Abstract
The diffusion of embedded and portable communication devices on modern vehicles entails new security risks since in-vehicle communication protocols are still insecure and vulnerable to attacks. Increasing interest is being given to the implementation of automotive cybersecurity systems. In this work we propose an efficient and high-performing intrusion detection system based on an unsupervised Kohonen Self-Organizing Map (SOM) network, to identify attack messages sent on a Controller Area Network (CAN) bus. The SOM network found a wide range of applications in intrusion detection because of its features of high detection rate, short training time, and high versatility. We propose to extend the SOM network to intrusion detection on in-vehicle CAN buses. Many hybrid approaches were proposed to combine the SOM network with other clustering methods, such as the k-means algorithm, in order to improve the accuracy of the model. We introduced a novel distance-based procedure to integrate the SOM network with the K-means algorithm and compared it with the traditional procedure. The models were tested on a car hacking dataset concerning traffic data messages sent on a CAN bus, characterized by a large volume of traffic with a low number of features and highly imbalanced data distribution. The experimentation showed that the proposed method greatly improved detection accuracy over the traditional approach.
Highlights
The automotive sector has been undergoing a radical transformation in recent years
A cybersecurity solution need not to be limited using a single architecture [32] or a single model [33], and in accordance with that, our research investigates the cybersecurity solutions which propose a distance-based intrusion detection system based on an unsupervised Kohonen Self-Organizing Map (SOM) network
In this work we propose a distance-based intrusion detection system based on an unsupervised Kohonen SOM network
Summary
The automotive sector has been undergoing a radical transformation in recent years. Vehicles’ cyber–physical systems are partially or totally controlled by software run by electronic devices increasingly interconnected with the outside world through networks of various types [1]. There are several access points [6] that an attacker can use to try to compromise the security of the vehicle: connections to smartphones; USB inputs; the mobile network to receive information, transmit data, and make calls to external services [7,8]; Wi-Fi connections that can be used to connect other mobile devices on board the vehicle Those are just some of the known channels [9] and in this scenario, continuous software improvements [10,11] become necessary in order to detect and respond in time to possible attacks. Proper methods and tools capable of managing the complexity [12] can guarantee the protection of the vehicle, and and above all, that of the people
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
