Comparative Study of Machine Learning Methods for In-Vehicle Intrusion Detection
Abstract
An increasing amount of cyber-physical systems within modern cars, such as sensors, actuators, and their electronic control units are connected by in-vehicle networks and these in turn are connected to the evolving Internet of vehicles in order to provide “smart” features such as automatic driving assistance. The controller area network bus is commonly used to exchange data between different components of the vehicle, including safety critical systems as well as infotainment. As every connected controller broadcasts its data on this bus it is very susceptible to intrusion attacks which are enabled by the high interconnectivity and can be executed remotely using the Internet connection. This paper aims to evaluate relatively simple machine learning methods as well as deep learning methods and develop adaptations to the automotive domain in order to determine the validity of the observed data stream and identify potential security threats.
Keywords
Machine learning Automotive security Internet of vehicles Predictive security analysis System behavior analysis Security monitoring Intrusion detection Controller area network securityNotes
Acknowledgements
This research is partially supported by the German Federal Ministry of Education and Research in the context of the project secUnity (ID 16KIS0398) and by the Government of Russian Federation (Grant 08-08), by the budget (project No. AAAA-A16-116033110102-5).
References
- 1.Abadi, M., Agarwal, A., Barham, P., et al.: TensorFlow: large-scale machine learning on heterogeneous distributed systems. In: 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, pp. 265–284 (2016)Google Scholar
- 2.Brownlee, J.: How to convert a time series to a supervised learning problem in Python. https://machinelearningmastery.com/convert-time-series-supervised-learning-problem-python/ (2018). Accessed 28 June 2018
- 3.Cho, K., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, 10–12 August 2016, Austin, TX, USA, pp. 911–927. USENIX Association (2016)Google Scholar
- 4.Chockalingam, V., Larson, I., Lin, D., Nofzinger, S.: Detecting attacks on the CAN protocol with machine learning (2016)Google Scholar
- 5.Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: Voltageids: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114–2129 (2018)CrossRefGoogle Scholar
- 6.Chollet, F., et al.: Keras. https://github.com/keras-team/keras (2015)
- 7.Hacking and Countermeasure Research Lab (HCRL): Car-hacking dataset for the intrusion detection. http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset (2018). Accessed 28 June 2018
- 8.Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96, 11–25 (2011)CrossRefGoogle Scholar
- 9.Hunter, J.D.: Matplotlib: a 2D graphics environment. Comput. Sci. Eng. 9(3), 99–104 (2007)CrossRefGoogle Scholar
- 10.ICS-CERT: Advisory (ICSA-17-208-01). https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01, July 2017. Accessed 17 Sept 2018
- 11.Kang, M.J., Kang, J.W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring) (2016)Google Scholar
- 12.Kolomeets, M., Chechulin, A., Kotenko, I.: Visual analysis of CAN bus traffic injection using radial bar charts. In: Proceedings of the 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS-2018, Saint-Petersburg, Russia, pp. 841–846. IEEE (2018)Google Scholar
- 13.Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: 2008 IEEE on Intelligent Vehicles Symposium, pp. 220–225, June 2008Google Scholar
- 14.Levi, M., Allouche, Y., Kontorovich, A.: Advanced analytics for connected cars cyber security. CoRR abs/1711.01939 (2017)Google Scholar
- 15.Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of ID sequences. In: 2017 IEEE Intelligent Vehicles Symposium (IV), pp. 1577–1583, June 2017Google Scholar
- 16.McKinney, W.: Data structures for statistical computing in Python. In: Proceedings of the 9th Python in Science Conference 1697900(Scipy), pp. 51–56 (2010)Google Scholar
- 17.Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, IOActive Labs, August 2015Google Scholar
- 18.Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115, June 2011Google Scholar
- 19.Narayanan, S.N., Mittal, S., Joshi, A.: OBD SecureAlert: an anomaly detection system for vehicles. In: IEEE Workshop on Smart Service Systems, SmartSys 2016, May 2016Google Scholar
- 20.Oliphant, T.E.: Guide to NumPy. Methods 1, 378 (2010)Google Scholar
- 21.Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2012)MathSciNetzbMATHGoogle Scholar
- 22.Rieke, R., Seidemann, M., Talla, E.K., Zelle, D., Seeger, B.: Behavior analysis for safety and security in automotive systems. In: 2017 25nd Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 381–385. IEEE Computer Society, March 2017Google Scholar
- 23.Song, H., Kim, H., Kim, H.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, pp. 63–68. IEEE Computer Society, March 2016Google Scholar
- 24.Studnia, I., Alata, E., Nicomette, V., Kaâniche, M., Laarouchi, Y.: A language-based intrusion detection approach for automotive embedded networks. In: The 21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015, November 2014Google Scholar
- 25.Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., Laarouchi, Y.: Security of embedded automotive networks: state of the art and a research proposal. In: ROY, M. (ed.) SAFECOMP 2013 - Workshop CARS of the 32nd International Conference on Computer Safety, Reliability and Security, September 2013Google Scholar
- 26.Taylor, A., Leblanc, S.P., Japkowicz, N.: Probing the limits of anomaly detectors for automobiles with a cyber attack framework. IEEE Intell. Syst. PP(99), 1 (2018)Google Scholar
- 27.Theissler, A.: Anomaly detection in recordings from in-vehicle networks. In: Proceedings of Big Data Applications and Principles First International Workshop, BIGDAP 2014, 11–12 September 2014, Madrid, Spain (2014)Google Scholar
- 28.Waskom, M., Meyer, K., Hobson, P., Halchenko, Y., et al.: Seaborn: v0.5.0, November 2014Google Scholar
- 29.Wei, Z., Yang, Y., Rehana, Y., Wu, Y., Weng, J., Deng, R.H.: IoVShield: an efficient vehicular intrusion detection system for self-driving (short paper). In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 638–647. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_39CrossRefGoogle Scholar
- 30.Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars (July), pp. 1–13 (2004)Google Scholar