Abstract
With recent advancements in the automotive world and the introduction of autonomous vehicles, automotive security has become a real and important issue. Modern vehicles have tens of Electronic Control Units (ECUs) connected to in-vehicle networks. As a de facto standard for in-vehicle network communication, the Controller Area Network (CAN) has become a target of cyber attacks. Anomaly-based Intrusion Detection System (IDS) is considered as an effective approach to secure CAN and detect malicious attacks. Currently, there are two primary approaches used for intrusion detection: rule-based and machine learning-based. Rule-based approach is efficient but limited in the detection accuracy while machine learning-based detection has comparably higher detection accuracy but higher computation cost at the same time. In this paper, we propose a novel hybrid IDS that combines the benefits of both rule-based and machine learning-based approaches. More specifically, we use machine learning methods to achieve a high detection rate while keeping the low computational requirement by offsetting the detection with a rule-based component. Our experiments with CAN traces collected from four different vehicle models demonstrate the effectiveness and efficiency of the proposed hybrid IDS.
Highlights
The transportation industry is experiencing a revolutionary transformation led by the rapid development in autonomous and connected vehicle technologies together with powerful new mobility services
The 6-bit Control Field reserves 2 bits for future use, and the other 4 bits are used for the data length code (DLC) that indicates the number of bytes in the data field
Root cause analysis: When a message is recognized as malicious, our Intrusion Detection System (IDS) can respond by raising an alarm
Summary
The transportation industry is experiencing a revolutionary transformation led by the rapid development in autonomous and connected vehicle technologies together with powerful new mobility services. Machine learning-based IDSs usually involve high computing costs They can be ineffective in detecting certain types of attacks, such as the drop attack, which are critical attacks that can be more acute. DNN-based detection in the second stage is used to detect attack messages that fall out of the scope covered by the rules in the first stage This hybrid design allows our IDS to detect various types of attacks efficiently and effectively, which cannot be achieved by any individual detection method in this system. We use advanced machine learning in the second stage to detect sophisticated attacks that can evade the first stage This hybrid IDS detects various types of attacks, which cannot be achieved by each individual detection method.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
