lei xue,yangyang liu,tianqi li,kaifa zhao,jianfeng li,le yu,xiapu luo,yajin zhou,guofei gu

2022-01-01

Abstract:Modern vehicles are equipped with many ECUs (Electronic Control Unit) that are connected to the IVN (In-Vehicle Network) for controlling the vehicles. Meanwhile, various interfaces of vehicles, such as OBD-II port, T-Box, sensors, and telematics, implement the interaction between the IVN and external environment. Although rich value-added functionalities can be provided through these interfaces, such as diagnostics and OTA (Over The Air) updates, the adversary may also inject malicious data into IVN, thus causing severe safety issues. Even worse, existing defense approaches mainly focus on detecting the injection attacks launched from IVN, such as malicious/compromised ECUs, by analyzing CAN frames, and cannot defend against the higher layer MIAs (Message Injection Attacks) that can cause abnormal vehicle dynamics. In this paper, we propose a new state-aware abnormal message injection attack defense approach, named SAID. It detects the abnormal data to be injected into IVN by considering the data semantics and the vehicle dynamics and prevents the MIAs launched from devices connected to the vehicles, such as the compromised diagnostic tools and T-boxes. We develop a prototype of SAID for defending against MIAs and evaluate it using both real road data and simulation data. The experimental results show that SAID can defend against more than 99% of the network and service layer attack traffic and all state layer MIAs, effectively enforcing the safety of vehicles.

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Zhouyan Deng,Yijie Xun,Jiajia Liu,Shouqing Li,Yilin Zhao

DOI: https://doi.org/10.1109/globecom48099.2022.10000766

2022-01-01

Abstract:As emerging technologies such as mobile communication, vehicle to everything, and artificial intelligence are widely used in intelligent connected vehicles, drivers can gain a convenient and colorful driving experience. While these technologies enrich the driving experience, they also bring a series of vulnerable interfaces to the vehicle. These interfaces can be used by hackers to attack other nodes of in-vehicle network that lack authentication and encryption. For this, researchers design scheme to encrypt and authenticate messages to protect in-vehicle networks, but this scheme would occupy the bandwidth resources of in-vehicle network. Therefore, researchers propose parameter monitoring-based intrusion detection system (IDS), information theory-based IDS, and fingerprint-based IDS, which do not occupy bandwidth. However, most IDSs either cannot locate the source of the attack, cannot detect aperiodic frames, or need to know the non-public mapping between electronic control units (ECUs) and identifiers (IDs) of in-vehicle network. To solve these weaknesses, we propose a novel IDS that establishes voltage fingerprints for each ID. This system can detect period and aperiodic malicious frames and locate the source of attack without knowing the mapping between ECUs and IDs. The experimental results on actual vehicles demonstrate that our scheme is robust against real scenarios.

Li Yang,Abdallah Moubayed,Abdallah Shami

DOI: https://doi.org/10.1109/JIOT.2021.3084796

2021-05-27

Abstract:Modern vehicles, including connected vehicles and autonomous vehicles, nowadays involve many electronic control units connected through intra-vehicle networks to implement various functionalities and perform actions. Modern vehicles are also connected to external networks through vehicle-to-everything technologies, enabling their communications with other vehicles, infrastructures, and smart devices. However, the improving functionality and connectivity of modern vehicles also increase their vulnerabilities to cyber-attacks targeting both intra-vehicle and external networks due to the large attack surfaces. To secure vehicular networks, many researchers have focused on developing intrusion detection systems (IDSs) that capitalize on machine learning methods to detect malicious cyber-attacks. In this paper, the vulnerabilities of intra-vehicle and external networks are discussed, and a multi-tiered hybrid IDS that incorporates a signature-based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks. Experimental results illustrate that the proposed system can detect various types of known attacks with 99.99% accuracy on the CAN-intrusion-dataset representing the intra-vehicle network data and 99.88% accuracy on the CICIDS2017 dataset illustrating the external vehicular network data. For the zero-day attack detection, the proposed system achieves high F1-scores of 0.963 and 0.800 on the above two datasets, respectively. The average processing time of each data packet on a vehicle-level machine is less than 0.6 ms, which shows the feasibility of implementing the proposed system in real-time vehicle systems. This emphasizes the effectiveness and efficiency of the proposed IDS.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

