Skip to main content
SpringerLink
Log in

Robust anomaly-based intrusion detection system for in-vehicle network by graph neural network framework

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

With the development of Internet of Vehicles (IoVs) techniques, many emerging technologies and their applications are integrated with IoVs. The application of these new technologies requires vehicles to communicate with external networks frequently, which makes the in-vehicle network more vulnerable to hacker attacks. It is imperative to detect hacker attacks on in-vehicle networks. A control area network graph attention networks (CAN-GAT) model is proposed to implement the anomaly detection of in-vehicle networks, and a graph neural network (GNN) anomaly-based detection framework using graph convolution, graph attention and CAN-GAT network model for in-vehicle network based on CAN bus is presented. In this detection framework, a graph is designed with the traffic on the CAN bus to capture the correlation between the change of the traffic bytes and the state of other traffic bytes effectively and help improve the detection accuracy and efficiency. Compared simulation experiments are conducted to test the proposed model, and the obtained model performance metrics results show that the CAN-GAT-2 model based on two-layer CAN-GAT achieves better performance. In addition, the visualization and quantitative analysis methods are used to explain how can the attention mechanism of CAN-GAT-2 improve the performance, which can help to construct better GNNs in anomaly detection of in-vehicle network. The model performance evaluation results show that CAN-GAT-2 achieved improved accuracy among the compared baseline methods, and has good detection speed performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Notes

  1. The CAN Bus Message Dataset used herein includes two public datasets. Their URLs are http://ocslab.hksecurity.net/Dataset/CAN-intrusion-dataset, and http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset, respectively.

References

  1. Tuohy S, Glavin M, Hughes C, Jones E, Trivedi M, Kilmartin L (2015) Intra-vehicle networks: A review. IEEE Trans Intell Transp Syst 16(2):534–545. https://doi.org/10.1109/TITS.2014.2320605

    Article  Google Scholar 

  2. Fröschle S, Stühring A (2017) Analyzing the capabilities of the CAN attacker. In: Simon N, Foley DG, Snekkenes E (eds) Computer Security – ESORICS 2017, pp. 464–482. Springer International Publishing, Cham. https://doi.org/10.1007/978-3-319-66402-6n_27

  3. Marchetti M, Stabili D (2019) READ: Reverse engineering of automotive data frames. IEEE Transactions on Information Forensics and Security 14(4):1083–1097. https://doi.org/10.1109/TIFS.2018.2870826https://doi.org/10.1109/TIFS.2018.2870826

    Article  Google Scholar 

  4. Woo S, Jo HJ, Lee DH (2015) A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans Intell Transp Syst 16(2):993–1006. https://doi.org/10.1109/TITS.2014.2351612https://doi.org/10.1109/TITS.2014.2351612

    Google Scholar 

  5. Wu W, Kurachi R, Zeng G, Matsubara Y, Takada H, Li R, Li K (2018) IDH-CAN: A hardware-based ID hopping CAN mechanism with enhanced security for automotive real-time applications. IEEE Access 6:54607–54623. https://doi.org/10.1109/ACCESS.2018.2870695https://doi.org/10.1109/ACCESS.2018.2870695

    Article  Google Scholar 

  6. Lin C, Sangiovanni-Vincentelli A (2012) Cyber-security for the controller area network (CAN) communication protocol. In: International Conference on Cyber Security, Washington, DC, USA, pp 1–7

  7. Nilsson DK, Larson UE, Jonsson E (2008) Efficient in-vehicle delayed data authentication based on compound message authentication codes. In: IEEE 68th Vehicular Technology Conference, Calgary, BC, Canada, pp 1–5

  8. Wang E, Xu W, Sastry S, Liu S, Zeng K (2017) Hardware module-based message authentication in intra-vehicle networks. In: ACM/IEEE International Conference on Cyber-Physical Systems, Pittsburgh, PA, USA, pp 207–216

  9. Bulck JV, Mühlberg JT, Piessens F (2017) VulCAN: Efficient component authentication and software isolation for automotive control networks. In: Annual Computer Security Applications Conference, Orlando FL USA, pp 225–237

