Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

MKF-ADS: Multi-Knowledge Fusion Based Self-supervised Anomaly Detection System for Control Area Network (2403.04293v2)

Published 7 Mar 2024 in cs.AI and cs.CR

Abstract: Control Area Network (CAN) is an essential communication protocol that interacts between Electronic Control Units (ECUs) in the vehicular network. However, CAN is facing stringent security challenges due to innate security risks. Intrusion detection systems (IDSs) are a crucial safety component in remediating Vehicular Electronics and Systems vulnerabilities. However, existing IDSs fail to identify complexity attacks and have higher false alarms owing to capability bottleneck. In this paper, we propose a self-supervised multi-knowledge fused anomaly detection model, called MKF-ADS. Specifically, the method designs an integration framework, including spatial-temporal correlation with an attention mechanism (STcAM) module and patch sparse-transformer module (PatchST). The STcAM with fine-pruning uses one-dimensional convolution (Conv1D) to extract spatial features and subsequently utilizes the Bidirectional Long Short Term Memory (Bi-LSTM) to extract the temporal features, where the attention mechanism will focus on the important time steps. Meanwhile, the PatchST captures the combined contextual features from independent univariate time series. Finally, the proposed method is based on knowledge distillation to STcAM as a student model for learning intrinsic knowledge and cross the ability to mimic PatchST. We conduct extensive experiments on six simulation attack scenarios across various CAN IDs and time steps, and two real attack scenarios, which present a competitive prediction and detection performance. Compared with the baseline in the same paradigm, the error rate and FAR are 2.62\% and 2.41\% and achieve a promising F1-score of 97.3\%.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (56)
  1. H. M. Song and H. K. Kim, “Self-supervised anomaly detection for in-vehicle network using noised pseudo normal data,” IEEE Transactions on Vehicular Technology, vol. 70, no. 2, pp. 1098–1108, 2021.
  2. E. Seo, H. M. Song, and H. K. Kim, “Gids: Gan based intrusion detection system for in-vehicle network,” in 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–6, 2018.
  3. K. Agrawal, T. Alladi, A. Agrawal, V. Chamola, and A. Benslimane, “Novelads: A novel anomaly detection system for intra-vehicular networks,” IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 11, pp. 22596–22606, 2022.
  4. M. Han, P. Cheng, and S. Ma, “Ppm-invids: Privacy protection model for in-vehicle intrusion detection system based complex-valued neural network,” Vehicular Communications, vol. 31, p. 100374, 2021.
  5. X. Mo, P. Chen, J. Wang, and C. Wang, “Anomaly detection of vehicle can network based on message content,” in Security and Privacy in New Computing Environments: Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings, pp. 96–104, Springer, 2019.
  6. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, et al., “Comprehensive experimental analyses of automotive attack surfaces.,” in USENIX security symposium, vol. 4, p. 2021, San Francisco, 2011.
  7. J. Ashraf, A. D. Bakhshi, N. Moustafa, H. Khurshid, A. Javed, and A. Beheshti, “Novel deep learning-enabled lstm autoencoder architecture for discovering anomalous events from intelligent transportation systems,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, no. 7, pp. 4507–4518, 2020.
  8. K. H. Park, H. M. Song, J. Do Yoo, S.-Y. Hong, B. Cho, K. Kim, and H. K. Kim, “Unsupervised malicious domain detection with less labeling effort,” Computers & Security, vol. 116, p. 102662, 2022.
  9. L. Yang, A. Moubayed, and A. Shami, “Mth-ids: A multitiered hybrid intrusion detection system for internet of vehicles,” IEEE Internet of Things Journal, vol. 9, no. 1, pp. 616–632, 2021.
  10. K. Pawelec, R. A. Bridges, and F. L. Combs, “Towards a can ids based on a neural network data field predictor,” in Proceedings of the ACM Workshop on Automotive Cybersecurity, pp. 31–34, 2019.
  11. A. Boualouache and T. Engel, “A survey on machine learning-based misbehavior detection systems for 5g and beyond vehicular networks,” IEEE Communications Surveys & Tutorials, 2023.
  12. O. Schell and M. Kneib, “Valid: Voltage-based lightweight intrusion detection for the controller area network,” in 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 225–232, IEEE, 2020.
  13. M. Foruhandeh, Y. Man, R. Gerdes, M. Li, and T. Chantem, “Simple: Single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks,” in Proceedings of the 35th annual computer security applications conference, pp. 229–244, 2019.
  14. M. Kneib, O. Schell, and C. Huth, “Easi: Edge-based sender identification on resource-constrained platforms for automotive networks.,” in NDSS, pp. 1–16, 2020.
  15. P. Cheng, M. Han, and G. Liu, “Desc-ids: Towards an efficient real-time automotive intrusion detection system based on deep evolving stream clustering,” Future Generation Computer Systems, vol. 140, pp. 266–281, 2023.
