Yi Li,Jing Lin,Kaiqi Xiong

DOI: https://doi.org/10.48550/arXiv.2008.11278

2020-08-30

Abstract:In a modern vehicle, there are over seventy Electronics Control Units (ECUs). For an in-vehicle network, ECUs communicate with each other by following a standard communication protocol, such as Controller Area Network (CAN). However, an attacker can easily access the in-vehicle network to compromise ECUs through a WLAN or Bluetooth. Though there are various deep learning (DL) methods suggested for securing in-vehicle networks, recent studies on adversarial examples have shown that attackers can easily fool DL models. In this research, we further explore adversarial examples in an in-vehicle network. We first discover and implement two adversarial attack models that are harmful to a Long Short Term Memory (LSTM)-based detection model used in the in-vehicle network. Then, we propose an Adversarial Attack Defending System (AADS) for securing an in-vehicle network. Specifically, we focus on brake-related ECUs in an in-vehicle network. Our experimental results demonstrate that adversaries can easily attack the LSTM-based detection model with a success rate of over 98%, and the proposed AADS achieves over 99% accuracy for detecting adversarial attacks.

Machine Learning,Cryptography and Security

A. Jaekel,Pegah Mansourian,N. Zhang,Marc Kneppers

DOI: https://doi.org/10.1109/TITS.2023.3286611

2023-12-01

Abstract:Although connected mymargin autonomous vehicles (CAVs) hold great potential to improve driving safety and experience significantly, cybersecurity remains a critical concern. As the de-facto standard for in-vehicle networks, the Controller Area Network (CAN) carries messages and commands vital to the operation of the vehicle. However, due to a lack of security mechanisms, intruders are able to conduct devastating attacks on drivers and passengers over CAN. In order to safeguard CAVs, an Intrusion Detection System (IDS) can be deployed to monitor CAN network activities and detect suspicious behavior resulting from an attack. This paper proposes a prediction-based IDS framework for detecting anomalies and attacks on a CAN bus using temporal correlation of message contents. Two candidates are introduced as the prediction module. The first network is an LSTM that predicts time series data separately for each CAN ID, and the second is a ConvLSTM that predicts messages using correlated data of several CAN IDs. An attack is classified according to prediction errors by a Gaussian Naïve Bayes classifier. The proposed IDS is evaluated against other state-of-the-art one-class classifiers, including OCSVM, Isolation Forest, and Autoencoder, and three existing works, including ReducedInception-ResNet, NeuroCAN, and CANLite, using a real-world dataset, the Car Hacking Dataset. A comparison between the two suggested architectures and their use cases is given. Compared to baseline methods and related studies, the proposed method is shown to be more accurate and can achieve F-scores and detection accuracy of almost 100%.

Computer Science,Engineering

Theyazn H H Aldhyani,Hasan Alkahtani

DOI: https://doi.org/10.3390/s22010360

2022-01-04

Abstract:Rapid technological development has changed drastically the automotive industry. Network communication has improved, helping the vehicles transition from completely machine- to software-controlled technologies. The autonomous vehicle network is controlled by the controller area network (CAN) bus protocol. Nevertheless, the autonomous vehicle network still has issues and weaknesses concerning cybersecurity due to the complexity of data and traffic behaviors that benefit the unauthorized intrusion to a CAN bus and several types of attacks. Therefore, developing systems to rapidly detect message attacks in CAN is one of the biggest challenges. This study presents a high-performance system with an artificial intelligence approach that protects the vehicle network from cyber threats. The system secures the autonomous vehicle from intrusions by using deep learning approaches. The proposed security system was verified by using a real automatic vehicle network dataset, including spoofing, flood, replaying attacks, and benign packets. Preprocessing was applied to convert the categorical data into numerical. This dataset was processed by using the convolution neural network (CNN) and a hybrid network combining CNN and long short-term memory (CNN-LSTM) models to identify attack messages. The results revealed that the model achieved high performance, as evaluated by the metrics of precision, recall, F1 score, and accuracy. The proposed system achieved high accuracy (97.30%). Along with the empirical demonstration, the proposed system enhanced the detection and classification accuracy compared with the existing systems and was proven to have superior performance for real-time CAN bus security.

