Abstract
Connected cars offer safety and efficiency for both individuals and fleets of private vehicles and public transportation companies. However, equipping vehicles with information and communication technologies raises privacy and security concerns, which significantly threaten the user’s data and life. Using bot malware, a hacker may compromise a vehicle and control it remotely, for instance, he can disable breaks or start the engine remotely. In this paper, besides in-vehicle attacks existing in the literature, we consider new zero-day bot malware attacks specific to the vehicular context, WSMP-Flood, and Geo-WSMP Flood. Then, we propose AntibotV, a multilevel behaviour-based framework for vehicular botnets detection in vehicular networks. The proposed framework combines two main modules for attack detection, the first one monitors the vehicle’s activity at the network level, whereas the second one monitors the in-vehicle activity. The two intrusion detection modules have been trained on a historical network and in-vehicle communication using decision tree algorithms. The experimental results showed that the proposed framework outperforms existing solutions, it achieves a detection rate higher than 97% and a false positive rate lower than 0.14%.
Similar content being viewed by others
References
Lee, E.-K., Gerla, M., Pau, G., Lee, I., Lim, J.-H.: Internet of vehicles: from intelligent grid to autonomous cars and vehicular fogs. Int. J. Distrib. Sens. Netw. 12(9), 1550147716665500 (2016)
Krishnan, H., Bai, F. Holland, G.: Commercial and public use applications. In Vehicular Networking, pp 1–28. Wiley (2010)
Todorova, M., Stoyanova, T., Stamelina, T.: DDOS attack detection in SDN-based vanet architectures. Master. Appl. Sci. 6, 175 (2016)
Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based iot: challenges. IEEE Commun. Mag. 55(1), 26–33 (2017)
Tyagi, P., Dembla, D.: Investigating the security threats in vehicular ad hoc networks (vanets): towards security engineering for safer on-road transportation. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2084–2090. IEEE (2014)
Liu, J., Zhang, S., Sun, W., Shi, Y.: In-vehicle network attacks and countermeasures: challenges and future directions. IEEE Netw. 31(5), 50–58 (2017)
Garip, M.T., Reiher, P., Gerla, M.: Ghost: Concealing vehicular botnet communication in the vanet control channel. In: 2016 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1–6. IEEE (2016)
Garip, M.T., Lin, J., Reiher, P., Gerla, M.: Shieldnet: an adaptive detection mechanism against vehicular botnets in vanets. In: 2019 IEEE Vehicular Networking Conference (VNC), pp. 1–7. IEEE (2019)
Chen, M.-C., Chang, T.-W.: Introduction of vehicular network architectures. In: Telematics Communication Technologies and Vehicular Networks: Wireless Architectures and Applications, pp. 1–14. IGI Global (2010)
Zhou, J., Dong, X., Cao, Z., Vasilakos, A.V.: Secure and privacy preserving protocol for cloud-based vehicular DTNS. IEEE Trans. Inform. Forensics Secur. 10(6), 1299–1314 (2015)
Kenney, John B.: Dedicated short-range communications (DSRC) standards in the united states. Proc. IEEE 99(7), 1162–1182 (2011)
Ahmed, S.M., Ariffin, S.H.S., Fisal, N.: Overview of wireless access in vehicular environment (wave) protocols and standards. Environment 7, 8 (2013)
1609.4-2016 - ieee standard for wireless access in vehicular environments (wave) – multi-channel operation
Song, C.: Performance analysis of the IEEE 802.11 p multichannel mac protocol in vehicular ad hoc networks. Sensors 17(12), 2890 (2017)
1609.2-2016 - ieee standard for wireless access in vehicular environments–security services for applications and management messages
Hedges, C., Perry, F.: Overview and use of sae j2735 message sets for commercial vehicles. Technical report, SAE Technical Paper (2008)
Automotive electronic control unit market size, share, & trends analysis report by application, by propulsion type, by capacity, by vehicle type, by region, and segment forecasts, 2019–2025. https://www.grandviewresearch.com/industry-analysis/automotive-ecu-market. Accessed: 05 May 2021
Controller area network. http://www.esd-electronics-usa.com/Controller-Area-Network-CAN-Introduction.html. Accessed 09 Jan 2021
Botnet mirai. https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/. Accessed 08 Jan 2021
9 of history’s notable botnet attacks. https://www.whiteops.com/blog/9-of-the-most-notable-botnets. Accessed 09 Jan 2021
