IDS-DEC: A novel intrusion detection for CAN bus traffic based on deep embedded clustering

IF 5.8 2区计算机科学 Q1 TELECOMMUNICATIONS Vehicular Communications Pub Date : 2024-07-26 DOI:10.1016/j.vehcom.2024.100830

{"title":"IDS-DEC: A novel intrusion detection for CAN bus traffic based on deep embedded clustering","authors":"","doi":"10.1016/j.vehcom.2024.100830","DOIUrl":null,"url":null,"abstract":"<div><p>As the automotive industry advances towards greater automation, the proliferation of electronic control units (ECUs) has led to a substantial increase in the connectivity of in-vehicle networks with the external environment. However, the widely used Controller Area Network (CAN), which serves as the standard for in-vehicle networks, lacks robust security features, such as authentication or encrypted information transmission. This poses a significant challenge to the security of these networks. Despite the availability of powerful intrusion detection methods based on machine learning and deep learning, there are notable limitations in terms of stability and accuracy in the absence of a supervised learning process with labeled data. To address this issue, this paper introduces a novel in-vehicle intrusion detection system, termed IDS-DEC. This system combines a spatiotemporal self-coder employing LSTM and CNN (LCAE) with an entropy-based deep embedding clustering. Specifically, our approach involves encoding in-vehicle network traffic into windowed messages using a stream builder, designed to adapt to high-frequency traffic. These messages are then fed into the LCAE to extract a low-dimensional nonlinear spatiotemporal mapping from the initially high-dimensional data. The resulting low-dimensional mapping is subjected to a dual constraint in conjunction with our entropy-based pure deep embedding clustering module. This creates a bidirectional learning objective, addressing the optimization problem and facilitating an end-to-end training pattern for our model to adapt to diverse attack environments. The effectiveness of IDS-DEC is validated using both the benchmark Car Hacking dataset and the Car Hacking-Attack & Defense Challenge dataset. Experimental results demonstrate the model's high detection accuracy across various attacks, stabilizing at approximately 99% accuracy with a 0.5% false alarm rate. The F1 score also stabilizes at around 99%. In comparison with unsupervised methods based on deep stream clustering, LSTM-based self-encoder, and classification-based methods, IDS-DEC exhibits significant improvements across all performance metrics.</p></div>","PeriodicalId":54346,"journal":{"name":"Vehicular Communications","volume":null,"pages":null},"PeriodicalIF":5.8000,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vehicular Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214209624001050","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

As the automotive industry advances towards greater automation, the proliferation of electronic control units (ECUs) has led to a substantial increase in the connectivity of in-vehicle networks with the external environment. However, the widely used Controller Area Network (CAN), which serves as the standard for in-vehicle networks, lacks robust security features, such as authentication or encrypted information transmission. This poses a significant challenge to the security of these networks. Despite the availability of powerful intrusion detection methods based on machine learning and deep learning, there are notable limitations in terms of stability and accuracy in the absence of a supervised learning process with labeled data. To address this issue, this paper introduces a novel in-vehicle intrusion detection system, termed IDS-DEC. This system combines a spatiotemporal self-coder employing LSTM and CNN (LCAE) with an entropy-based deep embedding clustering. Specifically, our approach involves encoding in-vehicle network traffic into windowed messages using a stream builder, designed to adapt to high-frequency traffic. These messages are then fed into the LCAE to extract a low-dimensional nonlinear spatiotemporal mapping from the initially high-dimensional data. The resulting low-dimensional mapping is subjected to a dual constraint in conjunction with our entropy-based pure deep embedding clustering module. This creates a bidirectional learning objective, addressing the optimization problem and facilitating an end-to-end training pattern for our model to adapt to diverse attack environments. The effectiveness of IDS-DEC is validated using both the benchmark Car Hacking dataset and the Car Hacking-Attack & Defense Challenge dataset. Experimental results demonstrate the model's high detection accuracy across various attacks, stabilizing at approximately 99% accuracy with a 0.5% false alarm rate. The F1 score also stabilizes at around 99%. In comparison with unsupervised methods based on deep stream clustering, LSTM-based self-encoder, and classification-based methods, IDS-DEC exhibits significant improvements across all performance metrics.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

IDS-DEC：基于深度嵌入式聚类的新型 CAN 总线流量入侵检测器

随着汽车行业向更高自动化水平迈进，电子控制单元（ECU）的激增导致车载网络与外部环境的连接大幅增加。然而，作为车载网络标准而广泛使用的控制器局域网（CAN）却缺乏强大的安全功能，如身份验证或加密信息传输。这给这些网络的安全性带来了巨大挑战。尽管基于机器学习和深度学习的入侵检测方法功能强大，但在缺乏标注数据监督学习过程的情况下，其稳定性和准确性存在明显的局限性。为解决这一问题，本文介绍了一种新型车载入侵检测系统，称为 IDS-DEC。该系统将采用 LSTM 和 CNN（LCAE）的时空自编码器与基于熵的深度嵌入聚类相结合。具体来说，我们的方法是使用流生成器将车载网络流量编码为窗口信息，以适应高频流量。然后将这些信息输入 LCAE，从最初的高维数据中提取低维非线性时空映射。由此产生的低维映射与我们基于熵的纯深度嵌入聚类模块一起受到双重约束。这就创造了一个双向学习目标，解决了优化问题，并为我们的模型提供了端到端的训练模式，以适应不同的攻击环境。IDS-DEC 的有效性通过基准 "汽车黑客攻击 "数据集和 "汽车黑客攻击& 防御挑战 "数据集进行了验证。实验结果表明，该模型对各种攻击的检测准确率很高，准确率稳定在 99% 左右，误报率为 0.5%。F1 分数也稳定在 99% 左右。与基于深度流聚类的无监督方法、基于 LSTM 的自编码器和基于分类的方法相比，IDS-DEC 在所有性能指标上都有显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Vehicular Communications Engineering-Electrical and Electronic Engineering

CiteScore

12.70

自引率

10.40%

发文量

审稿时长

62 days

期刊介绍： Vehicular communications is a growing area of communications between vehicles and including roadside communication infrastructure. Advances in wireless communications are making possible sharing of information through real time communications between vehicles and infrastructure. This has led to applications to increase safety of vehicles and communication between passengers and the Internet. Standardization efforts on vehicular communication are also underway to make vehicular transportation safer, greener and easier. The aim of the journal is to publish high quality peer–reviewed papers in the area of vehicular communications. The scope encompasses all types of communications involving vehicles, including vehicle–to–vehicle and vehicle–to–infrastructure. The scope includes (but not limited to) the following topics related to vehicular communications: Vehicle to vehicle and vehicle to infrastructure communications Channel modelling, modulating and coding Congestion Control and scalability issues Protocol design, testing and verification Routing in vehicular networks Security issues and countermeasures Deployment and field testing Reducing energy consumption and enhancing safety of vehicles Wireless in–car networks Data collection and dissemination methods Mobility and handover issues Safety and driver assistance applications UAV Underwater communications Autonomous cooperative driving Social networks Internet of vehicles Standardization of protocols.