anomaly detection.
  • MIT OpenCourseWare: Use free machine learning and embedded systems course materials to build the background you need.
  • TensorFlow Lite for Microcontrollers documentation: Learn how to shrink a neural network so it can run on a small board.
  • Car-Hacking Dataset page on a university or research lab site: Find the public CAN-bus attack data used in many intrusion detection studies.
Shopping Cart