Corrêa, J., Ciarelli, P.M., Ribeiro, M.R.N., Villaça, R.S.: Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. J. Netw. Syst. Manage. 29(2), 1–28 (2021)
Agrawal, Neha, Tapaswi, Shashikala: An DSN-assisted defense mechanism for the shrew DDOS attack in a cloud computing environment. J. Netw. Syst. Manage. 29(2), 1–28 (2021)
Alhisnawi, Mohammad, Mahmood, Ahmadi: Detecting and mitigating DDOS attack in named data networking. J. Netw. Syst. Manage. 28, 1343–1365 (2020)
Rahal, Rabah, Korba, Abdelaziz Amara, Ghoualmi-Zine, Nacira: Towards the development of realistic dos dataset for intelligent transportation systems. Wirel. Personal Commun. 115(2), 1415–1444 (2020)
Otoum, Yazan, Nayak, Amiya: As-ids: Anomaly and signature based ids for the internet of things. J. Netw. Syst. Manag. 29(3), 1–26 (2021)
Oseni, A., Moustafa, N., Janicke, H., Liu, P., Tari, Z., Vasilakos, A.: Security and privacy for artificial intelligence: opportunities and challenges. arXiv preprint arXiv:2102.04661 (2021)
Liu, X., Xie, L., Wang, Y., Zou, J., Xiong, J., Ying, Z., Vasilakos, A.V.: Privacy and security issues in deep learning: a survey. IEEE Access (2020)
Dibaei, M., Zheng, X., Xia, Y., Xu, X., Jolfaei, A., Bashir, A.K., Tariq, U., Yu, D., Vasilakos, AV.: Investigating the prospect of leveraging blockchain and machine learning to secure vehicular networks: a survey. IEEE: Piscataway (2020)
Zhuo, D., Ghobadi, M., Mahajan, R., Förster, K.-T., Krishnamurthy, A., Anderson, T.: Understanding and mitigating packet corruption in data center networks. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM (2017)
Liu, D., Zhao, Y., Xu, H., Sun, Y., Pei, D., Luo, J., Jing, X., Feng, M.: Opprentice. In: Proceedings of the 2015 Internet Measurement Conference. ACM (2015)
Lakhina, Anukool, Crovella, Mark, Diot, Christophe: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34(4), 219–230 (2004)
Hu, J., Zhou, Z., Yang, X., Malone, J., Williams, J.W.: Cablemon: Improving the reliability of cable broadband networks via proactive network maintenance. In: 17th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 20), pp. 619–632 (2020)
Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: Proceedings of the 6th ACM SIGCOMM on Internet measurement-IMC 06. ACM Press (2006)
Biswas, R., Roy, S.: Botnet traffic identification using neural networks. Multimed. Tools Appl., pp 1–25 (2021)
Sinha, K., Viswanathan, A., Bunn, J.: Tracking temporal evolution of network activity for botnet detection. arXiv preprint arXiv:1908.03443 (2019)
Zhao, D., Traore, I., Sayed, B., Wei, L., Saad, S., Ghorbani, A., Garant, D.: Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur. 39, 2–16 (2013)
Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Botnet Detection, pp. 1–24. Springer (2008)
Ranjan, S.: Machine learning based botnet detection using real-time extracted traffic features, March 25. US Patent 8,682,812 (2014)
Ranjan, S., Chen, F.: Machine learning based botnet detection with dynamic adaptation, March 19. US Patent 8,402,543 (2013)
Ongtang, Machigar, McLaughlin, Stephen, Enck, William, McDaniel, Patrick: Semantically rich application-centric security in android. Secur. Commun. Netw. 5(6), 658–673 (2012)
Zhao, Min, Zhang, Tao, Ge, Fangbin, Yuan, Zhijian: Robotdroid: a lightweight malware detection framework on smartphones. J. Netw. 7(4), 715 (2012)
Andronio, N., Zanero, S., Maggi, F.: Heldroid: Dissecting and detecting mobile ransomware. In: International Symposium on Recent Advances in Intrusion Detection, pp. 382–404. Springer (2015)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 1–29 (2014)
Ni, J., Zhang, K. Vasilakos, A. V.: Challenges and solutions. In: IEEE Wireless Communications, Security and privacy for mobile edge caching (2020)
Ioulianou, P., Vasilakis, V., Moscholios, I., Logothetis, M.: A signature-based intrusion detection system for the internet of things. In: Information and Communication Technology Form (2018)
Dwyer, O., Marnerides, A., Giotsas, V., Mursh, T.: Profiling IoT-based botnet traffic using DNS. (2019)
Li, Wanting, Jin, Jian, Lee, Jong-Hyouk.: Analysis of botnet domain names for IoT cybersecurity. IEEE Access 7, 94658–94665 (2019)
Ridley, A., Abbas, R., Ponnurangam, P.: Machine leaning DNS data analysis for automated maliciousdomain classification. (2019)
Wazid, Mohammad, Das, Ashok Kumar, Bhat, Vivekananda, Vasilakos, Athanasios V.: Lam-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 102496 (2020)
Jangirala, S., Das, AK., Wazid, M., Vasilakos, A.V.: Designing secure user authentication protocol for big data collection in IoT-based intelligent transportation system. In: IEEE Internet of Things Journal (2020)
Bera, Basudeb, Saha, Sourav, Das, Ashok Kumar, Vasilakos, Athanasios V.: Designing blockchain-based access control protocol in IoT-enabled smart-grid system. IEEE Internet Things J. 8(7), 5744–5761 (2021)
Garip, M.T., Reiher, P., Gerla, M.: Botveillance: a vehicular botnet surveillance attack against pseudonymous systems in vanets. In: 2018 11th IFIP Wireless and Mobile Networking Conference (WMNC), pp. 1–8. IEEE (2018)
Garip, M.T., Gursoy, M.E. Reiher, P., Gerla, M.: Congestion attacks to autonomous cars using vehicular botnets. In: NDSS Workshop on Security of Emerging Networking Technologies (SENT), San Diego (2015)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H. Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T. et al. Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, volume 4, pp. 447–462. San Francisco (2011)
Siri. https://www.apple.com/siri/. Accessed: 08 Jan 2021
Ben, L.:. Malicious siri commands can be hidden in music and innocuous-sounding speech recordings, May (2018)
Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Laser-based audio injection attacks on voice-controllable systems, Light Commands (2019)
Murphy, M.: How google is secretly recording you through your mobile, monitoring millions of conversations every day and storing the creepy audio files (2017)
Thomas, Kévin, F., Hacéne, C., Stéphane, R.F.: C-its communications based on ble messages. In: GLOBECOM 2020-2020 IEEE Global Communications Conference, pp. 1–7. IEEE (2020)
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy, volume 10. Oakland (2010)
Wood, M., Erlinger, M.: Intrusion detection message exchange requirements. In: IETF, draft-ietf-idwg-requirements-10, (2002)
Ipv6 flow label specification. https://tools.ietf.org/html/rfc3697/. Accessed 08 Jan 2021
Controller area network (can) link laye. https://erg.abdn.ac.uk/users/gorry/eg3576/CAN-link.html. Accessed 08 Jan 2021
Sukru, Y.G., Sheng, Z., Gokul, A.A., Bilin, A.G., Levent, G.: Cooperative collision avoidance in a connected vehicle environment. Technical report, SAE Technical Paper (2019)
Ta, V.T., Dvir, A.: A secure road traffic congestion detection and notification concept based on v2i communications. Vehicular Commun. 25, 100283 (2020)
Liu, Y., Yao, Y., Liu, C., Chu, L., Liu, X.: A remote on-line diagnostic system for vehicles by integrating obd, gps and 3g techniques. In: Practical applications of intelligent systems, pp. 607–614. Springer (2011)
Tan, S.: Neighbor-weighted k-nearest neighbor for unbalanced text corpus. Expert Syst. Appl. 28(4), 667–671 (2005)
Pelk, H.: Machine learning, neural networks and algorithms. (2017)
Abirami, S., Chitra, P.: Energy-efficient edge based real-time healthcare support system. In: Advances in Computers, vol. 117, pp. 339–368. Elsevier (2020)
Seo, E., Song, H.M., Kim, H.K.: Gids: gan based intrusion detection system for in-vehicle network. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–6. IEEE (2018)
Krishnan, H., Bai, F., Holland, G.: Commercial and public use applications. Vehicular Netw. 4, 1–8 (2010)
Openstreetmap. https://www.openstreetmap.org/. Accessed 08 Jan 2021
Network simulator 3. https://www.nsnam.org/. Accessed 08 Jan 2021
Simulation of urban mobility. http://sumo.sourceforge.net/. Accessed 08 Jan 2021
Cicflowmeter. http://netflowmeter.ca/. Accessed 08 July 2019
Forward selection algorithm. http://rasbt.github.io/mlxtend/user_guide/feature_selection/SequentialFeatureSelector/. Accessed 08 July 2019
Linear-svc. https://scikit-learn.org/stable/modules/feature_selection.html#l1-based-feature-selection. Accessed 08 July 2019
Car-hacking dataset. http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset. Accessed 08 Jan 2021
Acknowledgements
This research is a result from PRFU project C00L07UN23 0120180009 funded in Algeria by La Direction Générale de la Recherche Scientifique et du Développement Technologique (DGRSDT).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Rahal, R., Amara Korba, A., Ghoualmi-Zine, N. et al. AntibotV: A Multilevel Behaviour-Based Framework for Botnets Detection in Vehicular Networks. J Netw Syst Manage 30, 15 (2022). https://doi.org/10.1007/s10922-021-09630-8
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-021-09630-8