Enhancing real-time intrusion detection system for in-vehicle networks by employing novel feature engineering techniques and lightweight modeling

IF 4.4 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Ad Hoc Networks Pub Date : 2024-12-12 DOI:10.1016/j.adhoc.2024.103737

Wael Aljabri, Md. Abdul Hamid, Rayan Mosli

{"title":"Enhancing real-time intrusion detection system for in-vehicle networks by employing novel feature engineering techniques and lightweight modeling","authors":"Wael Aljabri, Md. Abdul Hamid, Rayan Mosli","doi":"10.1016/j.adhoc.2024.103737","DOIUrl":null,"url":null,"abstract":"<div><div>Autonomous vehicles are built using a variety of electronic control units (ECUs) that communicate over a controller area network (CAN). A CAN enables the communication of data between ECUs to guarantee safety, assist drivers, and perform different functions. Nevertheless, a CAN lacks built-in security measures, which makes it susceptible to cyberattacks. A significant amount of existing research on intrusion detection systems (IDSs) is aimed at enhancing the security of a CAN by identifying and detecting unauthorized packet injections. However, the majority of machine/deep learning-based IDSs have difficulty sufficiently addressing latency. To address this issue, we propose a novel IDS framework that introduces two distinctive features. The first feature is the utility of data entropy, which is dynamically recalculated as new data arrives to capture unpredictable variations in the data payload. The second feature is an anomaly score, combining data entropy and time interval entropy to detect abnormal patterns in CAN communication. We validated the significance of these features using SHapley Additive exPlanations (SHAP) analysis. These features are integrated into a lightweight deep learning-based IDS model, specifically designed for resource-constrained environments. This integration significantly improves detection accuracy and operational efficiency. Our approach is validated using two well-known public datasets, car hacking: attack & defense challenge and car-hacking datasets. It shows significant detection capabilities with accuracies of 0.9946 and 0.9995 and F1 scores of 0.9945 and 0.9995, respectively. Also, our IDS achieves an effectively low inference latency of only 0.17 milliseconds, surpassing the performance of existing machine/deep learning-based IDSs.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"169 ","pages":"Article 103737"},"PeriodicalIF":4.4000,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870524003482","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Autonomous vehicles are built using a variety of electronic control units (ECUs) that communicate over a controller area network (CAN). A CAN enables the communication of data between ECUs to guarantee safety, assist drivers, and perform different functions. Nevertheless, a CAN lacks built-in security measures, which makes it susceptible to cyberattacks. A significant amount of existing research on intrusion detection systems (IDSs) is aimed at enhancing the security of a CAN by identifying and detecting unauthorized packet injections. However, the majority of machine/deep learning-based IDSs have difficulty sufficiently addressing latency. To address this issue, we propose a novel IDS framework that introduces two distinctive features. The first feature is the utility of data entropy, which is dynamically recalculated as new data arrives to capture unpredictable variations in the data payload. The second feature is an anomaly score, combining data entropy and time interval entropy to detect abnormal patterns in CAN communication. We validated the significance of these features using SHapley Additive exPlanations (SHAP) analysis. These features are integrated into a lightweight deep learning-based IDS model, specifically designed for resource-constrained environments. This integration significantly improves detection accuracy and operational efficiency. Our approach is validated using two well-known public datasets, car hacking: attack & defense challenge and car-hacking datasets. It shows significant detection capabilities with accuracies of 0.9946 and 0.9995 and F1 scores of 0.9945 and 0.9995, respectively. Also, our IDS achieves an effectively low inference latency of only 0.17 milliseconds, surpassing the performance of existing machine/deep learning-based IDSs.

查看原文本刊更多论文

采用新的特征工程技术和轻量化建模，增强车载网络的实时入侵检测系统

自动驾驶汽车使用各种电子控制单元（ecu），通过控制器局域网（CAN）进行通信。CAN可以实现ecu之间的数据通信，以保证安全、辅助驾驶和实现不同的功能。然而，CAN缺乏内置的安全措施，这使得它容易受到网络攻击。现有大量入侵检测系统的研究旨在通过识别和检测未经授权的数据包注入来提高CAN的安全性。然而，大多数基于机器/深度学习的ids难以充分解决延迟问题。为了解决这个问题，我们提出了一个新的IDS框架，它引入了两个不同的特性。第一个特性是数据熵的效用，它在新数据到达时动态地重新计算，以捕获数据有效负载中不可预测的变化。第二个特征是异常评分，结合数据熵和时间间隔熵来检测CAN通信中的异常模式。我们使用SHapley加性解释（SHAP）分析验证了这些特征的重要性。这些特性被集成到一个轻量级的基于深度学习的IDS模型中，该模型是专门为资源受限环境设计的。这种集成显著提高了检测精度和操作效率。我们的方法使用两个著名的公共数据集进行了验证：汽车黑客攻击；防御挑战和汽车黑客数据集。其检测能力显著，准确率分别为0.9946和0.9995，F1得分分别为0.9945和0.9995。此外，我们的IDS实现了有效的低推理延迟，仅为0.17毫秒，超过了现有基于机器/深度学习的IDS的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ad Hoc Networks 工程技术-电信学

CiteScore

10.20

自引率

4.20%

发文量

131

审稿时长

4.8 months

期刊介绍： The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to: Mobile and Wireless Ad Hoc Networks Sensor Networks Wireless Local and Personal Area Networks Home Networks Ad Hoc Networks of Autonomous Intelligent Systems Novel Architectures for Ad Hoc and Sensor Networks Self-organizing Network Architectures and Protocols Transport Layer Protocols Routing protocols (unicast, multicast, geocast, etc.) Media Access Control Techniques Error Control Schemes Power-Aware, Low-Power and Energy-Efficient Designs Synchronization and Scheduling Issues Mobility Management Mobility-Tolerant Communication Protocols Location Tracking and Location-based Services Resource and Information Management Security and Fault-Tolerance Issues Hardware and Software Platforms, Systems, and Testbeds Experimental and Prototype Results Quality-of-Service Issues Cross-Layer Interactions Scalability Issues Performance Analysis and Simulation of Protocols.