A robust multi-stage intrusion detection system for in-vehicle network security using hierarchical federated learning

IF 5.8 2区计算机科学 Q1 TELECOMMUNICATIONS

Vehicular Communications Pub Date : 2024-08-30 DOI:10.1016/j.vehcom.2024.100837

Muzun Althunayyan , Amir Javed , Omer Rana

{"title":"A robust multi-stage intrusion detection system for in-vehicle network security using hierarchical federated learning","authors":"Muzun Althunayyan , Amir Javed , Omer Rana","doi":"10.1016/j.vehcom.2024.100837","DOIUrl":null,"url":null,"abstract":"<div><p>As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment. This makes our model robust against seen and unseen attacks.</p></div>","PeriodicalId":54346,"journal":{"name":"Vehicular Communications","volume":"49 ","pages":"Article 100837"},"PeriodicalIF":5.8000,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214209624001128/pdfft?md5=5c13cb7ede7ac0fd94530908e6c0a393&pid=1-s2.0-S2214209624001128-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vehicular Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214209624001128","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment. This makes our model robust against seen and unseen attacks.

查看原文本刊更多论文

使用分层联合学习的车载网络安全稳健多级入侵检测系统

随着联网汽车和自动驾驶汽车的普及，控制器局域网（CAN）总线因其速度快、效率高而成为车载网络的主要通信标准。然而，CAN 总线缺乏基本的安全措施，如身份验证和加密，因此极易受到网络攻击。为确保车载安全，入侵检测系统（IDS）必须能检测到已发现的攻击，并对新的、未发现的攻击提供强大的防御能力，同时保持轻便，以利于实际部署。以往的工作仅依赖 CAN ID 特征，或使用传统的机器学习 (ML) 方法和手动特征提取。这些方法忽略了其他可利用的特征，使其难以适应新的未知攻击变体，从而影响了安全性。本文介绍了一种前沿、新颖、轻量级的车载 IDS 杠杆深度学习（DL）算法，以解决这些局限性。所提出的 IDS 采用多阶段方法：第一阶段采用人工神经网络 (ANN) 检测已见攻击，第二阶段采用长短期记忆 (LSTM) 自动编码器检测新的、未见攻击。为了理解和分析多样化的驾驶行为，根据最新的攻击模式更新模型，并保护数据隐私，我们提出了一个理论框架，在分层联合学习（H-FL）环境中部署我们的 IDS。实验结果表明，我们的 IDS 对常见攻击的 F1 分数超过 0.99，对新攻击的 F1 分数超过 0.95，检测率达到 99.99%。此外，误报率（FAR）非常低，仅为 0.016%，最大限度地减少了误报。尽管使用了以有效识别复杂攻击和零日攻击而著称的 DL 算法，但 IDS 仍然保持了轻量级，确保了其在现实世界部署的可行性。这使得我们的模型在应对可见和不可见攻击时非常稳健。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Vehicular Communications Engineering-Electrical and Electronic Engineering

CiteScore

12.70

自引率

10.40%

发文量

审稿时长

62 days

期刊介绍： Vehicular communications is a growing area of communications between vehicles and including roadside communication infrastructure. Advances in wireless communications are making possible sharing of information through real time communications between vehicles and infrastructure. This has led to applications to increase safety of vehicles and communication between passengers and the Internet. Standardization efforts on vehicular communication are also underway to make vehicular transportation safer, greener and easier. The aim of the journal is to publish high quality peer–reviewed papers in the area of vehicular communications. The scope encompasses all types of communications involving vehicles, including vehicle–to–vehicle and vehicle–to–infrastructure. The scope includes (but not limited to) the following topics related to vehicular communications: Vehicle to vehicle and vehicle to infrastructure communications Channel modelling, modulating and coding Congestion Control and scalability issues Protocol design, testing and verification Routing in vehicular networks Security issues and countermeasures Deployment and field testing Reducing energy consumption and enhancing safety of vehicles Wireless in–car networks Data collection and dissemination methods Mobility and handover issues Safety and driver assistance applications UAV Underwater communications Autonomous cooperative driving Social networks Internet of vehicles Standardization of protocols.