VECLLF: A vehicle-edge collaborative lifelong learning framework for anomaly detection in VANETs

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-04-29 DOI:10.1016/j.comnet.2025.111328

Yingqing Wang , Yanhua Liang , Yue Huang , Guihe Qin

{"title":"VECLLF: A vehicle-edge collaborative lifelong learning framework for anomaly detection in VANETs","authors":"Yingqing Wang , Yanhua Liang , Yue Huang , Guihe Qin","doi":"10.1016/j.comnet.2025.111328","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid development of intelligent connected vehicles, Vehicular Ad Hoc Network (VANET) is widely used in intelligent transportation systems. VANETs are vulnerable to attacks in their operating environments, such as denial of service (DoS) attacks and injection attacks. Thus, the development of an efficient anomaly detection framework is a promising solution. Most existing methods can only detect known attacks, are less efficient in detecting unknown attacks, and fail to deal with them. To solve these problems, the lifelong learning framework (LLF) is introduced, which aims to store and label suspicious data by applying blockchain and then retrain the model. However, existing LLFs are overly idealized as they do not adequately consider the key issues of label budget and storage space. To improve the practicality of existing methods, this paper proposes a novel LLF based on the existing LLF, called Vehicle Edge Collaborative Lifelong Learning Framework (VECLLF), which can deploy the model update task on the edge server. Specifically, the proposed anomaly detection module based on ensemble active learning is used to achieve high-performance detection under a limited label budget, the proposed incremental learning module based on a sample library continuously learns the model by replaying representative samples within limited storage space, the proposed optimization-based feature selection module is used to remove redundant and interfering features, and the explainable artificial intelligence (XAI) module is used to explain the model to ensure its interpretability. In addition, the blockchain-based database (BC-DB) module is used to help store suspicious data and interact with security agencies to label it. We conducted experiments on two public datasets, AWID2 and CICIDS2017, and the results show that VECLLF outperforms state-of-the-art anomaly detection models and existing LLF, with F1-scores exceeding 97% on both datasets. Furthermore, we collect data from the Network Simulator 3 (NS-3) simulation environment and conduct experiments to evaluate the effectiveness of VECLLF in real-world scenarios.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111328"},"PeriodicalIF":4.4000,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625002956","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid development of intelligent connected vehicles, Vehicular Ad Hoc Network (VANET) is widely used in intelligent transportation systems. VANETs are vulnerable to attacks in their operating environments, such as denial of service (DoS) attacks and injection attacks. Thus, the development of an efficient anomaly detection framework is a promising solution. Most existing methods can only detect known attacks, are less efficient in detecting unknown attacks, and fail to deal with them. To solve these problems, the lifelong learning framework (LLF) is introduced, which aims to store and label suspicious data by applying blockchain and then retrain the model. However, existing LLFs are overly idealized as they do not adequately consider the key issues of label budget and storage space. To improve the practicality of existing methods, this paper proposes a novel LLF based on the existing LLF, called Vehicle Edge Collaborative Lifelong Learning Framework (VECLLF), which can deploy the model update task on the edge server. Specifically, the proposed anomaly detection module based on ensemble active learning is used to achieve high-performance detection under a limited label budget, the proposed incremental learning module based on a sample library continuously learns the model by replaying representative samples within limited storage space, the proposed optimization-based feature selection module is used to remove redundant and interfering features, and the explainable artificial intelligence (XAI) module is used to explain the model to ensure its interpretability. In addition, the blockchain-based database (BC-DB) module is used to help store suspicious data and interact with security agencies to label it. We conducted experiments on two public datasets, AWID2 and CICIDS2017, and the results show that VECLLF outperforms state-of-the-art anomaly detection models and existing LLF, with F1-scores exceeding 97% on both datasets. Furthermore, we collect data from the Network Simulator 3 (NS-3) simulation environment and conduct experiments to evaluate the effectiveness of VECLLF in real-world scenarios.

查看原文本刊更多论文

VECLLF：一种用于VANETs异常检测的车边协作终身学习框架

随着智能网联汽车的快速发展，车载自组网（VANET）在智能交通系统中得到了广泛的应用。vanet在其运行环境中容易受到攻击，如DoS （denial of service）攻击和注入攻击。因此，开发一个有效的异常检测框架是一个很有前途的解决方案。现有的方法大多只能检测已知攻击，而对未知攻击的检测效率较低，无法有效地处理未知攻击。为了解决这些问题，引入了终身学习框架（LLF），该框架旨在通过区块链对可疑数据进行存储和标记，然后对模型进行重新训练。然而，现有的llf过于理想化，因为它们没有充分考虑标签预算和存储空间的关键问题。为了提高现有方法的实用性，本文在现有LLF的基础上提出了一种新的LLF，称为车辆边缘协作终身学习框架（VECLLF），该框架可以将模型更新任务部署在边缘服务器上。其中，基于集成主动学习的异常检测模块用于在有限的标签预算下实现高性能检测；基于样本库的增量学习模块通过在有限的存储空间内重放代表性样本来持续学习模型；基于优化的特征选择模块用于去除冗余和干扰特征；采用可解释人工智能（XAI）模块对模型进行解释，保证模型的可解释性。此外，基于区块链的数据库（BC-DB）模块用于帮助存储可疑数据，并与安全机构进行交互以对其进行标记。我们在AWID2和CICIDS2017两个公共数据集上进行了实验，结果表明，VECLLF优于最先进的异常检测模型和现有的LLF，在这两个数据集上的f1得分都超过97%。此外，我们从网络模拟器3 （NS-3）仿真环境中收集数据，并进行实验来评估VECLLF在现实场景中的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.