CANGuard: Practical Intrusion Detection for In-Vehicle Network via Unsupervised Learning

2021 IEEE/ACM Symposium on Edge Computing (SEC) Pub Date : 2021-12-01 DOI:10.1145/3453142.3493514

Wu Zhou, Hao-ming Fu, Shray Kapoor

{"title":"CANGuard: Practical Intrusion Detection for In-Vehicle Network via Unsupervised Learning","authors":"Wu Zhou, Hao-ming Fu, Shray Kapoor","doi":"10.1145/3453142.3493514","DOIUrl":null,"url":null,"abstract":"Modern vehicles are becoming more advanced recently by incorporating new functionalities, such as V2X, more connectivity and autonomous driving. However, these new things also open the vehicle wider to the outside and thus pose more severe threats to the vehicle security and safety. In this paper, we propose CANGuard, a vehicle intrusion detection system that learns in-vehicle traffic patterns and uses the patterns to detect anomaly in a vehicle network. CANGuard applies autoencoder, an unsupervised learning technique, on the raw CAN messages to learn efficient models of these data, and requires no expert to label CAN messages as needed in supervised approaches. Unlike another study that also uses unsupervised learning but can only detect attacks involving one single type of message, CANGuard can detect attacks involving multiple types of messages as well. Experiments with public data sets demonstrate that CANGuard has almost the same, at some case better, results as compared with state-of-art supervised approaches. Combined with its unsupervised nature and its capability to detect attacks involving multiple types of message, this proves CANGuard is more practical to be deployed in modern vehicle environments.","PeriodicalId":6779,"journal":{"name":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","volume":"170 1","pages":"454-458"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3453142.3493514","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Modern vehicles are becoming more advanced recently by incorporating new functionalities, such as V2X, more connectivity and autonomous driving. However, these new things also open the vehicle wider to the outside and thus pose more severe threats to the vehicle security and safety. In this paper, we propose CANGuard, a vehicle intrusion detection system that learns in-vehicle traffic patterns and uses the patterns to detect anomaly in a vehicle network. CANGuard applies autoencoder, an unsupervised learning technique, on the raw CAN messages to learn efficient models of these data, and requires no expert to label CAN messages as needed in supervised approaches. Unlike another study that also uses unsupervised learning but can only detect attacks involving one single type of message, CANGuard can detect attacks involving multiple types of messages as well. Experiments with public data sets demonstrate that CANGuard has almost the same, at some case better, results as compared with state-of-art supervised approaches. Combined with its unsupervised nature and its capability to detect attacks involving multiple types of message, this proves CANGuard is more practical to be deployed in modern vehicle environments.

查看原文本刊更多论文

基于无监督学习的车载网络入侵检测

随着V2X、更多连接和自动驾驶等新功能的加入，现代汽车正变得越来越先进。然而，这些新事物也使车辆对外开放的范围更大，从而对车辆的安全和安全构成了更严重的威胁。在本文中，我们提出了一种车辆入侵检测系统CANGuard，它可以学习车内交通模式并使用这些模式来检测车辆网络中的异常。CANGuard将自动编码器(一种无监督学习技术)应用于原始CAN消息上，以学习这些数据的有效模型，并且不需要专家根据监督方法对CAN消息进行标记。与另一项使用无监督学习但只能检测涉及单一类型消息的攻击的研究不同，CANGuard也可以检测涉及多种类型消息的攻击。对公共数据集的实验表明，与最先进的监督方法相比，CANGuard的结果几乎相同，在某些情况下甚至更好。结合其无监督的特性和检测涉及多种类型信息的攻击的能力，这证明了CANGuard在现代车辆环境中部署更加实用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE/ACM Symposium on Edge Computing (SEC)

自引率

0.00%

发文量