  10. Lu Z, Wang Q, Chen X, Qu G, Lyu Y, Liu Z (2019) LEAP: A lightweight encryption and authentication protocol for in-vehicle communications. In: IEEE Intelligent Transportation Systems Conference, Auckland, New Zealand, pp 1158–1164

  11. Macher G, Sporer H, Brenner E, Kreiner C (2017) An automotive signal-layer security and trust-boundary identification approach. Procedia Computer Science 109C:490–497. https://doi.org/10.1016/j.procs.2017.05.317https://doi.org/10.1016/j.procs.2017.05.317

    Article  Google Scholar 

  12. Macher G, Sporer H, Brenner E, Kreiner C (2018) Signal-layer security and trust-boundary identification based on hardware-software interface definition. Journal of Ubiquitous Systems and Pervasive Networks 10(1):1–9. https://doi.org/10.5383/JUSPN.10.01.001https://doi.org/10.5383/JUSPN.10.01.001

    Article  Google Scholar 

  13. Wu W, Li R, Xie G, An J, Bai Y, Zhou J, Li K (2020) A survey of intrusion detection for in-vehicle networks. IEEE Trans Intell Transp Syst 21(3):919–933. https://doi.org/10.1109/tits.2019.2908074https://doi.org/10.1109/tits.2019.2908074

    Article  Google Scholar 

  14. Chakraborty S, Al Faruque MA, Chang W, Goswami D, Wolf M, Zhu Q (2016) Automotive cyber-physical systems: A tutorial introduction. IEEE Design & Test 33 (4):92–108. https://doi.org/10.1109/MDAT.2016.2573598https://doi.org/10.1109/MDAT.2016.2573598

    Article  Google Scholar 

  15. Wasicek A, Derler P, Lee EA (2014) Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: ACM/EDAC/IEEE Design Automation Conference, San Francisco, CA, USA, pp 1–6

  16. Abbott-McCune S, Shay LA (2016) Intrusion prevention system of automotive network CAN bus. In: IEEE International Carnahan Conference on Security Technology, Orlando, FL, USA, pp 1–8

  17. Malhotra P, Vig L, Shroff G, Agarwal P (2015) Long short term memory networks for anomaly detection in time series. In: European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning , Bruges, Belgium, pp 89–94

  18. Protogerou A, Papadopoulos S, Drosou A, Tzovaras D, Refanidis I (2021) A graph neural network method for distributed anomaly detection in IoT. EVOLVING SYSTEMS 12(1, SI):19–36. https://doi.org/10.1007/s12530-020-09347-0

    Article  Google Scholar 

  19. Yu T, Wang X (2020) Topology verification enabled intrusion detection for in-vehicle CAN-FD networks. IEEE Commun Lett 24(1):227–230. https://doi.org/10.1109/LCOMM.2019.2953722

    Article  Google Scholar 

  20. Qin H, Yan M, Ji H (2021) Application of controller area network (CAN) bus anomaly detection based on time series prediction. Vehicular Communications 27:100291. https://doi.org/10.1016/j.vehcom.2020.100291https://doi.org/10.1016/j.vehcom.2020.100291

    Article  Google Scholar 

  21. Ji H, Wang Y, Qin H, Wang Y, Li H (2018) Comparative performance evaluation of intrusion detection methods for in-vehicle networks. IEEE Access 6:37523–37532. https://doi.org/10.1109/ACCESS.2018.2848106https://doi.org/10.1109/ACCESS.2018.2848106

    Article  Google Scholar 

  22. Li X, Yu Y, Sun G, Chen K (2018) Connected vehicles’ security from the perspective of the in-vehicle network. IEEE Netw 32(3):58–63. https://doi.org/10.1109/MNET.2018.1700319

    Article  Google Scholar 

  23. Xiao J, Wu H, Li X (2019) Internet of things meets vehicles: Sheltering in-vehicle network through lightweight machine learning. Symmetry 11:1388:1–21. https://doi.org/10.3390/sym11111388

    Article  Google Scholar 

  24. Xiao J, Wu H, Li X, Yuan L (2019) Practical IDS on in-vehicle network against diversified attack models. In: International Conference, Algorithms and Architectures for Parallel Processing, Melbourne, VIC, Australia, pp 456–466

