Skip to main content
SpringerLink
Log in

AntibotV: A Multilevel Behaviour-Based Framework for Botnets Detection in Vehicular Networks

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Connected cars offer safety and efficiency for both individuals and fleets of private vehicles and public transportation companies. However, equipping vehicles with information and communication technologies raises privacy and security concerns, which significantly threaten the user’s data and life. Using bot malware, a hacker may compromise a vehicle and control it remotely, for instance, he can disable breaks or start the engine remotely. In this paper, besides in-vehicle attacks existing in the literature, we consider new zero-day bot malware attacks specific to the vehicular context, WSMP-Flood, and Geo-WSMP Flood. Then, we propose AntibotV, a multilevel behaviour-based framework for vehicular botnets detection in vehicular networks. The proposed framework combines two main modules for attack detection, the first one monitors the vehicle’s activity at the network level, whereas the second one monitors the in-vehicle activity. The two intrusion detection modules have been trained on a historical network and in-vehicle communication using decision tree algorithms. The experimental results showed that the proposed framework outperforms existing solutions, it achieves a detection rate higher than 97% and a false positive rate lower than 0.14%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Lee, E.-K., Gerla, M., Pau, G., Lee, I., Lim, J.-H.: Internet of vehicles: from intelligent grid to autonomous cars and vehicular fogs. Int. J. Distrib. Sens. Netw. 12(9), 1550147716665500 (2016)

    Article  Google Scholar 

  2. Krishnan, H., Bai, F. Holland, G.: Commercial and public use applications. In Vehicular Networking, pp 1–28. Wiley (2010)

  3. Todorova, M., Stoyanova, T., Stamelina, T.: DDOS attack detection in SDN-based vanet architectures. Master. Appl. Sci. 6, 175 (2016)

    Google Scholar 

  4. Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based iot: challenges. IEEE Commun. Mag. 55(1), 26–33 (2017)

    Article  Google Scholar 

  5. Tyagi, P., Dembla, D.: Investigating the security threats in vehicular ad hoc networks (vanets): towards security engineering for safer on-road transportation. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2084–2090. IEEE (2014)

  6. Liu, J., Zhang, S., Sun, W., Shi, Y.: In-vehicle network attacks and countermeasures: challenges and future directions. IEEE Netw. 31(5), 50–58 (2017)

    Article  Google Scholar 

  7. Garip, M.T., Reiher, P., Gerla, M.: Ghost: Concealing vehicular botnet communication in the vanet control channel. In: 2016 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1–6. IEEE (2016)

  8. Garip, M.T., Lin, J., Reiher, P., Gerla, M.: Shieldnet: an adaptive detection mechanism against vehicular botnets in vanets. In: 2019 IEEE Vehicular Networking Conference (VNC), pp. 1–7. IEEE (2019)

  9. Chen, M.-C., Chang, T.-W.: Introduction of vehicular network architectures. In: Telematics Communication Technologies and Vehicular Networks: Wireless Architectures and Applications, pp. 1–14. IGI Global (2010)

  10. Zhou, J., Dong, X., Cao, Z., Vasilakos, A.V.: Secure and privacy preserving protocol for cloud-based vehicular DTNS. IEEE Trans. Inform. Forensics Secur. 10(6), 1299–1314 (2015)

    Article  Google Scholar 

  11. Kenney, John B.: Dedicated short-range communications (DSRC) standards in the united states. Proc. IEEE 99(7), 1162–1182 (2011)

    Article  Google Scholar 

  12. Ahmed, S.M., Ariffin, S.H.S., Fisal, N.: Overview of wireless access in vehicular environment (wave) protocols and standards. Environment 7, 8 (2013)

    Google Scholar 

  13. 1609.4-2016 - ieee standard for wireless access in vehicular environments (wave) – multi-channel operation

  14. Song, C.: Performance analysis of the IEEE 802.11 p multichannel mac protocol in vehicular ad hoc networks. Sensors 17(12), 2890 (2017)

    Article  Google Scholar 

  15. 1609.2-2016 - ieee standard for wireless access in vehicular environments–security services for applications and management messages

