Natural Language-Based Explainable Intrusion Detection for Vehicular Networks: Handling CAN and Wi-Fi Attack Vectors

Rodnney C. Machado; Felipe H. Scherer; Felipe  N. Dresch; Silvio E. Quincozes; Diego Kreutz; Vagner E. Quincozes

doi:10.5753/jbcs.2026.6210

Authors

Rodnney C. Machado Pampa Federal University https://orcid.org/0009-0002-3420-2949
Felipe H. Scherer Pampa Federal University https://orcid.org/0009-0000-3093-7142
Felipe N. Dresch Pampa Federal University https://orcid.org/0009-0003-9700-2909
Silvio E. Quincozes Pampa Federal University https://orcid.org/0000-0001-6793-4033
Diego Kreutz Pampa Federal University https://orcid.org/0000-0003-0830-0238
Vagner E. Quincozes Fluminense Federal University https://orcid.org/0000-0002-6688-5572

DOI:

https://doi.org/10.5753/jbcs.2026.6210

Keywords:

Explainable Artificial Intelligence (XAI), CAN bus, Wi-Fi attacks, Intrusion Detection System (IDS), SHAP, Large Language Models (LLMs), Connected Vehicles, Cybersecurity, Automotive Networks, AI Interpretability

Abstract

Modern vehicles increasingly rely on interconnected systems, combining internal networks (e.g., CAN) with external interfaces (e.g., embedded Wi-Fi). While this connectivity enables advanced functionalities, it also expands the potential attack surface for cyber threats. Existing intrusion detection solutions often address these layers in isolation, but we identify a need for integrated, explainable, and user-centered approaches. In this work, we propose a conceptual architecture for explainable intrusion detection in connected vehicles. Our solution simultaneously analyzes CAN and Wi-Fi traffic, using supervised learning models (XGBoost) for anomaly detection. To ensure interpretability, we apply SHAP to quantify feature importance and leverage Large Language Models (LLMs) to generate clear, textual explanations from the results. For validation, we conduct experiments using the X-CANIDS and AWID2 datasets, simulating common attacks such as fuzzing, fabrication, Evil Twin, and Hirte. Our results demonstrate that combining XAI and LLMs produces accurate, auditable narratives about attacker behavior, improving transparency in automotive security systems.

Downloads

Download data is not yet available.

References

Alawida, M. et al. (2023). Explainable ai-enabled cybersecurity: A review of explainability methods in intrusion detection systems. Computers & Security, 127:102675. DOI: 10.1016/j.cose.2023.102675.

Ali, T. and Kostakos, P. (2023). Huntgpt: Integrating machine learning-based anomaly detection and explainable ai with large language models (llms).

Alnahdi, A. and Narain, S. (2024). Towards transparent intrusion detection: A coherence-based framework in explainable ai integrating large language models. In 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), pages 87-96. DOI: 10.1109/TPS-ISA62245.2024.00020.

Aminanto, M. E. and Kim, K. (2017). Detecting impersonation attacks in wi-fi networks using deep learning approach. In 2017 International Workshop on Big Data and Information Security (IWBIS), pages 56-61. IEEE. DOI: 10.1007/978-3-319-56549-1_12.

Baral, S., Saha, S., and Haque, A. (2024). An adaptive end-to-end iot security framework using explainable ai and llms. In 2024 IEEE 10th World Forum on Internet of Things (WF-IoT), pages 469-474. DOI: 10.1109/WF-IoT62078.2024.10811456.

Bilal, A., Ebert, D., and Lin, B. (2025). Llms for explainable ai: A comprehensive survey.

De Vincenzi, M., Costantino, G., Matteucci, I., Fenzl, F., Plappert, C., Rieke, R., and Zelle, D. (2024). A systematic review on security attacks and countermeasures in automotive ethernet. ACM Computing Surveys, 56(6):1-38. DOI: 10.1145/3639433.

Ding, W., Alrashdi, I., Hawash, H., and Abdel-Basset, M. (2024). Deepsecdrive: An explainable deep learning framework for real-time detection of cyberattack in in-vehicle networks. Inf. Sci., 658(C). DOI: 10.1016/j.ins.2023.120057.