Fawaz Waselallah Alsaade,Mosleh Hmoud Al-Adhaileh

DOI: https://doi.org/10.3390/s23084086

2023-04-18

Abstract:Connected and autonomous vehicles (CAVs) present exciting opportunities for the improvement of both the mobility of people and the efficiency of transportation systems. The small computers in autonomous vehicles (CAVs) are referred to as electronic control units (ECUs) and are often perceived as being a component of a broader cyber-physical system. Subsystems of ECUs are often networked together via a variety of in-vehicle networks (IVNs) so that data may be exchanged, and the vehicle can operate more efficiently. The purpose of this work is to explore the use of machine learning and deep learning methods in defence against cyber threats to autonomous cars. Our primary emphasis is on identifying erroneous information implanted in the data buses of various automobiles. In order to categorise this type of erroneous data, the gradient boosting method is used, providing a productive illustration of machine learning. To examine the performance of the proposed model, two real datasets, namely the Car-Hacking and UNSE-NB15 datasets, were used. Real automated vehicle network datasets were used in the verification process of the proposed security solution. These datasets included spoofing, flooding and replay attacks, as well as benign packets. The categorical data were transformed into numerical form via pre-processing. Machine learning and deep learning algorithms, namely k-nearest neighbour (KNN) and decision trees, long short-term memory (LSTM), and deep autoencoders, were employed to detect CAN attacks. According to the findings of the experiments, using the decision tree and KNN algorithms as machine learning approaches resulted in accuracy levels of 98.80% and 99%, respectively. On the other hand, the use of LSTM and deep autoencoder algorithms as deep learning approaches resulted in accuracy levels of 96% and 99.98%, respectively. The maximum accuracy was achieved when using the decision tree and deep autoencoder algorithms. Statistical analysis methods were used to analyse the results of the classification algorithms, and the determination coefficient measurement for the deep autoencoder was found to reach a value of R2 = 95%. The performance of all of the models that were built in this way surpassed that of those already in use, with almost perfect levels of accuracy being achieved. The system developed is able to overcome security issues in IVNs.

Fatimah Aloraini,Amir Javed,Omer Rana

DOI: https://doi.org/10.3390/s24123848

IF: 3.9

2024-06-15

Sensors

Abstract:Rapid advancements in connected and autonomous vehicles (CAVs) are fueled by breakthroughs in machine learning, yet they encounter significant risks from adversarial attacks. This study explores the vulnerabilities of machine learning-based intrusion detection systems (IDSs) within in-vehicle networks (IVNs) to adversarial attacks, shifting focus from the common research on manipulating CAV perception models. Considering the relatively simple nature of IVN data, we assess the susceptibility of IVN-based IDSs to manipulation—a crucial examination, as adversarial attacks typically exploit complexity. We propose an adversarial attack method using a substitute IDS trained with data from the onboard diagnostic port. In conducting these attacks under black-box conditions while adhering to realistic IVN traffic constraints, our method seeks to deceive the IDS into misclassifying both normal-to-malicious and malicious-to-normal cases. Evaluations on two IDS models—a baseline IDS and a state-of-the-art model, MTH-IDS—demonstrated substantial vulnerability, decreasing the F1 scores from 95% to 38% and from 97% to 79%, respectively. Notably, inducing false alarms proved particularly effective as an adversarial strategy, undermining user trust in the defense mechanism. Despite the simplicity of IVN-based IDSs, our findings reveal critical vulnerabilities that could threaten vehicle safety and necessitate careful consideration in the development of IVN-based IDSs and in formulating responses to the IDSs' alarms.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ajeet Kumar Dwivedi