  16. Hedges, C., Perry, F.: Overview and use of sae j2735 message sets for commercial vehicles. Technical report, SAE Technical Paper (2008)

  17. Automotive electronic control unit market size, share, & trends analysis report by application, by propulsion type, by capacity, by vehicle type, by region, and segment forecasts, 2019–2025. https://www.grandviewresearch.com/industry-analysis/automotive-ecu-market. Accessed: 05 May 2021

  18. Controller area network. http://www.esd-electronics-usa.com/Controller-Area-Network-CAN-Introduction.html. Accessed 09 Jan 2021

  19. Botnet mirai. https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/. Accessed 08 Jan 2021

  20. 9 of history’s notable botnet attacks. https://www.whiteops.com/blog/9-of-the-most-notable-botnets. Accessed 09 Jan 2021

  21. Corrêa, J., Ciarelli, P.M., Ribeiro, M.R.N., Villaça, R.S.: Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. J. Netw. Syst. Manage. 29(2), 1–28 (2021)

    Article  Google Scholar 

  22. Agrawal, Neha, Tapaswi, Shashikala: An DSN-assisted defense mechanism for the shrew DDOS attack in a cloud computing environment. J. Netw. Syst. Manage. 29(2), 1–28 (2021)

    Article  Google Scholar 

  23. Alhisnawi, Mohammad, Mahmood, Ahmadi: Detecting and mitigating DDOS attack in named data networking. J. Netw. Syst. Manage. 28, 1343–1365 (2020)

    Article  Google Scholar 

  24. Rahal, Rabah, Korba, Abdelaziz Amara, Ghoualmi-Zine, Nacira: Towards the development of realistic dos dataset for intelligent transportation systems. Wirel. Personal Commun. 115(2), 1415–1444 (2020)

    Article  Google Scholar 

  25. Otoum, Yazan, Nayak, Amiya: As-ids: Anomaly and signature based ids for the internet of things. J. Netw. Syst. Manag. 29(3), 1–26 (2021)

    Article  Google Scholar 

  26. Oseni, A., Moustafa, N., Janicke, H., Liu, P., Tari, Z., Vasilakos, A.: Security and privacy for artificial intelligence: opportunities and challenges. arXiv preprint arXiv:2102.04661 (2021)

  27. Liu, X., Xie, L., Wang, Y., Zou, J., Xiong, J., Ying, Z., Vasilakos, A.V.: Privacy and security issues in deep learning: a survey. IEEE Access (2020)

  28. Dibaei, M., Zheng, X., Xia, Y., Xu, X., Jolfaei, A., Bashir, A.K., Tariq, U., Yu, D., Vasilakos, AV.: Investigating the prospect of leveraging blockchain and machine learning to secure vehicular networks: a survey. IEEE: Piscataway (2020)

  29. Zhuo, D., Ghobadi, M., Mahajan, R., Förster, K.-T., Krishnamurthy, A., Anderson, T.: Understanding and mitigating packet corruption in data center networks. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM (2017)

  30. Liu, D., Zhao, Y., Xu, H., Sun, Y., Pei, D., Luo, J., Jing, X., Feng, M.: Opprentice. In: Proceedings of the 2015 Internet Measurement Conference. ACM (2015)

  31. Lakhina, Anukool, Crovella, Mark, Diot, Christophe: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34(4), 219–230 (2004)

    Article  Google Scholar 

  32. Hu, J., Zhou, Z., Yang, X., Malone, J., Williams, J.W.: Cablemon: Improving the reliability of cable broadband networks via proactive network maintenance. In: 17th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 20), pp. 619–632 (2020)

  33. Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM on Internet measurement-IMC 06. ACM Press (2006)

  34. Biswas, R., Roy, S.: Botnet traffic identification using neural networks. Multimed. Tools Appl., pp 1–25 (2021)

  35. Sinha, K., Viswanathan, A., Bunn, J.: Tracking temporal evolution of network activity for botnet detection. arXiv preprint arXiv:1908.03443 (2019)