  16. E. Aliwa, O. Rana, C. Perera, and P. Burnap, “Cyberattacks and countermeasures for in-vehicle networks,” ACM Computing Surveys (CSUR), vol. 54, no. 1, pp. 1–37, 2021.
  17. F. Erlacher and F. Dressler, “On high-speed flow-based intrusion detection using snort-compatible signatures,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 1, pp. 495–506, 2020.
  18. Z. Wu, H. Zhang, P. Wang, and Z. Sun, “Rtids: A robust transformer-based approach for intrusion detection system,” IEEE Access, vol. 10, pp. 64375–64387, 2022.
  19. C. Liu, T. Nie, Y. Du, J. Cao, D. Wu, and F. Li, “A response-type road anomaly detection and evaluation method for steady driving of automated vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 11, pp. 21984–21995, 2022.
  20. M. Hanselmann, T. Strauss, K. Dormann, and H. Ulmer, “Canet: An unsupervised intrusion detection system for high dimensional can bus data,” Ieee Access, vol. 8, pp. 58194–58205, 2020.
  21. H. Sun, M. Chen, J. Weng, Z. Liu, and G. Geng, “Anomaly detection for in-vehicle network using cnn-lstm with attention mechanism,” IEEE Transactions on Vehicular Technology, vol. 70, no. 10, pp. 10880–10893, 2021.
  22. N. Alkhatib, M. Mushtaq, H. Ghauch, and J.-L. Danger, “Can-bert do it? controller area network intrusion detection system based on bert language model,” in 2022 IEEE/ACS 19th International Conference on Computer Systems and Applications (AICCSA), pp. 1–8, IEEE, 2022.
  23. M. Nam, S. Park, and D. S. Kim, “Intrusion detection method using bi-directional gpt for in-vehicle controller area networks,” IEEE Access, vol. 9, pp. 124931–124944, 2021.
  24. M. Müter and N. Asaj, “Entropy-based anomaly detection for in-vehicle networks,” in 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115, IEEE, 2011.
  25. H. M. Song, H. R. Kim, and H. K. Kim, “Intrusion detection system based on the analysis of time intervals of can messages for in-vehicle network,” in 2016 international conference on information networking (ICOIN), pp. 63–68, IEEE, 2016.
  26. I. Studnia, E. Alata, V. Nicomette, M. Kaâniche, and Y. Laarouchi, “A language-based intrusion detection approach for automotive embedded networks,” International Journal of Embedded Systems, vol. 10, no. 1, pp. 1–12, 2018.
  27. H. Olufowobi, C. Young, J. Zambreno, and G. Bloom, “Saiducant: Specification-based automotive intrusion detection using controller area network (can) timing,” IEEE Transactions on Vehicular Technology, vol. 69, no. 2, pp. 1484–1494, 2019.
  28. V. Tanksale, “Intrusion detection for controller area network using support vector machines,” in 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW), pp. 121–126, IEEE, 2019.
  29. M. Levi, Y. Allouche, and A. Kontorovich, “Advanced analytics for connected car cybersecurity,” in 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), pp. 1–7, 2018.
  30. A. Tomlinson, J. Bryans, S. A. Shaikh, and H. K. Kalutarage, “Detection of automotive can cyber-attacks by identifying packet timing anomalies in time windows,” in 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 231–238, IEEE, 2018.
  31. H. M. Song, J. Woo, and H. K. Kim, “In-vehicle network intrusion detection using deep convolutional neural network,” Vehicular Communications, vol. 21, p. 100198, 2020.
  32. Y. Xun, J. Qin, and J. Liu, “Deep learning enhanced driving behavior evaluation based on vehicle-edge-cloud architecture,” IEEE Transactions on Vehicular Technology, vol. 70, no. 6, pp. 6172–6177, 2021.
  33. W. Lo, H. Alqahtani, K. Thakur, A. Almadhor, S. Chander, and G. Kumar, “A hybrid deep learning based intrusion detection system using spatial-temporal representation of in-vehicle network traffic,” Vehicular Communications, vol. 35, p. 100471, 2022.
  34. P. Cheng, M. Han, A. Li, and F. Zhang, “Stc-ids: Spatial–temporal correlation feature analyzing based intrusion detection system for intelligent connected vehicles,” International Journal of Intelligent Systems, vol. 37, no. 11, pp. 9532–9561, 2022.
  35. A. R. Javed, S. Ur Rehman, M. U. Khan, M. Alazab, and T. Reddy, “Canintelliids: Detecting in-vehicle intrusion attacks on a controller area network using cnn and attention-based gru,” IEEE transactions on network science and engineering, vol. 8, no. 2, pp. 1456–1466, 2021.
