scholarly journals Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach

2020 ◽  
Vol 12 (7) ◽  
pp. 119
Author(s):  
Vita Santa Barletta ◽  
Danilo Caivano ◽  
Antonella Nannavecchia ◽  
Michele Scalera
Keyword(s):  
Intrusion Detection ◽  
Can Bus ◽  
Traditional Approach ◽  
Detection Accuracy ◽  
Area Network ◽  
Vehicle Communication ◽  
Traditional Procedure ◽  
Wide Range ◽  
Som Network ◽  
Portable Communication

The diffusion of embedded and portable communication devices on modern vehicles entails new security risks since in-vehicle communication protocols are still insecure and vulnerable to attacks. Increasing interest is being given to the implementation of automotive cybersecurity systems. In this work we propose an efficient and high-performing intrusion detection system based on an unsupervised Kohonen Self-Organizing Map (SOM) network, to identify attack messages sent on a Controller Area Network (CAN) bus. The SOM network found a wide range of applications in intrusion detection because of its features of high detection rate, short training time, and high versatility. We propose to extend the SOM network to intrusion detection on in-vehicle CAN buses. Many hybrid approaches were proposed to combine the SOM network with other clustering methods, such as the k-means algorithm, in order to improve the accuracy of the model. We introduced a novel distance-based procedure to integrate the SOM network with the K-means algorithm and compared it with the traditional procedure. The models were tested on a car hacking dataset concerning traffic data messages sent on a CAN bus, characterized by a large volume of traffic with a low number of features and highly imbalanced data distribution. The experimentation showed that the proposed method greatly improved detection accuracy over the traditional approach.

scholarly journals A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

2020 ◽  
Vol 10 (15) ◽  
pp. 5062
Author(s):  
Vita Santa Barletta ◽  
Danilo Caivano ◽  
Antonella Nannavecchia ◽  
Michele Scalera
Keyword(s):  
Intrusion Detection ◽  
Communication Networks ◽  
High Performance ◽  
Clustering Algorithm ◽  
Can Bus ◽  
Detection System ◽  
Complex Structure ◽  
Area Network ◽  
Self Organizing Map ◽  
Vehicle Communication

The diffusion of connected devices in modern vehicles involves a lack in security of the in-vehicle communication networks such as the controller area network (CAN) bus. The CAN bus protocol does not provide security systems to counter cyber and physical attacks. Thus, an intrusion-detection system to identify attacks and anomalies on the CAN bus is desirable. In the present work, we propose a distance-based intrusion-detection network aimed at identifying attack messages injected on a CAN bus using a Kohonen self-organizing map (SOM) network. It is a power classifier that can be trained both as supervised and unsupervised learning. SOM found broad application in security issues, but was never performed on in-vehicle communication networks. We performed two approaches, first using a supervised X–Y fused Kohonen network (XYF) and then combining the XYF network with a K-means clustering algorithm (XYF–K) in order to improve the efficiency of the network. The models were tested on an open source dataset concerning data messages sent on a CAN bus 2.0B and containing large traffic volume with a low number of features and more than 2000 different attack types, sent totally at random. Despite the complex structure of the CAN bus dataset, the proposed architectures showed a high performance in the accuracy of the detection of attack messages.

scholarly journals Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4736
Author(s):  
Sk. Tanzir Mehedi ◽  
Adnan Anwar ◽  
Ziaur Rahman ◽  
Kawsar Ahmed
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Transfer Learning ◽  
Security Requirements ◽  
Detection Accuracy ◽  
Area Network ◽  
Complex Data ◽  
Network Intrusion

The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

scholarly journals Anomaly Detection of CAN Bus Messages Using A Deep Neural Network for Autonomous Vehicles

2019 ◽  
Vol 9 (15) ◽  
pp. 3174 ◽  
Author(s):  
Zhou ◽  
Li ◽  
Shen
Keyword(s):  
Neural Network ◽  
Anomaly Detection ◽  
Autonomous Vehicles ◽  
Deep Neural Network ◽  
Can Bus ◽  
Detection Accuracy ◽  
Area Network ◽  
Data Packets ◽  
Essential Components ◽  
Triplet Loss

The in-vehicle controller area network (CAN) bus is one of the essential components for autonomous vehicles, and its safety will be one of the greatest challenges in the field of intelligent vehicles in the future. In this paper, we propose a novel system that uses a deep neural network (DNN) to detect anomalous CAN bus messages. We treat anomaly detection as a cross-domain modelling problem, in which three CAN bus data packets as a group are directly imported into the DNN architecture for parallel training with shared weights. After that, three data packets are represented as three independent feature vectors, which corresponds to three different types of data sequences, namely anchor, positive and negative. The proposed DNN architecture is an embedded triplet loss network that optimizes the distance between the anchor example and the positive example, makes it smaller than the distance between the anchor example and the negative example, and realizes the similarity calculation of samples, which were originally used in face detection. Compared to traditional anomaly detection methods, the proposed method to learn the parameters with shared-weight could improve detection efficiency and detection accuracy. The whole detection system is composed of the front-end and the back-end, which correspond to deep network and triplet loss network, respectively, and are trainable in an end-to-end fashion. Experimental results demonstrate that the proposed technology can make real-time responses to anomalies and attacks to the CAN bus, and significantly improve the detection ratio. To the best of our knowledge, the proposed method is the first used for anomaly detection in the in-vehicle CAN bus.

