TY - GEN
T1 - Weighted local outlier factor for detecting anomaly on in-vehicle network
AU - Linghu, Yuan
AU - Xu, Ming
AU - Li, Xiangxue
AU - Qian, Haifeng
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - Modern vehicles are generally equipped with dozens of (or even hundreds of) electronic and intelligent devices and bloom into more involved information hub in enabling V2X networking. Protecting this increasingly complex vehicle ecosystem can be an arduous task, especially as the proliferation of data across distinct connected devices makes them more vulnerable than ever before. Intrusion detection systems (IDSs) have been found extremely rewarding in monitoring in-vehicle network traffic and detecting potential intrusions. The paper presents WLOF-InV, a novel unsupervised method based on local density for IDS on in-vehicle network. Given historical in-vehicle data of message identifiers, WLOF-InV first segments the traffic into a slice of (e.g., m) sliding windows. For each sliding window, WLOF-InV exerts information gain to select features for dimensionality reduction and squeezes out n features which are then bundled together to form a row vector and eventually gets an m×n matrix. WLOF-InV then adaptively determines the hyperparameters for local outlier factor (LOF) model (optimizing the scores for ranking the training data and the cutoff position for anomalies). In online detection, WLOF-InV determines the features by the information gain and invokes abnormal score weighting mode (which weights the LOF value of each dimension data by entropy method) to obtain the complete LOF score (of the overall traffic), and thereby grabs the anomaly traffic by resorting to the adjusted model. WLOF-InV is validated on the real data of three attack types (DoS, fuzzy, and impersonation). Experimental results demonstrate that WLOF-InV contrives next to optimal performance.
AB - Modern vehicles are generally equipped with dozens of (or even hundreds of) electronic and intelligent devices and bloom into more involved information hub in enabling V2X networking. Protecting this increasingly complex vehicle ecosystem can be an arduous task, especially as the proliferation of data across distinct connected devices makes them more vulnerable than ever before. Intrusion detection systems (IDSs) have been found extremely rewarding in monitoring in-vehicle network traffic and detecting potential intrusions. The paper presents WLOF-InV, a novel unsupervised method based on local density for IDS on in-vehicle network. Given historical in-vehicle data of message identifiers, WLOF-InV first segments the traffic into a slice of (e.g., m) sliding windows. For each sliding window, WLOF-InV exerts information gain to select features for dimensionality reduction and squeezes out n features which are then bundled together to form a row vector and eventually gets an m×n matrix. WLOF-InV then adaptively determines the hyperparameters for local outlier factor (LOF) model (optimizing the scores for ranking the training data and the cutoff position for anomalies). In online detection, WLOF-InV determines the features by the information gain and invokes abnormal score weighting mode (which weights the LOF value of each dimension data by entropy method) to obtain the complete LOF score (of the overall traffic), and thereby grabs the anomaly traffic by resorting to the adjusted model. WLOF-InV is validated on the real data of three attack types (DoS, fuzzy, and impersonation). Experimental results demonstrate that WLOF-InV contrives next to optimal performance.
KW - Anomaly detection
KW - CAN data
KW - Local outlier factor
KW - Weights
UR - https://www.scopus.com/pages/publications/85104675746
U2 - 10.1109/MSN50589.2020.00082
DO - 10.1109/MSN50589.2020.00082
M3 - 会议稿件
AN - SCOPUS:85104675746
T3 - Proceedings - 2020 16th International Conference on Mobility, Sensing and Networking, MSN 2020
SP - 479
EP - 487
BT - Proceedings - 2020 16th International Conference on Mobility, Sensing and Networking, MSN 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th International Conference on Mobility, Sensing and Networking, MSN 2020
Y2 - 17 December 2020 through 19 December 2020
ER -