DOI: https://doi.org/10.48550/arXiv.2205.03537

2022-05-07

Cryptography and Security

Abstract:The progression of innovation and technology and ease of inter-connectivity among networks has allowed us to evolve towards one of the promising areas, the Internet of Vehicles. Nowadays, modern vehicles are connected to a range of networks, including intra-vehicle networks and external networks. However, a primary challenge in the automotive industry is to make the vehicle safe and reliable; particularly with the loopholes in the existing traditional protocols, cyber-attacks on the vehicle network are rising drastically. Practically every vehicle uses the universal Controller Area Network (CAN) bus protocol for the communication between electronic control units to transmit key vehicle functionality and messages related to driver safety. The CAN bus system, although its critical significance, lacks the key feature of any protocol authentication and authorization. Resulting in compromises of CAN bus security leads to serious issues to both car and driver safety. This paper discusses the security issues of the CAN bus protocol and proposes an Intrusion Detection System (IDS) that detects known attacks on in-vehicle networks. Multiple Artificial Intelligence (AI) algorithms are employed to provide recognition of known potential cyber-attacks based on messages, timestamps, and data packets traveling through the CAN. The main objective of this paper is to accurately detect cyberattacks by considering time-series features and attack frequency. The majority of the evaluated AI algorithms, when considering attack frequency, correctly identify known attacks with remarkable accuracy of more than 99%. However, these models achieve approximately 92% to 97% accuracy when timestamps are not taken into account. Long Short Term Memory (LSTM), Xgboost, and SVC have proved to the well-performing classifiers.

Jingwen Wei,Ye Chen,Yingxu Lai,Yuhang Wang,Zhaoyi Zhang

DOI: https://doi.org/10.1109/lcomm.2022.3195486

IF: 3.5529

2022-11-12

IEEE Communications Letters

Abstract:A controller area network (CAN) bus that controls real-time communication and data transmission of electronic control units in vehicles lacks security mechanisms and is highly vulnerable to attacks. The detection effectiveness of existing In-Vehicle network intrusion detection systems (IDSs) is usually reliant on training samples of known attacks. Owing to the simple structure of the CAN bus protocol, attackers can easily create variants based on known attacks. In this study, we propose a CAN bus IDS based on a domain adversarial neural network, which can achieve high detection performance on unlearned variant attack data. In addition, we used feature fusion techniques to synthetically extract the features of the attack data to improve detection capability. The experimental results demonstrate that our proposed model has high performance and generalization ability in attack detection.

telecommunications

Easa Alalwany,Imad Mahgoub

DOI: https://doi.org/10.3390/electronics13050919

IF: 2.9

2024-02-29

Electronics

Abstract:The emergence of connected and autonomous vehicles has led to complex network architectures for electronic control unit (ECU) communication. The controller area network (CAN) enables the transmission of data inside vehicle networks. However, although it has low latency and enjoys data broadcast capability, it is vulnerable to attacks on security. The lack of effectiveness of conventional security mechanisms in addressing these vulnerabilities poses a danger to vehicle safety. This study presents an intrusion detection system (IDS) that accurately detects and classifies CAN bus attacks in real-time using ensemble techniques and the Kappa Architecture. The Kappa Architecture enables real-time attack detection, while ensemble learning combines multiple machine learning classifiers to enhance the accuracy of attack detection. The scheme utilizes ensemble methods with Kappa Architecture's real-time data analysis to detect common CAN bus attacks. This study entails the development and evaluation of supervised models, which are further enhanced using ensemble techniques. The accuracy, precision, recall, and F1 score are used to measure the scheme's effectiveness. The stacking ensemble technique outperformed individual supervised models and other ensembles with accuracy, precision, recall, and F1 of 0.985, 0.987, and 0.985, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Tasneem A Awaad,Mohamed Watheq El-Kharashi,Mohamed Taher,Ayman Tawfik

DOI: https://doi.org/10.3390/s23187941

2023-09-16

Abstract:The advanced technology of vehicles makes them vulnerable to external exploitation. The current trend of research is to impose security measures to protect vehicles from different aspects. One of the main problems that counter Intrusion Detection Systems (IDSs) is the necessity to have a low false acceptance rate (FA) with high detection accuracy without major changes in the vehicle network infrastructure. Furthermore, the location of IDSs can be controversial due to the limitations and concerns of Electronic Control Units (ECUs). Thus, we propose a novel framework of multistage to detect abnormality in vehicle diagnostic data based on specifications of diagnostics and stacking ensemble for various machine learning models. The proposed framework is verified against the KIA SOUL and Seat Leon 2018 datasets. Our IDS is evaluated against point anomaly attacks and period anomaly attacks that have not been used in its training. The results show the superiority of the framework and its robustness with high accuracy of 99.21%, a low false acceptance rate of 0.003%, and a good detection rate (DR) of 99.63% for Seat Leon 2018, and an accuracy of 99.22%, a low false acceptance rate of 0.005%, and good detection rate of 98.59% for KIA SOUL.

