This paper identifies a novel class of time-excited in-vehicle network attacks: adversaries inject malicious messages via CAN or SOME/IP protocols to progressively disrupt intra-vehicle communication through temporal excitation effects, thereby threatening safety-critical functions. Addressing the attack’s dynamic nature, low reliance on prior knowledge, and stealthy impact, the paper introduces, for the first time, multidimensional Hawkes processes (MDHP) for modeling such attacks, proposes a dedicated gradient-descent solver (MDHP-GDS), and integrates MDHP parameters with LSTM to form the detection model MDHP-Net. To support reproducible research, the authors release STEIA9—the first open-source dataset of time-excited in-vehicle attacks, comprising nine Ethernet-based scenarios. Evaluated on the real-world XCTF MIMIC2024 dataset, MDHP-Net achieves an AUC of 0.987, significantly outperforming LSTM, GRU, and other baselines, while effectively capturing the progressive excitation patterns inherent to these attacks.

The integration of intelligent and connected technologies in modern vehicles, while offering enhanced functionalities through Electronic Control Unit and interfaces like OBD-II and telematics, also exposes the vehicle's in-vehicle network (IVN) to potential cyberattacks. In this paper, we consider a specific type of cyberattack known as the injection attack. As demonstrated by empirical data from real-world cybersecurity adversarial competitions(available at https://mimic2024.xctf.org.cn/race/qwmimic2024 ), these injection attacks have excitation effect over time, gradually manipulating network traffic and disrupting the vehicle's normal functioning, ultimately compromising both its stability and safety. To profile the abnormal behavior of attackers, we propose a novel injection attack detector to extract long-term features of attack behavior. Specifically, we first provide a theoretical analysis of modeling the time-excitation effects of the attack using Multi-Dimensional Hawkes Process (MDHP). A gradient descent solver specifically tailored for MDHP, MDHP-GDS, is developed to accurately estimate optimal MDHP parameters. We then propose an injection attack detector, MDHP-Net, which integrates optimal MDHP parameters with MDHP-LSTM blocks to enhance temporal feature extraction. By introducing MDHP parameters, MDHP-Net captures complex temporal features that standard Long Short-Term Memory (LSTM) cannot, enriching temporal dependencies within our customized structure. Extensive evaluations demonstrate the effectiveness of our proposed detection approach.