Practical IDS on In-vehicle Network Against Diversified Attack Models

Junchao Xiao; Hao Wu; Xiangxue Li; Yuan Linghu

doi:10.1007/978-3-030-38961-1_40

Practical IDS on In-vehicle Network Against Diversified Attack Models

Junchao Xiao
, Hao Wu
, Xiangxue Li^*
, Yuan Linghu

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

Original language	English
Title of host publication	Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings
Editors	Sheng Wen, Albert Zomaya, Laurence T. Yang
Publisher	Springer
Pages	456-466
Number of pages	11
ISBN (Print)	9783030389604
DOIs	https://doi.org/10.1007/978-3-030-38961-1_40
State	Published - 2020
Event	19th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2019 - Melbourne, Australia Duration: 9 Dec 2019 → 11 Dec 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11945 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2019
Country/Territory	Australia
City	Melbourne
Period	9/12/19 → 11/12/19

Keywords

Autoencoder
In-vehicle network
Intrusion detection systems

Access to Document

10.1007/978-3-030-38961-1_40

Cite this

Xiao, J., Wu, H., Li, X., & Linghu, Y. (2020). Practical IDS on In-vehicle Network Against Diversified Attack Models. In S. Wen, A. Zomaya, & L. T. Yang (Eds.), Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings (pp. 456-466). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11945 LNCS). Springer. https://doi.org/10.1007/978-3-030-38961-1_40

Xiao, Junchao ; Wu, Hao ; Li, Xiangxue et al. / Practical IDS on In-vehicle Network Against Diversified Attack Models. Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings. editor / Sheng Wen ; Albert Zomaya ; Laurence T. Yang. Springer, 2020. pp. 456-466 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{31ebfe66232b4cea85a40f7dd8c9362e,

title = "Practical IDS on In-vehicle Network Against Diversified Attack Models",

abstract = "A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).",

keywords = "Autoencoder, In-vehicle network, Intrusion detection systems",

author = "Junchao Xiao and Hao Wu and Xiangxue Li and Yuan Linghu",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 19th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2019 ; Conference date: 09-12-2019 Through 11-12-2019",

year = "2020",

doi = "10.1007/978-3-030-38961-1\_40",

language = "英语",

isbn = "9783030389604",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "456--466",

editor = "Sheng Wen and Albert Zomaya and Yang, \{Laurence T.\}",

booktitle = "Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings",

address = "德国",

}

Xiao, J, Wu, H, Li, X & Linghu, Y 2020, Practical IDS on In-vehicle Network Against Diversified Attack Models. in S Wen, A Zomaya & LT Yang (eds), Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11945 LNCS, Springer, pp. 456-466, 19th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2019, Melbourne, Australia, 9/12/19. https://doi.org/10.1007/978-3-030-38961-1_40

Practical IDS on In-vehicle Network Against Diversified Attack Models. / Xiao, Junchao; Wu, Hao; Li, Xiangxue et al.
Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings. ed. / Sheng Wen; Albert Zomaya; Laurence T. Yang. Springer, 2020. p. 456-466 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11945 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Practical IDS on In-vehicle Network Against Diversified Attack Models

AU - Xiao, Junchao

AU - Wu, Hao

AU - Li, Xiangxue

AU - Linghu, Yuan

PY - 2020

Y1 - 2020

N2 - A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

AB - A vehicle bus is a specialized internal communication network that interconnects components inside a vehicle. The Controller Area Network (CAN bus), a robust vehicle bus standard, allows microcontrollers and devices to communicate with each other. The community has seen many security breach examples that exploit CAN functionalities and other in-vehicle flaws. Intrusion detection systems (IDSs) on in-vehicle network are advantageous in monitoring CAN traffic and suspicious activities. Whereas, existing IDSs on in-vehicle network only support one or two attack models, and identifying abnormal in-vehicle CAN traffic against diversified attack models with better performance is more expected as can be then implemented practically. In this paper, we propose an intrusion detection system that can detect many different attacks. The method analyzes the CAN traffic generated by the in-vehicle network in real time and identifies the abnormal state of the vehicle practically. Our proposal fuses the autoencoder trick to the SVM model. More precisely, we introduce to the system an autoencoder that learns to compress CAN traffic data into extracted features (which can be uncompressed to closely match the original data). Then, the support vector machine is trained on the features to detect abnormal traffic. We show detailed model parameter configuration by adopting several concrete attacks. Experimental results demonstrate better detection performance (than existing proposals).

KW - Autoencoder

KW - In-vehicle network

KW - Intrusion detection systems

UR - https://www.scopus.com/pages/publications/85082124424

U2 - 10.1007/978-3-030-38961-1_40

DO - 10.1007/978-3-030-38961-1_40

M3 - 会议稿件

AN - SCOPUS:85082124424

SN - 9783030389604

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 456

EP - 466

BT - Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings

A2 - Wen, Sheng

A2 - Zomaya, Albert

A2 - Yang, Laurence T.

PB - Springer

T2 - 19th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2019

Y2 - 9 December 2019 through 11 December 2019

ER -

Xiao J, Wu H, Li X, Linghu Y. Practical IDS on In-vehicle Network Against Diversified Attack Models. In Wen S, Zomaya A, Yang LT, editors, Algorithms and Architectures for Parallel Processing - 19th International Conference, ICA3PP 2019, Proceedings. Springer. 2020. p. 456-466. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-38961-1_40

Practical IDS on In-vehicle Network Against Diversified Attack Models

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this