CAN-FD Intrusion Dataset

1. Dataset Release

Because modern vehicles have a lot of connectivity, it is important to protect the in-vehicle network from cyberattacks. Due to the limitations of the data transmission capability of CAN (Controller Area Network), CAN-FD (CAN with Flexible Data rate) with enhanced data transmission capability has emerged. CAN-FD is already widely used in the market and will be used more in the future. We publish the dataset we created in the hopes of improving automotive security.  We only collected about 1 hour of normal CAN-FD packets and injected attack messages. 

2. Dataset

The CAN-FD data set was extracted from real cars released in 2021. We got actual packets in real-time with physical access to real in-vehicle CAN traffic. 

2-1. data attributes 

2-2. Attack type

Three attacks are provided: Flooding, Fuzzing, and Malfunction. A flooding attack is an attack that occupies the CAN bus with meaningless messages by sending the highest priority AID message. A fuzzing attack is an attack that causes unexpected behavior by sending a message with random AID, DLC, and payload values. Malfunction attack is an attack that triggers actions as intended by the attacker when the attacker knows specific AID information. The time the attack was performed was 500 seconds, and the attack and rest were random within 3-5 seconds.

2-3 Driving route

The normal dataset drive a round-trip one hour course around Korea University. We drive in the city, and one driver performed the dataset extraction. It is a one-hour course in total, and some were used to collect CAN-FD.

2-3. Summary of dataset

3. download

Download Link: Download

4. Contact

Huy Kang Kim (cenda at

5. see also

Please see the page [HCRL/Datasets] to find out more in-vehicle IDS datasets or other datasets that we have.