  36. S. Tariq, S. Lee, and S. S. Woo, “Cantransfer: Transfer learning based intrusion detection on a controller area network using convolutional lstm network,” in Proceedings of the 35th annual ACM symposium on applied computing, pp. 1048–1055, 2020.
  37. H. Zhang, K. Zeng, and S. Lin, “Federated graph neural network for fast anomaly detection in controller area networks,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1566–1579, 2023.
  38. A. Taylor, S. Leblanc, and N. Japkowicz, “Anomaly detection in automobile control network data with long short-term memory networks,” in 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pp. 130–139, IEEE, 2016.
  39. H. Qin, M. Yan, and H. Ji, “Application of controller area network (can) bus anomaly detection based on time series prediction,” Vehicular Communications, vol. 27, p. 100291, 2021.
  40. J. Zhang, Z. Wu, F. Li, C. Xie, T. Ren, J. Chen, and L. Liu, “A deep learning framework for driving behavior identification on in-vehicle can-bus sensor data,” Sensors, vol. 19, no. 6, p. 1356, 2019.
  41. M. S. Rathore, M. Poongodi, P. Saurabh, U. K. Lilhore, S. Bourouis, W. Alhakami, J. Osamor, and M. Hamdi, “A novel trust-based security and privacy model for internet of vehicles using encryption and steganography,” Computers and Electrical Engineering, vol. 102, p. 108205, 2022.
  42. Z. Li, M. Wang, V. Sharma, and P. Gope, “Sustainable and round-optimized group authenticated key exchange in vehicle communication,” IEEE Transactions on Intelligent Transportation Systems, 2022.
  43. D. K. Nilsson, U. E. Larson, and E. Jonsson, “Efficient in-vehicle delayed data authentication based on compound message authentication codes,” in 2008 IEEE 68th Vehicular Technology Conference, pp. 1–5, IEEE, 2008.
  44. A. Van Herrewege, D. Singelee, and I. Verbauwhede, “Canauth-a simple, backward compatible broadcast authentication protocol for can bus,” in ECRYPT workshop on Lightweight Cryptography, vol. 2011, p. 20, ECRYPT, 2011.
  45. C. J. Szilagyi, Low cost multicast network authentication for embedded control systems. PhD thesis, Carnegie Mellon University, 2012.
  46. M. Han, A. Wan, F. Zhang, and S. Ma, “An attribute-isolated secure communication architecture for intelligent connected vehicles,” IEEE Transactions on Intelligent Vehicles, vol. 5, no. 4, pp. 545–555, 2020.
  47. L. Dariz, M. Selvatici, M. Ruggeri, G. Costantino, and F. Martinelli, “Trade-off analysis of safety and security in can bus communication,” in 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS), pp. 226–231, IEEE, 2017.
  48. W. A. Farag, “Cantrack: Enhancing automotive can bus security using intuitive encryption algorithms,” in 2017 7th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO), pp. 1–5, IEEE, 2017.
  49. G. Bella, P. Biondi, G. Costantino, and I. Matteucci, “Toucan: A protocol to secure controller area network,” in Proceedings of the ACM Workshop on Automotive Cybersecurity, pp. 3–8, 2019.
  50. A. H. Sodhro, G. H. Sodhro, M. Guizani, S. Pirbhulal, and A. Boukerche, “Ai-enabled reliable channel modeling architecture for fog computing vehicular networks,” IEEE Wireless Communications, vol. 27, no. 2, pp. 14–21, 2020.
  51. C. Miller and C. Valasek, “Remote exploitation of an unaltered passenger vehicle,” Black Hat USA, vol. 2015, no. S 91, pp. 1–91, 2015.
  52. M. R. Moore, R. A. Bridges, F. L. Combs, M. S. Starr, and S. J. Prowell, “Modeling inter-signal arrival times for accurate detection of can bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection,” in Proceedings of the 12th Annual Conference on Cyber and Information Security Research, pp. 1–4, 2017.
  53. M. Marchetti and D. Stabili, “Read: Reverse engineering of automotive data frames,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1083–1097, 2018.
  54. Y. Nie, N. H. Nguyen, P. Sinthong, and J. Kalagnanam, “A time series is worth 64 words: Long-term forecasting with transformers,” in The Eleventh International Conference on Learning Representations, 2022.
  55. H. Guo, S. Yuan, and X. Wu, “Logbert: Log anomaly detection via bert,” in 2021 international joint conference on neural networks (IJCNN), pp. 1–8, IEEE, 2021.
  56. K. Yu, L. Tan, S. Mumtaz, S. Al-Rubaye, A. Al-Dulaimi, A. K. Bashir, and F. A. Khan, “Securing critical infrastructures: deep-learning-based threat detection in iiot,” IEEE Communications Magazine, vol. 59, no. 10, pp. 76–82, 2021.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Pengzhou Cheng (17 papers)
  2. Zongru Wu (13 papers)
  3. Gongshen Liu (37 papers)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets