{"title":"Enhancing real-time intrusion detection system for in-vehicle networks by employing novel feature engineering techniques and lightweight modeling","authors":"Wael Aljabri, Md. Abdul Hamid, Rayan Mosli","doi":"10.1016/j.adhoc.2024.103737","DOIUrl":null,"url":null,"abstract":"<div><div>Autonomous vehicles are built using a variety of electronic control units (ECUs) that communicate over a controller area network (CAN). A CAN enables the communication of data between ECUs to guarantee safety, assist drivers, and perform different functions. Nevertheless, a CAN lacks built-in security measures, which makes it susceptible to cyberattacks. A significant amount of existing research on intrusion detection systems (IDSs) is aimed at enhancing the security of a CAN by identifying and detecting unauthorized packet injections. However, the majority of machine/deep learning-based IDSs have difficulty sufficiently addressing latency. To address this issue, we propose a novel IDS framework that introduces two distinctive features. The first feature is the utility of data entropy, which is dynamically recalculated as new data arrives to capture unpredictable variations in the data payload. The second feature is an anomaly score, combining data entropy and time interval entropy to detect abnormal patterns in CAN communication. We validated the significance of these features using SHapley Additive exPlanations (SHAP) analysis. These features are integrated into a lightweight deep learning-based IDS model, specifically designed for resource-constrained environments. This integration significantly improves detection accuracy and operational efficiency. Our approach is validated using two well-known public datasets, car hacking: attack & defense challenge and car-hacking datasets. It shows significant detection capabilities with accuracies of 0.9946 and 0.9995 and F1 scores of 0.9945 and 0.9995, respectively. Also, our IDS achieves an effectively low inference latency of only 0.17 milliseconds, surpassing the performance of existing machine/deep learning-based IDSs.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"169 ","pages":"Article 103737"},"PeriodicalIF":4.4000,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870524003482","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Autonomous vehicles are built using a variety of electronic control units (ECUs) that communicate over a controller area network (CAN). A CAN enables the communication of data between ECUs to guarantee safety, assist drivers, and perform different functions. Nevertheless, a CAN lacks built-in security measures, which makes it susceptible to cyberattacks. A significant amount of existing research on intrusion detection systems (IDSs) is aimed at enhancing the security of a CAN by identifying and detecting unauthorized packet injections. However, the majority of machine/deep learning-based IDSs have difficulty sufficiently addressing latency. To address this issue, we propose a novel IDS framework that introduces two distinctive features. The first feature is the utility of data entropy, which is dynamically recalculated as new data arrives to capture unpredictable variations in the data payload. The second feature is an anomaly score, combining data entropy and time interval entropy to detect abnormal patterns in CAN communication. We validated the significance of these features using SHapley Additive exPlanations (SHAP) analysis. These features are integrated into a lightweight deep learning-based IDS model, specifically designed for resource-constrained environments. This integration significantly improves detection accuracy and operational efficiency. Our approach is validated using two well-known public datasets, car hacking: attack & defense challenge and car-hacking datasets. It shows significant detection capabilities with accuracies of 0.9946 and 0.9995 and F1 scores of 0.9945 and 0.9995, respectively. Also, our IDS achieves an effectively low inference latency of only 0.17 milliseconds, surpassing the performance of existing machine/deep learning-based IDSs.
期刊介绍:
The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to:
Mobile and Wireless Ad Hoc Networks
Sensor Networks
Wireless Local and Personal Area Networks
Home Networks
Ad Hoc Networks of Autonomous Intelligent Systems
Novel Architectures for Ad Hoc and Sensor Networks
Self-organizing Network Architectures and Protocols
Transport Layer Protocols
Routing protocols (unicast, multicast, geocast, etc.)
Media Access Control Techniques
Error Control Schemes
Power-Aware, Low-Power and Energy-Efficient Designs
Synchronization and Scheduling Issues
Mobility Management
Mobility-Tolerant Communication Protocols
Location Tracking and Location-based Services
Resource and Information Management
Security and Fault-Tolerance Issues
Hardware and Software Platforms, Systems, and Testbeds
Experimental and Prototype Results
Quality-of-Service Issues
Cross-Layer Interactions
Scalability Issues
Performance Analysis and Simulation of Protocols.