Asma Alfardus,Danda B. Rawat

DOI: https://doi.org/10.3390/electronics13101962

IF: 2.9

2024-05-17

Electronics

Abstract:In-vehicle networks (IVNs) are networks that allow communication between different electronic components in a vehicle, such as infotainment systems, sensors, and control units. As these networks become more complex and interconnected, they become more vulnerable to cyber-attacks that can compromise safety and privacy. Anomaly detection is an important tool for detecting potential threats and preventing cyber-attacks in IVNs. The proposed machine learning-based anomaly detection technique uses deep learning and feature engineering to identify anomalous behavior in real-time. Feature engineering involves selecting and extracting relevant features from the data that are useful for detecting anomalies. Deep learning involves using neural networks to learn complex patterns and relationships in the data. Our experiments show that the proposed technique have achieved high accuracy in detecting anomalies and outperforms existing state-of-the-art methods. This technique can be used to enhance the security of IVNs and prevent cyber-attacks that can have serious consequences for drivers and passengers.

engineering, electrical & electronic,computer science, information systems,physics, applied

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Muzun Althunayyan,Amir Javed,Omer Rana

DOI: https://doi.org/10.1016/j.vehcom.2024.100837

IF: 6.7

2024-09-03

Vehicular Communications

Abstract:As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment. This makes our model robust against seen and unseen attacks.

telecommunications,transportation science & technology

Mee Lan Han,Byung Il Kwak,Huy Kang Kim

DOI: https://doi.org/10.1109/tifs.2021.3069171

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Vehicle communication technology has been steadily progressing alongside the convergence of the in-vehicle network (IVN) and wireless communication technology. The communication with various external networks further reinforces the connectivity between the inside and outside of a vehicle. However, this bears risks of malicious packet attacks on computer-assisted mechanical mechanisms that are capable of hijacking the vehicle's functions. The present study proposes a method to detect and identify abnormalities in vehicular networks based on the periodic event-triggered interval of the controller area network (CAN) messages. To this end, we first define four attack scenarios and then extract normal and abnormal driving data corresponding to these scenarios. Next, we analyze the CAN ID's event-triggered interval and measure statistical moments depending on the defined time-window. Finally, we conduct extensive evaluations of the proposed methods' performance by considering different attack scenarios and three types of machine learning models. The results demonstrate that the proposed method can effectively detect an abnormality in the IVN, with up to 99% accuracy. Our results suggest that when tree-based machine learning models are used as the classifier, the proposed method of attack identification can achieve more than 94% accuracy.

computer science, theory & methods,engineering, electrical & electronic

Hyun Min Song,Jiyoung Woo,Huy Kang Kim

DOI: https://doi.org/10.1016/j.vehcom.2019.100198

IF: 6.7

2020-01-01

Vehicular Communications

Abstract:<p>The implementation of electronics in modern vehicles has resulted in an increase in attacks targeting in-vehicle networks; thus, attack detection models have caught the attention of the automotive industry and its researchers. Vehicle network security is an urgent and significant problem because the malfunctioning of vehicles can directly affect human and road safety. The controller area network (CAN), which is used as a de facto standard for in-vehicle networks, does not have sufficient security features, such as message encryption and sender authentication, to protect the network from cyber-attacks. In this paper, we propose an intrusion detection system (IDS) based on a deep convolutional neural network (DCNN) to protect the CAN bus of the vehicle. The DCNN learns the network traffic patterns and detects malicious traffic without hand-designed features. We designed the DCNN model, which was optimized for the data traffic of the CAN bus, to achieve high detection performance while reducing the unnecessary complexity in the architecture of the Inception-ResNet model. We performed an experimental study using the datasets we built with a real vehicle to evaluate our detection system. The experimental results demonstrate that the proposed IDS has significantly low false negative rates and error rates when compared to the conventional machine-learning algorithms.</p>