Junchao Xiao,Hao Wu,Xiangxue Li,Yuan Linghu

DOI: https://doi.org/10.1007/978-3-030-38961-1_40

2020-01-01

Abstract:A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

Zhouyan Deng,Jiajia Liu,Yijie Xun,Junman Qin

DOI: https://doi.org/10.1109/tifs.2023.3327026

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As innovative technologies such as autonomous driving, over-the-air technology, and vehicle-to-everything are widely applied to intelligent connected vehicles, people can gain a more convenient and safer driving experience. Although the application of these technologies facilitates our lives, they also bring a series of vulnerable interfaces (such as 5G, Bluetooth, and WiFi), which pose a significant security threat to existing in-vehicle networks. To address these threats, researchers have proposed two mainstream schemes, including message authentication and intrusion detection system (IDS), where the scheme of message authentication needs to occupy the limited bandwidth of controller area network (CAN) bus. Furthermore, most IDSs either cannot locate the sender of the attack, fail to detect aperiodic malicious frames, or require prior knowledge of which CAN identifiers (IDs) belong to which electronic control units (ECUs). To address these weaknesses, we propose a practical voltage-based IDS named IdentifierIDS for real in-vehicle networks. To the best of our knowledge, it is the first scheme to detect intrusions by establishing a voltage fingerprint for each ID without the need for prior knowledge. This allows IdentifierIDS to detect both periodic and aperiodic malicious frames without occupying the limited bandwidth of the CAN bus. As a self-learning IDS, it can adapt to different in-vehicle networks without the need for customization for them. Experiments on three real vehicles demonstrate the robustness of our scheme in different in-vehicle networks.

Junchao Xiao,Hao Wu,Xiangxue Li

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00193

2019-01-01

Abstract:The Controller Area Network (CAN bus) is the most popular vehicle bus standard for communication between Electronics Control Units (ECUs) and related electronic devices. Modern vehicles are generally equipped with many (dozens of, or even hundreds of) electronic and intelligent devices so that drivers can gain a more comfortable driving experience. Protecting this increasingly complex vehicle ecosystem can be an arduous task, especially as the proliferation of data across different connected devices makes them more vulnerable than ever before. Intrusion detection systems (IDSs) have been found extremely helpful in monitoring CAN traffic and detecting potential intrusions. The paper proposes a novel and robust intrusion detection mechanism for in-vehicle CAN network by using spatiotemporal information enabled time series prediction. The proposed IDS analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our model utilizes substantially both the time and space information of the instructions information sent by the ECUs in detecting the intrusions and thus outperforms the classical Long Short Term Memory model. The intrusion detection mechanism provides strong robustness in the sense that it can perform fast online learning of packet features (while the vehicle is running) to implement new protocols for intrusion detection (enabling to capture the fresh state of the vehicle) if the underlying communication protocol of the vehicle has changed. In particular, the IDS can evolve by itself as exotic environment factors (such as road conditions, atmospheric conditions, etc.) change and manage its model by itself in a self-organized way. Experiment results demonstrate the performance of the model and the effectiveness against both known and unknown attacks.

Bowen Wang,Yuance Zhang,Zhaojing Zhang,Hongxing Hu,Geguang Pu

DOI: https://doi.org/10.4271/2023-01-0044

2023-01-01

Abstract:Intrusion Detection Systems (IDS), technically speaking, is to monitor the network, system, and operation status according to certain security policies, and try to find various attack attempts, attacks or attack results to ensure the confidentiality, integrity and availability of network system resources. Automotive intrusion detection systems can identify and alert by analyzing in-vehicle traffic and log when software applications or devices with malicious activity exist, or the in-vehicle network is tampered and injected. But unfortunately, automotive cybersecurity researchers hardly produce a comprehensive detection method due to the confidential nature of Controller Area Network (CAN) DBC format files, which is a standard long maintained by car manufacturers.In this paper, an enhanced intrusion detection method is proposed based on the double-decision-tree to classify different attack models for in-vehicle CAN network without the need to obtain complete DBC files. Unlike the existing method that is using data from the simulated CAN traffic traces, we construct three attack models based on real CAN bus traffic collected from Pentium T99. A totally new data split method is provided to divide training set, validation set and test dataset. Three experiments are set to verify this new data split method and the results show that we have achieved high accuracy in the recognition of the three types of attacks, and the model has high operating efficiency.

Wanting Gou,Haodi Zhang,Ronghui Zhang

DOI: https://doi.org/10.3390/s23218788

2023-10-28

Abstract:The Internet of Vehicles(IoV) employs vehicle-to-everything (V2X) technology to establish intricate interconnections among the Internet, the IoT network, and the Vehicle Networks (IVNs), forming a complex vehicle communication network. However, the vehicle communication network is very vulnerable to attacks. The implementation of an intrusion detection system (IDS) emerges as an essential requisite to ensure the security of in-vehicle/inter-vehicle communication in IoV. Within this context, the imbalanced nature of network traffic data and the diversity of network attacks stand as pivotal factors in IDS performance. On the one hand, network traffic data often heavily suffer from data imbalance, which impairs the detection performance. To address this issue, this paper employs a hybrid approach combining the Synthetic Minority Over-sampling Technique (SMOTE) and RandomUnderSampler to achieve a balanced class distribution. On the other hand, the diversity of network attacks constitutes another significant factor contributing to poor intrusion detection model performance. Most current machine learning-based IDSs mainly perform binary classification, while poorly dealing with multiclass classification. This paper proposes an adaptive tree-based ensemble network as the intrusion detection engine for the IDS in IoV. This engine employs a deep-layer structure, wherein diverse ML models are stacked as layers and are interconnected in a cascading manner, which enables accurate and efficient multiclass classification, facilitating the precise identification of diverse network attacks. Moreover, a machine learning-based approach is used for feature selection to reduce feature dimensionality, substantially alleviating the computational overhead. Finally, we evaluate the proposed IDS performance on various cyber-attacks from the in-vehicle and external networks in IoV by using the network intrusion detection dataset CICIDS2017 and the vehicle security dataset Car-Hacking. The experimental results demonstrate remarkable performance, with an F1-score of 0.965 on the CICIDS2017 dataset and an F1-score of 0.9999 on the Car-Hacking dataset. These scores demonstrate that our IDS can achieve efficient and precise multiclass classification. This research provides a valuable reference for ensuring the cybersecurity of IoV.

Zhuo Wei,Yanjiang Yang,Yasmin Rehana,Yongdong Wu,Jian Weng,Robert H. Deng

DOI: https://doi.org/10.1007/978-3-319-72359-4_39

2017-01-01

Abstract:In recent years, a lot of vehicle attacks have been reported and demonstrated by researchers and whitehat hackers indicating vehicle cyber security as an important issue particularly for self-driving cars. The reason behind this extended attack vector is the multiple external interfaces of vehicles and minimal internal security protection. Hence, it is totally possible for adversaries to take full control of connected cars. In this paper, we propose an efficient Vehicular Intrusion Detection System (IDS), named as VIDS, which consists of a lightweight domain-based detection model for ECU devices and a comprehensive crossdomain-based detection model for a gateway or domain controller. The former makes use of specification periodic features of Controller Area Network (CAN) frames, while the latter exploits stream bit value features with deep learning techniques. With the use of real vehicular normal datasets and synthesized abnormal datasets for experimenting, the experimental results indicate that the proposed VIDS can achieve better detection rate over existing IDS systems. In addition, VIDS is compatible with vehicle internal CAN network.