  25. Taylor A, Leblanc S, Japkowicz N (2016) Anomaly detection in automobile control network data with long short-term memory networks. In: IEEE International Conference on Data Science and Advanced Analytics, Montreal, QC, Canada, pp 130–139

  26. Zhu K, Chen Z, Peng Y, Zhang L (2019) Mobile edge assisted literal multi-dimensional anomaly detection of in-vehicle network using LSTM. IEEE Trans Veh Technol 68(5):4275–4284. https://doi.org/10.1109/TVT.2019.2907269

    Article  Google Scholar 

  27. Xiao J, Wu H, Li X (2019) Robust and self-evolving IDS for in-vehicle network by enabling spatiotemporal information. In: IEEE International Conference on High Performance Computing and Communications; IEEE International Conference on Smart City; IEEE International Conference on Data Science and Systems, Zhangjiajie, China, pp 1390–1397

  28. Song HM, Woo J, Kim HK (2020) In-vehicle network intrusion detection using deep convolutional neural network. Vehicular Communications 21:100198:1–13. https://doi.org/10.1016/j.vehcom.2019.100198https://doi.org/10.1016/j.vehcom.2019.100198

    Article  Google Scholar 

  29. Kang M, Kang J (2016) A novel intrusion detection method using deep neural network for in-vehicle network security. In: IEEE Vehicular Technology Conference (VTC Spring), Nanjing, China, pp 1–5

  30. Park S, Choi J.-Y. (2020) Hierarchical anomaly detection model for in-vehicle networks using machine learning algorithms. Sensors 20:3934:1–21. https://doi.org/10.3390/s20143934

    Article  Google Scholar 

  31. Marchetti M, Stabili D (2017) Anomaly detection of CAN bus messages through analysis of ID sequences. In: IEEE Intelligent Vehicles Symposium (IV), Los Angeles, CA, USA, pp 1577–1583

  32. Taylor A, Japkowicz N, Leblanc S (2015) Frequency-based anomaly detection for the automotive CAN bus. In: 2015 World Congress on Industrial Control Systems Security (WCICSS)

  33. Hoppe T, Kiltz S, Dittmann J (2008) Security threats to automotive CAN networks– practical examples and selected short-term countermeasures. In: Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinform.), in: LNCS,. https://doi.org/10.1007/978-3-540-87698-4_21, vol 5219, pp 235–248

  34. Valasek CMC (2013) Adventures in automotive networks and control units. Tech. White Pap, 99

  35. Olufowobi H, Young C, Zambreno J, Bloom G (2020) SAIDuCANT: Specification-based automotive intrusion detection using controller area network (CAN) timing. IEEE Trans Veh Technol 69(2):1484–1494. https://doi.org/10.1109/TVT.2019.2961344

    Article  Google Scholar 

  36. Zhou J, Joshi P, Zeng H, Li R (2019) BTMonitor: Bit-time-based intrusion detection and attacker identification in controller area network. ACM Trans Embed Comput Syst 18(6):1–23. https://doi.org/10.1145/3362034

    Article  Google Scholar 

  37. Ohira S, Desta AK, Arai I, Inoue H, Fujikawa K (2020) Normal and malicious sliding windows similarity analysis method for fast and accurate IDS against DoS attacks on in-vehicle networks. IEEE Access 8:42422–42435. https://doi.org/10.1109/access.2020.2975893https://doi.org/10.1109/access.2020.2975893

    Article  Google Scholar 

  38. Shin KG, Cho KT (2017) Fingerprinting electronic control units for vehicle intrusion detection

  39. Choi W, Joo K, Jo HJ, Park MC, Lee DH (2018) VoltageIDS: Low-level communication characteristics for automotive intrusion detection system. IEEE Transactions on Information Forensics and Security 13(8):2114–2129. https://doi.org/10.1109/TIFS.2018.2812149https://doi.org/10.1109/TIFS.2018.2812149

    Article  Google Scholar 

  40. Katragadda S, Darby PJ, Roche A, Gottumukkala R (2020) Detecting low-rate replay-based injection attacks on in-vehicle networks. IEEE Access 8:54979–54993. https://doi.org/10.1109/ACCESS.2020.2980523https://doi.org/10.1109/ACCESS.2020.2980523