telecommunications,transportation science & technology

Sakib Mahmud Khan,Gurcan Comert,Mashrur Chowdhury

DOI: https://doi.org/10.48550/arXiv.2108.01124

2021-08-03

Abstract:Connected vehicles (CVs), because of the external connectivity with other CVs and connected infrastructure, are vulnerable to cyberattacks that can instantly compromise the safety of the vehicle itself and other connected vehicles and roadway infrastructure. One such cyberattack is the false information attack, where an external attacker injects inaccurate information into the connected vehicles and eventually can cause catastrophic consequences by compromising safety-critical applications like the forward collision warning. The occurrence and target of such attack events can be very dynamic, making real-time and near-real-time detection challenging. Change point models, can be used for real-time anomaly detection caused by the false information attack. In this paper, we have evaluated three change point-based statistical models; Expectation Maximization, Cumulative Summation, and Bayesian Online Change Point Algorithms for cyberattack detection in the CV data. Also, data-driven artificial intelligence (AI) models, which can be used to detect known and unknown underlying patterns in the dataset, have the potential of detecting a real-time anomaly in the CV data. We have used six AI models to detect false information attacks and compared the performance for detecting the attacks with our developed change point models. Our study shows that change points models performed better in real-time false information attack detection compared to the performance of the AI models. Change point models having the advantage of no training requirements can be a feasible and computationally efficient alternative to AI models for false information attack detection in connected vehicles.

Cryptography and Security,Artificial Intelligence,Machine Learning,Applications

Konglin Zhu,Zhicheng Chen,Yuyang Peng,Lin Zhang

DOI: https://doi.org/10.1109/tvt.2019.2907269

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:The development of Internet of Vehicles (IoVs) have introduced more intrusions to the vulnerabilities of in-vehicle network. It is important to detect in-vehicle network anomaly for the purpose of driving safety. The previous studies either focus on one-dimension anomaly behavior of in-vehicle network or looks into the semantics of in-vehicle network, which is neither effective nor efficient for vehicle pilot. In this paper, we propose a literal multi-dimensional anomaly detection approach using the distributed long-short-term-memory (LSTM) framework for in-vehicle network, especially the Control Area Network (CAN). The proposed approach only needs the literal binary CAN message instead of revealing the semantics of CAN message. To enhance the accuracy and efficiency of detection, it detects anomaly from both time and data dimension simultaneously by exploiting multi-task LSTM neural network on mobile edge. The extensive evaluation results show that the proposed anomaly detection achieves a satisfying accuracy of 90%. The detection speed is as fast as 0.61 ms on mobile edge.

Saddam Aziz,Muhammad Talib Faiz,Adegoke Muideen Adeniyi,Ka-Hong Loo,Kazi Nazmul Hasan,Linli Xu,Muhammad Irshad