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Dheeraj Basavaraj,Shahab Tayeb

DOI: https://doi.org/10.3390/jsan11010006

2022-01-10

Journal of Sensor and Actuator Networks

Abstract:With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

Junman Qin,Yijie Xun,Zhouyan Deng,Jiajia Liu

DOI: https://doi.org/10.1109/tvt.2024.3383449

2024-01-01

Abstract:The intelligent connected vehicle (ICV) has garnered considerable attention in recent years due to developments in vehicle-to-everything (V2X) technology, 5G communication networks, and more. However, the connection between the in-vehicle network (IVN) and external network exposes vehicles to potential intrusion risks. In particular, the controller area network (CAN) protocol, a typical IVN responsible for electronic control unit cooperation, lacks defense mechanisms like encryption or authentication, further making vehicles vulnerable to intrusion. Therefore, many scholars propose countermeasures to address the weakness of CAN, namely message authentication and intrusion detection systems (IDS). Given that the former may occupy extra bandwidth and computational resources, we prioritize IDS in this paper. Thus, we propose a generative adversarial network assisted contextual pattern-aware IDS (GPIDS) against several typical vehicle attacks, including bus-off, spoofing, masquerade, replay, fuzzy, and same origin method execution (SOME). The SOME attack stems from the Internet of Things field and possesses high disguise property, which can mimic physical features as normal messages in IVN, like clock skew, traffic, voltage, and so on. Notably, to the best of our knowledge, we are the first to present an IDS capable of effectively addressing SOME attacks. Extensive experiments have been conducted on four real vehicles, demonstrating that GPIDS can accurately detect the aforementioned attacks with low latency.

Achref Haddaji,Samiha Ayed,Lamia Chaari Fourati

DOI: https://doi.org/10.1016/j.adhoc.2024.103481

IF: 4.816

2024-05-01

Ad Hoc Networks

Abstract:The Internet of Vehicles (IoV) has garnered significant popularity thanks to rapid technological advancements and the widespread availability of the Internet. IoV encompasses vehicles with multiple electronic control units (ECUs) interconnected via advanced intra-vehicle networks. These networks play a crucial role in managing various vehicle functions, with the Controller Area Network (CAN) being of particular significance. However, the increased adoption of intelligent vehicles has also led to a rise in cyberattacks in the intra-vehicular network. These existing vulnerabilities pose significant security and user safety challenges. Extensive efforts have been dedicated to enhancing intra-vehicular network security. Yet, there are open concerns with limited progress made by academic and industry experts on effectively detecting CAN bus attacks. These concerns are essential to ensure intelligent vehicles’ overall security and safety. It requires collaboration between academia, industry, and the development of innovative solutions to fortify vehicular networks against evolving cyber threats. Current intra-vehicular security systems need more robustness and need to consider intelligent methodologies in their proposed works. To overcome all these limitations, This paper introduces a novel intrusion detection framework for in-vehicle networks based on integrating federated learning with transfer learning, improving the detection capabilities of individual vehicles within the network. Our framework employs a trusted authority for secure communication, a cloud server for model distribution and aggregation, and leverages the CAN bus for data collection and training. It guarantees that vehicles start with standardized baseline models and refine them through transfer learning, resulting in a collective intelligence-based final IDS engine for ongoing improvement. We used the Maximum Mean Discrepancy (MMD) to select data from the source domain similar to the target domain. The selected data is more likely to contain patterns and features useful for detecting intrusions in the target domain, leading to better generalization and detection capabilities.