  36. Zhao, D., Traore, I., Sayed, B., Wei, L., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)

    Article  Google Scholar 

  37. Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Botnet Detection, pp. 1–24. Springer (2008)

  38. Ranjan, S.: Machine learning based botnet detection using real-time extracted traffic features, March 25. US Patent 8,682,812 (2014)

  39. Ranjan, S., Chen, F.: Machine learning based botnet detection with dynamic adaptation, March 19. US Patent 8,402,543 (2013)

  40. Ongtang, Machigar, McLaughlin, Stephen, Enck, William, McDaniel, Patrick: Semantically rich application-centric security in android. Secur. Commun. Netw. 5(6), 658–673 (2012)

    Article  Google Scholar 

  41. Zhao, Min, Zhang, Tao, Ge, Fangbin, Yuan, Zhijian: Robotdroid: a lightweight malware detection framework on smartphones. J. Netw. 7(4), 715 (2012)

    Google Scholar 

  42. Andronio, N., Zanero, S., Maggi, F.: Heldroid: Dissecting and detecting mobile ransomware. In: International Symposium on Recent Advances in Intrusion Detection, pp. 382–404. Springer (2015)

  43. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 1–29 (2014)

    Article  Google Scholar 

  44. Ni, J., Zhang, K. Vasilakos, A. V.: Challenges and solutions. In: IEEE Wireless Communications, Security and privacy for mobile edge caching (2020)

  45. Ioulianou, P., Vasilakis, V., Moscholios, I., Logothetis, M.: A signature-based intrusion detection system for the internet of things. In: Information and Communication Technology Form (2018)

  46. Dwyer, O., Marnerides, A., Giotsas, V., Mursh, T.: Profiling IoT-based botnet traffic using DNS. (2019)

  47. Li, Wanting, Jin, Jian, Lee, Jong-Hyouk.: Analysis of botnet domain names for IoT cybersecurity. IEEE Access 7, 94658–94665 (2019)

    Article  Google Scholar 

  48. Ridley, A., Abbas, R., Ponnurangam, P.: Machine leaning DNS data analysis for automated maliciousdomain classification. (2019)

  49. Wazid, Mohammad, Das, Ashok Kumar, Bhat, Vivekananda, Vasilakos, Athanasios V.: Lam-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 102496 (2020)

    Article  Google Scholar 

  50. Jangirala, S., Das, AK., Wazid, M., Vasilakos, A.V.: Designing secure user authentication protocol for big data collection in IoT-based intelligent transportation system. In: IEEE Internet of Things Journal (2020)

  51. Bera, Basudeb, Saha, Sourav, Das, Ashok Kumar, Vasilakos, Athanasios V.: Designing blockchain-based access control protocol in IoT-enabled smart-grid system. IEEE Internet Things J. 8(7), 5744–5761 (2021)

    Article  Google Scholar 

  52. Garip, M.T., Reiher, P., Gerla, M.: Botveillance: a vehicular botnet surveillance attack against pseudonymous systems in vanets. In: 2018 11th IFIP Wireless and Mobile Networking Conference (WMNC), pp. 1–8. IEEE (2018)

  53. Garip, M.T., Gursoy, M.E. Reiher, P., Gerla, M.: Congestion attacks to autonomous cars using vehicular botnets. In: NDSS Workshop on Security of Emerging Networking Technologies (SENT), San Diego (2015)

  54. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H. Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T. et al. Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, volume 4, pp. 447–462. San Francisco (2011)

  55. Siri. https://www.apple.com/siri/. Accessed: 08 Jan 2021

  56. Ben, L.:. Malicious siri commands can be hidden in music and innocuous-sounding speech recordings, May (2018)

  57. Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Laser-based audio injection attacks on voice-controllable systems, Light Commands (2019)

  58. Murphy, M.: How google is secretly recording you through your mobile, monitoring millions of conversations every day and storing the creepy audio files (2017)

  59. Thomas, Kévin, F., Hacéne, C., Stéphane, R.F.: C-its communications based on ble messages. In: GLOBECOM 2020-2020 IEEE Global Communications Conference, pp. 1–7. IEEE (2020)