    Article  Google Scholar 

  41. Song HM, Kim HR, Kim HK (2016) Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: International Conference on Information Networking, Kota Kinabalu, Malaysia, pp 63–68

  42. Cho KT, Kang GS (2017) Viden: Attacker identification on in-vehicle networks. In: ACM SIGSAC Conference on Computer and Communications Security, Dallas Texas USA, pp 1109–1123

  43. Tariq S, Lee S, Kim HK, Woo SS (2020) CAN-ADF: The controller area network attack detection framework. Computers & Security 94:101857:1–12. https://doi.org/10.1016/j.cose.2020.101857https://doi.org/10.1016/j.cose.2020.101857

    Article  Google Scholar 

  44. Wu Z, Pan S, Chen F, Long G, Zhang C, Yu PS (2021) A comprehensive survey on graph neural networks. IEEE Transactions on Neural Networks and Learning Systems 32(1):4–24. https://doi.org/10.1109/TNNLS.2020.2978386

    Article  MathSciNet  Google Scholar 

  45. Nathani D, Chauhan J, Sharma C, Kaul M (2019) Learning attention-based embeddings for relation prediction in knowledge graphs. arXiv:1906.01195, https://doi.org/10.18653/v1/P19-1466

  46. Wu Z, Pan S, Chen F, Long G, Zhang C, Yu PS (2019) A comprehensive survey on graph neural networks. IEEE Transactions on Neural Networks and Learning Systems, pp 1–21, https://doi.org/10.1109/TNNLS.2020.2978386

  47. Lee H, Jeong SH, Kim HK (2017) OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame. In: Annual Conference on Privacy, Security and Trust, Calgary, AB, Canada, pp 57–66

  48. Xie L, Pi D, Zhang X, Chen J, Luo Y, Yu W (2021) Graph neural network approach for anomaly detection. MEASUREMENT, 180, https://doi.org/10.1016/j.measurement.2021.109546

  49. Kipf T, Welling M (2016) Semi-supervised classification with graph convolutional networks. arXiv:1609.02907

  50. Veličkovič P, Cucurull G, Casanova A, Romero A, Liò P, Bengio Y (2017) Graph attention networks. arXiv:1710.10903

  51. Linghu Y, Li X (2021) Wsg-inv: Weighted state graph model for intrusion detection on in-vehicle network. In: 2021 IEEE Wireless Communications and Networking Conference (WCNC), pp 1–7

  52. Hamilton LW, Ying R, Leskovec J. (2017) Inductive representation learning on large graphs. In: International Conference on Neural Information Processing Systems. Curran Associates Inc., Red Hook, NY, USA, pp 1025–1035

  53. Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser L, Polosukhin I (2017) Attention is all you need. In: International Conference on Neural Information Processing Systems. Curran Associates Inc., Red Hook, NY, USA, pp 6000–6010

  54. Kingma DP, Ba J (2014) Adam: A method for stochastic optimization. arXiv:1412.6980

  55. Bewick V, Cheek L, Ball J (2004) Statistics review 13: Receiver operating characteristic curves. Critical Care 8(6):508–512. https://doi.org/10.1186/cc3000

    Article  Google Scholar 

  56. Pundir S, Amala R (2014) Parametric receiver operating characteristic modeling for continuous data: A glance. Model Assist Stat Appl 9(2):121–135. https://doi.org/10.3233/MAS-130284

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Systems Science and Engineering, Sun Yat-Sen University, Guangzhou, 510006, China

    Junchao Xiao, Fuli Zhong & Hongbo Chen

  2. National Key Laboratory of Science and Technology on Information System Security, Institute of System Engineering, Chinese Academy of Military Science, Beijing, 100039, China

    Lin Yang

  3. School of Software Engineering, East China Normal University, Shanghai, 200000, China

    Xiangxue Li

Authors
  1. Junchao Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fuli Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hongbo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiangxue Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Fuli Zhong or Hongbo Chen.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xiao, J., Yang, L., Zhong, F. et al. Robust anomaly-based intrusion detection system for in-vehicle network by graph neural network framework. Appl Intell 53, 3183–3206 (2023). https://doi.org/10.1007/s10489-022-03412-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-022-03412-8

Keywords

Search

Navigation