computer science, information systems,telecommunications

Brooke Lampe,Weizhi Meng

DOI: https://doi.org/10.1016/j.eswa.2023.119771

IF: 8.5

2023-03-01

Expert Systems with Applications

Abstract:Modern automobiles depend on internal vehicle networks (IVNs) to control systems from the anti-lock brakes to the transmission to the locks on the doors. Many IVNs, particularly the Controller Area Network (CAN) bus, were developed with little regard for security, since the IVNs of the past were isolated from the outside world. In the present day, the assumption of isolation no longer applies. Cellular service, Wi-Fi, and Bluetooth are just a few examples of the connectivity of contemporary automobiles. Researchers have explored a number of automotive security enhancements, but such enhancements are often roadblocked by implementation challenges, complexity, and expense. An intrusion detection system (IDS) is a promising automotive security enhancement that requires little, if any, adjustment to a vehicle's existing infrastructure. Deep learning techniques can augment the capability of automotive IDSs, improving detection accuracy and precision. This paper provides a comprehensive overview of deep learning-based IDSs in automotive networks. We assemble various deep learning schemes, categorize them according to their topologies and techniques, and highlight their distinct contributions. In addition, we analyze each scheme's evaluation in terms of datasets, attack types, and metrics. We summarize the results of the schemes and assess the advantages and disadvantages of different deep learning architectures.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Seonghoon Jeong,Sangho Lee,Hwejae Lee,Huy Kang Kim

DOI: https://doi.org/10.1109/TVT.2023.3327275

2024-03-14

Abstract:Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Cryptography and Security,Signal Processing

Muzun Althunayyan,Amir Javed,Omer Rana

2024-08-16

Abstract:As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment.

Cryptography and Security

Qi Liu,Xingyu Li,Ke Sun,Yufeng Li,Yanchen Liu

2024-02-21

Abstract:Scalable service-Oriented Middleware over IP (SOME/IP) is an Ethernet communication standard protocol in the Automotive Open System Architecture (AUTOSAR), promoting ECU-to-ECU communication over the IP stack. However, SOME/IP lacks a robust security architecture, making it susceptible to potential attacks. Besides, random hardware failure of ECU will disrupt SOME/IP communication. In this paper, we propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication, including Distributed Denial-of-Services, Man-in-the-Middle, and abnormal communication processes, assuming a malicious user accesses the in-vehicle network. Subsequently, SISSA designs a series of deep learning models with various backbones to extract features from SOME/IP sessions among ECUs. We adopt residual self-attention to accelerate the model's convergence and enhance detection accuracy, determining whether an ECU is under attack, facing functional failure, or operating normally. Additionally, we have created and annotated a dataset encompassing various classes, including indicators of attack, functionality, and normalcy. This contribution is noteworthy due to the scarcity of publicly accessible datasets with such characteristics.Extensive experimental results show the effectiveness and efficiency of SISSA.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Hyungchul Im,Donghyeon Lee,Seongsoo Lee

DOI: https://doi.org/10.3390/s24092807

IF: 3.9

2024-04-29

Sensors

Abstract:The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Feng Luo,Jiajia Wang,Xuan Zhang,Yifan Jiang,Zhihao Li,Cheng Luo

DOI: https://doi.org/10.7717/peerj-cs.1648

2023-10-26

Abstract:Developments in connected and autonomous vehicle technologies provide drivers with many convenience and safety benefits. Unfortunately, as connectivity and complexity within vehicles increase, more entry points or interfaces that may directly or indirectly access in-vehicle networks (IVNs) have been introduced, causing a massive rise in security risks. An intrusion detection system (IDS) is a practical method for controlling malicious attacks while guaranteeing real-time communication. Regarding the ever-evolving security attacks on IVNs, researchers have paid more attention to employing deep learning-based techniques to deal with privacy concerns and security threats in the IDS domain. Therefore, this article comprehensively reviews all existing deep IDS approaches on in-vehicle networks and conducts fine-grained classification based on applied deep network architecture. It investigates how deep-learning techniques are utilized to implement different IDS models for better performance and describe their possible contributions and limitations. Further compares and discusses the studied schemes concerning different facets, including input data strategy, benchmark datasets, classification technique, and evaluation criteria. Furthermore, the usage preferences of deep learning in IDS, the influence of the dataset, and the selection of feature segments are discussed to illuminate the main potential properties for designing. Finally, possible research directions for follow-up studies are provided.