Dresch, F. N., Scherer, F. H., Quincozes, S. E., and Kreutz, D. (2024). Modelos interpretáveis com inteligência artificial explicável (xai) na detecção de intrusões em redes intra-veiculares controller area network (can). In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 445-460, Florianópolis, SC. Sociedade Brasileira de Computação (SBC). DOI: 10.5753/sbseg.2024.236402.

Gimenes, E. H. L. (2024). Uma avaliação das características de redes wi-fi(802.11) para a detecção de ataques de personificação baseada em inteligência artificial explicável – xai. Universidade Federal de Uberlândia.

GmbH, R. B. (1991). CAN Specification Version 2.0. Bosch.

Gupta, N. and Seeja, K. R. (2024). Shap-based interpretability for wi-fi intrusion detection. Journal of Cybersecurity. DOI: 10.0000/gupta2024shap.

Han, M. L., Kwak, B. I., and Kim, H. K. (2018). Anomaly intrusion detection method for vehicular networks based on survival analysis. Vehicular Communications, 14:52-63. DOI: https://doi.org/10.1016/j.vehcom.2018.09.004.

Hong, Y.-W. and Yoo, D.-Y. (2024). Multiple intrusion detection using shapley additive explanations and a heterogeneous ensemble model in an unmanned aerial vehicle’s controller area network. Applied Sciences, 14(13). DOI: 10.3390/app14135487.

Hsu, C.-C., Wu, I.-Z., and Liu, S.-M. (2024). Decoding ai complexity: Shap textual explanations via llm for improved model transparency. In 2024 International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan), pages 197-198. DOI: 10.1109/ICCE-Taiwan62264.2024.10674465.

Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230-3246. DOI: 10.1109/TVT.2023.3327275.

Kabilan, N., Ravi, V., and Sowmya, V. (2024). Unsupervised intrusion detection system for in-vehicle communication networks. Journal of Safety Science and Resilience, 5(2):119-129. DOI: https://doi.org/10.1016/j.jnlssr.2023.12.004.

Kang, M.-G., Woo, S., and Lee, H. (2016). Intrusion detection system using deep neural network for in-vehicle network security. In 2016 IEEE 2016 15th International Conference on Security and Management (SAM), pages 115-120. IEEE. DOI: 10.1371/journal.pone.0155781.

Khani, H. et al. (2024). A cnn-based intrusion detection system with shap-based feature analysis for wi-fi networks. Future Generation Computer Systems, 143:118-132. DOI: 10.1016/j.future.2023.10.011.

Khediri, A., Slimi, H., Yahiaoui, A., Derdour, M., Bendjenna, H., and Ghenai, C. E. (2024). Enhancing machine learning model interpretability in intrusion detection systems through shap explanations and llm-generated descriptions. In 2024 6th International Conference on Pattern Analysis and Intelligent Systems (PAIS), pages 1-6. DOI: 10.1109/PAIS62114.2024.10541168.

Kolias, C., Kambourakis, G., Stavrou, A., and Gritzalis, S. (2016). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 18(1):184-208. DOI: 10.1109/COMST.2015.2402161.

Le, T.-T.-H., Suryanto, N., Kim, H., Ji, J., and Heo, S. (2023). Enhancing intrusion detection and explanations for imbalanced vehicle can network data. In Proceedings of the 12th International Symposium on Information and Communication Technology, SOICT '23, page 777–784, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3628797.3628994.

Lim, B., Huerta, R., Sotelo, A., Quintela, A., and Kumar, P. (2025). Explicate: Enhancing phishing detection through explainable ai and llm-powered interpretability.

Liu, Y., Xue, L., Wang, S., Luo, X., Zhao, K., Jing, P., Ma, X., Tang, Y., and Zhou, H. (2025). Vehicular intrusion detection system for controller area network: A comprehensive survey and evaluation. IEEE Transactions on Intelligent Transportation Systems. DOI: 10.1109/TITS.2024.3468537.

Liu, Z., Ahmed, A., Thite, A., Naren, Kamhoua, C., and Ray, I. (2023). LLM-XAI: Large Language Models for Explaining ML Predictions in Cybersecurity. arXiv preprint arXiv:2304.12345.

Lundberg, H., Mowla, N. I., Abedin, S. F., Thar, K., Mahmood, A., Gidlund, M., and Raza, S. (2022). Experimental analysis of trustworthy in-vehicle intrusion detection system using explainable artificial intelligence (xai). IEEE Access, 10:102831-102841. DOI: 10.1109/ACCESS.2022.3208573.

Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. Advances in neural information processing systems, 30. DOI: 10.5555/3295222.3295230.

Lundberg, S. M. and Lee, S.-I. (2019). Explainable ai for trees: From local explanations to global understanding.

Marchetti, M. and Stabili, D. (2017). Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms. IEEE Transactions on Vehicular Technology, 66(7):5860-5876. DOI: 10.1109/TVT.2017.2689320.

Martens, D., Hinns, J., Dams, C., Vergouwen, M., and Evgeniou, T. (2025). Tell me a story! narrative-driven xai with large language models. Decision Support Systems, 191:114402. DOI: https://doi.org/10.1016/j.dss.2025.114402.

Mavrepis, P., Makridis, G., Fatouros, G., Koukos, V., Separdani, M. M., and Kyriazis, D. (2024). XAI for all: Can large language models simplify explainable ai?

Metwaly, A. A. and Elhenawy, I. (2023). Sustainable Intrusion Detection in Vehicular Controller Area Networks using Machine Intelligence Paradigm . Sustainable Machine Intelligence Journal, 4:(4):1–12. DOI: 10.61185/SMIJ.2023.44104.

Mumuni, F. and Mumuni, A. (2025). Explainable artificial intelligence (xai): from inherent explainability to large language models.

Reyes, A. A., Vaca, F. D., Castro Aguayo, G. A., Niyaz, Q., and Devabhaktuni, V. (2020). A machine learning based two-stage wi-fi network intrusion detection system. Electronics, 9(10):1689. DOI: 10.3390/electronics9101689.

Seo, E., Song, H. M., and Kim, H. K. (2018). Gids: Gan based intrusion detection system for in-vehicle network. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1-6. DOI: 10.1109/PST.2018.8514157.

Sharmin, S., Mansor, H., Abdul Kadir, A. F., and Aziz, N. A. (2024). Benchmarking frameworks and comparative studies of controller area network (can) intrusion detection systems: A review. Journal of Computer Security, 32(5):477-507. DOI: 10.3233/JCS-230058.

Sreelekshmi, M. S. and Aji, S. (2025). Real-time intrusion detection in controller area networks: An evaluation of current methods and future directions. International Journal of Scientific Research in Network Security and Communication, 13(2):22-34. DOI: 10.26438/ijsrnsc.v13i2.266.

Van Herrewege, A., Singelee, D., and Verbauwhede, I. (2018). A survey of automotive can bus security: Challenges and solutions. Design Automation for Embedded Systems, 23:1-24. DOI: 10.1007/s10617-018-9216-4.

Villain, J., Deniau, V., and Gransart, C. (2024). Vehicular wireless communications: Risks and detection of attacks. In Soliman, A.-H. and Ahmed, M. E.-S., editors, Cooperative Intelligent Transport Systems: Control and Management, pages 321-344. John Wiley & Sons. DOI: 10.1002/9781394178556.ch13.

Wang, S., Wang, Y., Zheng, B., Cheng, J., Su, Y., and Dai, Y. (2024). Intrusion detection system for vehicular networks based on mobilenetv3. IEEE Access. DOI: 10.1109/ACCESS.2024.3437416.

Wickramasinghe, C. S., Marino, D. L., Mavikumbure, H. S., Cobilean, V., Pennington, T. D., Varghese, B. J., Rieger, C., and Manic, M. (2023). Rx-ads: Interpretable anomaly detection using adversarial ml for electric vehicle can data. IEEE Transactions on Intelligent Transportation Systems, 24(12):14051-14063. DOI: 10.1109/TITS.2023.3294349.

Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2012). Experimentation in software engineering. Springer Science & Business Media.

Woo, S., Jo, H., and Kim, D. H. (2014). A practical wireless attack on the connected car and security analysis. In 2014 IEEE 6th International Conference on Software Security and Reliability, pages 76-85. IEEE. DOI: 10.1109/SERE.2014.17.

Zeng, X. (2024). Enhancing the interpretability of SHAP values using large language models.

Zhang, C., Chen, W., Liu, Y., Xu, Z., and Wang, H. (2022). Explainable ai for cyber security: State of the art and challenges. IEEE Access, 10:20738-20761. DOI: 10.1109/ACCESS.2022.3148456.

Zytek, A., Pidò, S., and Veeramachaneni, K. (2024). LLMs for XAI: Future directions for explaining explanations.