Study of Air-Fuel Ratio Analyzer Based on CAN Bus

2010 ◽  
Vol 44-47 ◽  
pp. 946-950
Author(s):  
Wei Bin Wu ◽  
Tian Sheng Hong ◽  
Jin Xing Guo ◽  
Xian Mao Liu ◽  
Xie Ming Guo ◽  
...  
Keyword(s):  
Oxygen Sensor ◽  
Can Bus ◽  
Control Area ◽  
Sensor Calibration ◽  
Area Network ◽  
Maximum Relative Error ◽  
Calibration Laboratory ◽  
Developed Country ◽  
Fuel Ratio ◽  
Wide Range

Air-Fuel Radio (AFR) analyzer technology is basically mastered by monopolies of developed country nowadays. Due to the lack of development in China, it has a strong practical value to study the accurate, rapid response and portable air-fuel ratio analyzer. This article is based on the AFR calculation model microcomputer hardware and software system design, background monitoring software design and debugging and measurement system, and on the choice of universal oxygen sensor calibration laboratory, establishing a wide-range of oxygen sensor output voltage and AFR model. The main features of AFR analyzer are measurement and display of air-fuel ratio, excess air coefficient or oxygen content, via RS232 communication with host computer or via Control Area Network (CAN) bus and vehicle ECU communication function. Test results showed that the error can be controlled at ± 0.03 λ range when comparing the Analyzer measurement values to calculated values. Compared with American Innovate company LM-2 air-fuel ratio analyser, the maximum relative error measured is ±0.08 when exhaust flood or too dilute, the average measurement error is ±0.04 while λ is between 0.8 and 1.3.

scholarly journals Evaluation of CAN Bus Security Challenges

Sensors ◽  
2020 ◽  
Vol 20 (8) ◽  
pp. 2364 ◽  
Author(s):  
Mehmet Bozdal ◽  
Mohammad Samie ◽  
Sohaib Aslam ◽  
Ian Jennions
Keyword(s):  
Automobile Industry ◽  
Can Bus ◽  
Detection System ◽  
Area Network ◽  
Financial Loss ◽  
Safe Driving ◽  
Vehicle Communication ◽  
Security Issues ◽  
Attack Surface ◽  
Encryption And Authentication

The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack prevention, mainly based on an intrusion detection system (IDS).

scholarly journals LC-IDS: Loci-Constellation-Based Intrusion Detection for Reconfigurable Wireless Networks

Electronics ◽  
2021 ◽  
Vol 10 (24) ◽  
pp. 3053
Author(s):  
Jaime Zuniga-Mejia ◽  
Rafaela Villalpando-Hernandez ◽  
Cesar Vargas-Rosales ◽  
Mahdi Zareei
Keyword(s):  
Wireless Networks ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Dimensional Space ◽  
Temporal Structure ◽  
Detection Performance ◽  
Detection Accuracy ◽  
Routing Attacks ◽  
Network Intrusion ◽  
Wide Range

Detection accuracy of current machine-learning approaches to intrusion detection depends heavily on feature engineering and dimensionality-reduction techniques (e.g., variational autoencoder) applied to large datasets. For many use cases, a tradeoff between detection performance and resource requirements must be considered. In this paper, we propose Loci-Constellation-based Intrusion Detection System (LC-IDS), a general framework for network intrusion detection (detection of already known and previously unknown routing attacks) for reconfigurable wireless networks (e.g., vehicular ad hoc networks, unmanned aerial vehicle networks). We introduce the concept of ‘attack-constellation’, which allows us to represent all the relevant information for intrusion detection (misuse detection and anomaly detection) on a latent 2-dimensional space that arises naturally by considering the temporal structure of the input data. The attack/anomaly-detection performance of LC-IDS is analyzed through simulations in a wide range of network conditions. We show that for all the analyzed network scenarios, we can detect known attacks, with a good detection accuracy, and anomalies with low false positive rates. We show the flexibility and scalability of LC-IDS that allow us to consider a dynamic number of neighboring nodes and routing attacks in the ‘attack-constellation’ in a distributed fashion and with low computational requirements.

scholarly journals Detecting cybersecurity attacks across different network features and learners

2021 ◽  
Vol 8 (1) ◽  
Author(s):  
Joffrey L. Leevy ◽  
John Hancock ◽  
Richard Zuech ◽  
Taghi M. Khoshgoftaar
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Operating Characteristic ◽  
Characteristic Curve ◽  
Machine Learning Algorithms ◽  
Feature Selection Technique ◽  
Impact Performance ◽  
Detection Model ◽  
Wide Range ◽  
Research Questions

AbstractMachine learning algorithms efficiently trained on intrusion detection datasets can detect network traffic capable of jeopardizing an information system. In this study, we use the CSE-CIC-IDS2018 dataset to investigate ensemble feature selection on the performance of seven classifiers. CSE-CIC-IDS2018 is big data (about 16,000,000 instances), publicly available, modern, and covers a wide range of realistic attack types. Our contribution is centered around answers to three research questions. The first question is, “Does feature selection impact performance of classifiers in terms of Area Under the Receiver Operating Characteristic Curve (AUC) and F1-score?” The second question is, “Does including the Destination_Port categorical feature significantly impact performance of LightGBM and Catboost in terms of AUC and F1-score?” The third question is, “Does the choice of classifier: Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), Logistic Regression (LR), Catboost, LightGBM, or XGBoost, significantly impact performance in terms of AUC and F1-score?” These research questions are all answered in the affirmative and provide valuable, practical information for the development of an efficient intrusion detection model. To the best of our knowledge, we are the first to use an ensemble feature selection technique with the CSE-CIC-IDS2018 dataset.

Sign in / Sign up

Export Citation Format

Share Document