Decision Tree-Based Rule Derivation for Intrusion Detection in Safety-Critical Automotive Systems

2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP) Pub Date : 2022-03-01 DOI:10.1109/pdp55904.2022.00046

Lucas Buschlinger, Sanat Sarda, C. Krauß

{"title":"Decision Tree-Based Rule Derivation for Intrusion Detection in Safety-Critical Automotive Systems","authors":"Lucas Buschlinger, Sanat Sarda, C. Krauß","doi":"10.1109/pdp55904.2022.00046","DOIUrl":null,"url":null,"abstract":"Intrusion Detection Systems (IDSs) are being introduced into safety-critical systems such as connected vehicles. Since the behavior and effectiveness of measures are validated before approval, the decisions made by an IDS are required to be traceable and the IDS also needs to work efficiently on resource-constrained embedded systems. These requirements complicate the direct use of Machine Learning (ML) approaches in IDS design. In this paper, we propose an approach to using ML to generate rules for an efficient rule-based IDS like Snort. Our approach eases the time-consuming and difficult process of creating a rule set. We use decision trees to generate rules that can be used by experts as a basis for creating a rule set for a specific safety-critical use case. In addition, we use long short-term memory methods to circumvent the problem of limited training data availability, a common limitation in safety-critical systems. Our implementation and evaluation shows the feasibility of our approach to derive specific IDS rules for such systems.","PeriodicalId":210759,"journal":{"name":"2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/pdp55904.2022.00046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Intrusion Detection Systems (IDSs) are being introduced into safety-critical systems such as connected vehicles. Since the behavior and effectiveness of measures are validated before approval, the decisions made by an IDS are required to be traceable and the IDS also needs to work efficiently on resource-constrained embedded systems. These requirements complicate the direct use of Machine Learning (ML) approaches in IDS design. In this paper, we propose an approach to using ML to generate rules for an efficient rule-based IDS like Snort. Our approach eases the time-consuming and difficult process of creating a rule set. We use decision trees to generate rules that can be used by experts as a basis for creating a rule set for a specific safety-critical use case. In addition, we use long short-term memory methods to circumvent the problem of limited training data availability, a common limitation in safety-critical systems. Our implementation and evaluation shows the feasibility of our approach to derive specific IDS rules for such systems.

查看原文本刊更多论文

基于决策树的汽车安全关键系统入侵检测规则推导

入侵检测系统(ids)正被引入安全关键系统，如联网车辆。由于在批准之前对度量的行为和有效性进行了验证，因此要求IDS所做的决策是可跟踪的，并且IDS还需要在资源受限的嵌入式系统上有效地工作。这些要求使得在IDS设计中直接使用机器学习(ML)方法变得复杂。在本文中，我们提出了一种使用ML为Snort等高效的基于规则的IDS生成规则的方法。我们的方法简化了创建规则集的耗时且困难的过程。我们使用决策树来生成规则，这些规则可以被专家用作为特定的安全关键用例创建规则集的基础。此外，我们使用长短期记忆方法来规避训练数据可用性有限的问题，这是安全关键系统中常见的限制。我们的实现和评估表明，我们的方法为此类系统派生特定的IDS规则是可行的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP)

自引率

0.00%

发文量