The Internet of Vehicles (IoV) is a network of interconnected vehicles that use modern communication technologies to communicate with each other and the surrounding infrastructure. The IoV is a novel network that experiences a continuous emergence and evolution of various forms of attacks. This research addresses the growing challenge of detecting zero-day botnet attacks within the IoV, a complex network that enhances real-time communication among vehicles and surrounding infrastructure to improve traffic management, safety, and driving experiences. Traditional machine learning-based intrusion detection systems (IDS) for IoV face two key limitations: the requirement for large labeled datasets and the “black box” issue, where the reasoning behind model decisions is not transparent, reducing user and stakeholder confidence. To solve these problems, this research proposes an eXplainable Artificial Intelligence (XAI) Ensemble Transfer Learning (TL) model specifically for detecting zero-day attacks in IoV. The proposed model integrates deep Shapley Additive Explanations (SHAP), providing transparency and making decisions understandable to cybersecurity professionals. Additionally, the model employs hybrid bidirectional long-short-term memory with autoencoders (BiLAE) to reduce the dimensionality of IoV network traffic, improving computational efficiency. It also uses Barnacle Mating Optimizer (BMO) to optimize the hyper-parameters of deep learning models such as ResNet, Inception, Inception ResNet, and MobileNet Convolution neural network-transfer learning architecture (CNN-TL), enhancing detection capabilities without needing vast amounts of labeled data. Experimental results showed that the model performed with an accuracy of 100 %, precision of 100 %, recall of 100 %, F1-score of 100 %, and Matthew Correlation Coefficient of 100 % in binary-class situations for internal vehicular (CAN) networks and achieved 99.88 % accuracy and similarly high metrics in multi-class scenarios for external vehicular networks(N-BaIoT). Compared to state-of-the-art techniques, the model proved to be more effective in detecting zero-day botnet attacks, reducing reliance on large datasets. Unlike traditional black-box models, the XAI component of the ensemble model offers insight into the decision-making process. It allows network administrators and security experts to understand how specific patterns in the data contribute to detection, making the system more transparent. The solution is highly adaptable and scalable for real-time application, designed to operate efficiently even on IoV gateway electronic control units with limited computational power.
Read full abstract