CAN bus protocols lack built-in security mechanisms and are highly vulnerable to denial-of-service (DoS) attacks; conventional cryptographic and authentication approaches are impractical due to resource constraints and protocol immutability. This paper proposes a lightweight, hardware-assisted intrusion detection method leveraging Hardware Performance Counters (HPCs)—the first such application in automotive CAN environments. By monitoring microarchitectural anomalies during CAN frame processing, the approach detects attacks without modifying the CAN protocol stack. Implemented on a gem5-based RISC-V platform with FreeRTOS scheduling, the system integrates AES-128 encryption tasks to emulate realistic workloads and employs correlation analysis to optimize the HPC feature set. Experimental evaluation demonstrates high detection accuracy for DoS attacks with minimal runtime overhead (<3% CPU utilization), significantly enhancing CAN bus security. The method provides a practical, deployable hardware-assisted security augmentation for intelligent connected vehicles.

The Controller Area Network (CAN) protocol, essential for automotive embedded systems, lacks inherent security features, making it vulnerable to cyber threats, especially with the rise of autonomous vehicles. Traditional security measures offer limited protection, such as payload encryption and message authentication. This paper presents a novel Intrusion Detection System (IDS) designed for the CAN environment, utilizing Hardware Performance Counters (HPCs) to detect anomalies indicative of cyber attacks. A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks, which trigger distinct HPC responses. Key HPC features are optimized through data extraction and correlation analysis to enhance classification efficiency. Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.