DOI: https://doi.org/10.3390/math10081267

IF: 2.4

2022-04-11

Mathematics

Abstract:It is increasingly difficult to identify complex cyberattacks in a wide range of industries, such as the Internet of Vehicles (IoV). The IoV is a network of vehicles that consists of sensors, actuators, network layers, and communication systems between vehicles. Communication plays an important role as an essential part of the IoV. Vehicles in a network share and deliver information based on several protocols. Due to wireless communication between vehicles, the whole network can be sensitive towards cyber-attacks.In these attacks, sensitive information can be shared with a malicious network or a bogus user, resulting in malicious attacks on the IoV. For the last few years, detecting attacks in the IoV has been a challenging task. It is becoming increasingly difficult for traditional Intrusion Detection Systems (IDS) to detect these newer, more sophisticated attacks, which employ unusual patterns. Attackers disguise themselves as typical users to evade detection. These problems can be solved using deep learning. Many machine-learning and deep-learning (DL) models have been implemented to detect malicious attacks; however, feature selection remains a core issue. Through the use of training empirical data, DL independently defines intrusion features. We built a DL-based intrusion model that focuses on Denial of Service (DoS) assaults in particular. We used K-Means clustering for feature scoring and ranking. After extracting the best features for anomaly detection, we applied a novel model, i.e., an Explainable Neural Network (xNN), to classify attacks in the CICIDS2019 dataset and UNSW-NB15 dataset separately. The model performed well regarding the precision, recall, F1 score, and accuracy. Comparatively, it can be seen that our proposed model xNN performed well after the feature-scoring technique. In dataset 1 (UNSW-NB15), xNN performed well, with the highest accuracy of 99.7%, while CNN scored 87%, LSTM scored 90%, and the Deep Neural Network (DNN) scored 92%. xNN achieved the highest accuracy of 99.3% while classifying attacks in the second dataset (CICIDS2019); the Convolutional Neural Network (CNN) achieved 87%, Long Short-Term Memory (LSTM) achieved 89%, and the DNN achieved 82%. The suggested solution outperformed the existing systems in terms of the detection and classification accuracy.

mathematics

Amit Taneja,Gulshan Kumar

DOI: https://doi.org/10.1007/s00500-024-10313-0

IF: 3.732

2024-11-29

Soft Computing

Abstract:Modern vehicles rely on electronic control units (ECUs) communicating through the controller area network (CAN) bus protocol. However, increased connectivity through Wi-Fi, Bluetooth, and onboard diagnostics (OBD) ports has heightened cybersecurity risks due to the CAN bus protocol's inherent security vulnerabilities. Addressing this challenge requires an in-vehicle intrusion detection system (IDS) with high accuracy and minimal false alarms. Existing IDSs for in-vehicle networks often fall short due to inadequate extraction of network traffic features' dependencies in a time-series context.To overcome this limitation, this study presents ACL-IDS, a hybrid intrusion detection system for in-vehicle network traffic. Leveraging deep learning techniques like CNN, LSTM, and attention mechanisms, ACL-IDS effectively captures short-term and long-term dependencies within network traffic, enhancing intrusion detection accuracy. Extensive experiments on a real benchmark dataset demonstrate ACL-IDS's superior performance compared to individual, ensemble, and state-of-the-art methods. With detection accuracy reaching up to 99%, ACL-IDS emerges as a robust solution for analyzing and detecting intrusions in in-vehicle network traffic.

computer science, artificial intelligence, interdisciplinary applications

Haojie Ji,Liyong Wang,Hongmao Qin,Yinghui Wang,Junjie Zhang,Biao Chen

DOI: https://doi.org/10.1007/s42154-023-00273-w

2024-01-01

Automotive Innovation

Abstract:Detecting abnormal data generated from cyberattacks has emerged as a crucial approach for identifying security threats within in-vehicle networks. The transmission of information through in-vehicle networks needs to follow specific data formats and communication protocols regulations. Typically, statistical algorithms are employed to learn these variation rules and facilitate the identification of abnormal data. However, the effectiveness of anomaly detection outcomes often falls short when confronted with highly deceptive in-vehicle network attacks. In this study, seven representative classification algorithms are selected to detect common in-vehicle network attacks, and a comparative analysis is employed to identify the most suitable and favorable detection method. In consideration of the communication protocol characteristics of in-vehicle networks, an optimal convolutional neural network (CNN) detection algorithm is proposed that uses data field characteristics and classifier selection, and its comprehensive performance is tested. In addition, the concept of Hamming distance between two adjacent packets within the in-vehicle network is introduced, enabling the proposal of an enhanced CNN algorithm that achieves robust detection of challenging-to-identify abnormal data. This paper also presents the proposed CNN classification algorithm that effectively addresses the issue of high false negative rate (FNR) in abnormal data detection based on the timestamp feature of data packets. The experimental results validate the efficacy of the proposed abnormal data detection algorithm, highlighting its strong detection performance and its potential to provide an effective solution for safeguarding the security of in-vehicle network information.