To address the challenges of limited labeled data, poor interpretability, and insufficient robustness in automotive CAN bus intrusion detection, this paper proposes an anomaly detection framework integrating causal probabilistic graphs with generative classifiers. Methodologically, it pioneers the combination of variational Bayesian inference and deep latent variable models to learn interpretable causal structures; conditional probability modeling and Bayesian inference are realized via autoencoders, enabling high-accuracy detection under few-shot settings. Key contributions include: (1) the first application of generative classifiers jointly with causal graphs to automotive intrusion detection systems (IDS); and (2) simultaneous optimization of detection accuracy, model interpretability, and adversarial robustness. Evaluated on the Car-hacking dataset, the framework achieves superior accuracy and F1-score compared to state-of-the-art methods, significantly enhancing intrusion identification capability in low-resource scenarios.

As electronic systems become increasingly complex and prevalent in modern vehicles, securing onboard networks is crucial, particularly as many of these systems are safety-critical. Researchers have demonstrated that modern vehicles are susceptible to various types of attacks, enabling attackers to gain control and compromise safety-critical electronic systems. Consequently, several Intrusion Detection Systems (IDSs) have been proposed in the literature to detect such cyber-attacks on vehicles. This paper introduces a novel generative classifier-based Intrusion Detection System (IDS) designed for anomaly detection in automotive networks, specifically focusing on the Controller Area Network (CAN). Leveraging variational Bayes, our proposed IDS utilizes a deep latent variable model to construct a causal graph for conditional probabilities. An auto-encoder architecture is utilized to build the classifier to estimate conditional probabilities, which contribute to the final prediction probabilities through Bayesian inference. Comparative evaluations against state-of-the-art IDSs on a public Car-hacking dataset highlight our proposed classifier's superior performance in improving detection accuracy and F1-score. The proposed IDS demonstrates its efficacy by outperforming existing models with limited training data, providing enhanced security assurance for automotive systems.