  60. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy, volume 10. Oakland (2010)

  61. Wood, M., Erlinger, M.: Intrusion detection message exchange requirements. In: IETF, draft-ietf-idwg-requirements-10, (2002)

  62. Ipv6 flow label specification. https://tools.ietf.org/html/rfc3697/. Accessed 08 Jan 2021

  63. Controller area network (can) link laye. https://erg.abdn.ac.uk/users/gorry/eg3576/CAN-link.html. Accessed 08 Jan 2021

  64. Sukru, Y.G., Sheng, Z., Gokul, A.A., Bilin, A.G., Levent, G.: Cooperative collision avoidance in a connected vehicle environment. Technical report, SAE Technical Paper (2019)

  65. Ta, V.T., Dvir, A.: A secure road traffic congestion detection and notification concept based on v2i communications. Vehicular Commun. 25, 100283 (2020)

    Article  Google Scholar 

  66. Liu, Y., Yao, Y., Liu, C., Chu, L., Liu, X.: A remote on-line diagnostic system for vehicles by integrating obd, gps and 3g techniques. In: Practical applications of intelligent systems, pp. 607–614. Springer (2011)

  67. Tan, S.: Neighbor-weighted k-nearest neighbor for unbalanced text corpus. Expert Syst. Appl. 28(4), 667–671 (2005)

    Article  Google Scholar 

  68. Pelk, H.: Machine learning, neural networks and algorithms. (2017)

  69. Abirami, S., Chitra, P.: Energy-efficient edge based real-time healthcare support system. In: Advances in Computers, vol. 117, pp. 339–368. Elsevier (2020)

  70. Seo, E., Song, H.M., Kim, H.K.: Gids: gan based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–6. IEEE (2018)

  71. Krishnan, H., Bai, F., Holland, G.: Commercial and public use applications. Vehicular Netw. 4, 1–8 (2010)

    Google Scholar 

  72. Openstreetmap. https://www.openstreetmap.org/. Accessed 08 Jan 2021

  73. Network simulator 3. https://www.nsnam.org/. Accessed 08 Jan 2021

  74. Simulation of urban mobility. http://sumo.sourceforge.net/. Accessed 08 Jan 2021

  75. Cicflowmeter. http://netflowmeter.ca/. Accessed 08 July 2019

  76. Forward selection algorithm. http://rasbt.github.io/mlxtend/user_guide/feature_selection/SequentialFeatureSelector/. Accessed 08 July 2019

  77. Linear-svc. https://scikit-learn.org/stable/modules/feature_selection.html#l1-based-feature-selection. Accessed 08 July 2019

  78. Car-hacking dataset. http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset. Accessed 08 Jan 2021

Download references

Acknowledgements

This research is a result from PRFU project C00L07UN23 0120180009 funded in Algeria by La Direction Générale de la Recherche Scientifique et du Développement Technologique (DGRSDT).

Author information

Authors and Affiliations

  1. Networks and Systems Laboratory (LRS), Badji Mokhtar-Annaba University, Annaba, Algeria

    Rabah Rahal, Abdelaziz Amara Korba & Nacira Ghoualmi-Zine

  2. Laboratory of Methods of Systems Design (LMCS), Ecole Nationale Supérieure d’Informatique (ESI), Algiers, Algeria

    Yacine Challal

  3. Laboratory of Informatics, Image and Interaction (L3i), University of La Rochelle, La Rochelle, France

    Mohamed Yacine Ghamri-Doudane

Authors
  1. Rabah Rahal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelaziz Amara Korba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nacira Ghoualmi-Zine
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yacine Challal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohamed Yacine Ghamri-Doudane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rabah Rahal.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rahal, R., Amara Korba, A., Ghoualmi-Zine, N. et al. AntibotV: A Multilevel Behaviour-Based Framework for Botnets Detection in Vehicular Networks. J Netw Syst Manage 30, 15 (2022). https://doi.org/10.1007/s10922-021-09630-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-021-09630-8

Keywords

Search

Navigation