Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection

doi:10.1007/s12204-022-2549-8

J Shanghai Jiaotong Univ Sci ›› 2024, Vol. 29 ›› Issue (6): 1161-1168.doi: 10.1007/s12204-022-2549-8

• Computer Technologies • Previous Articles Next Articles

Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection

基于LSTM-BiDBN入侵检测系统的在线车辆取证责任方认定方法

LIU Wen^1,3 (刘文), XU Jianxin^2,4 (许剑新), YANG Genke^1,3∗(杨根科), CHEN Yuanfang⁵ (陈媛芳)

（1. Ningbo Industrial Internet Institute, Ningbo 315000, Zhejiang, China; 2. Ningbo Artificial Intelligence Institute of Shanghai Jiao Tong University, Ningbo 315000, Zhejiang, China; 3. Department of Automation, Shanghai Jiao Tong University, Shanghai 200240, China; 4. College of Control Science and Engineering, Zhejiang University, Hangzhou 310027, China; 5. School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China)
（1. 宁波工业互联网研究院，浙江宁波 315000；2. 上海交通大学宁波人工智能研究院，浙江宁波 315000；3. 上海交通大学自动化系，上海 200240；4. 浙江大学控制科学与工程学院，杭州 310027；5. 杭州电子科技大学网络空间安全学院，杭州 310018）

Received:2021-05-24 Accepted:2021-11-19 Online:2024-11-28 Published:2024-11-28

Abstract

Abstract: Vehicle data is one of the important sources of traffic accident digital forensics. We propose a novel method using long short-term memory-deep belief network by binary encoding (LSTM-BiDBN) controller area network identifier (CAN ID) to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves. Instead of detecting attacks only aimed at a specific CAN ID, the proposed method fully considers the potential interaction between electronic control units. By this means, we can detect whether the vehicle has been invaded by the outside, to online determine the responsible party of the accident. We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset. Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack, fuzzy attack and impersonation attack with an accuracy value of 97.02%, a false-positive rate of 6.09%, and a false-negative rate of 1.94% compared with traditional methods.

Key words: digital forensics, deep belief network (DBN), long short-term memory (LSTM), binary encoding, controller area network identifier (CAN ID), responsible party

摘要： 车辆数据是交通事故数字取证的重要来源之一。提出了一种利用二进制编码的长短期记忆-深度信念网络（LSTM-BiDBN）控制器局域网标识符（CAN ID）提取CAN ID事件序列和CAN ID本身语义的新方法。该方法不仅检测针对特定CAN ID的攻击，而且充分考虑了电子控制单元之间潜在的相互作用。通过这种方式，可以检测车辆是否被外界入侵，从而在线确定事故的责任方。使用LSTM-BiDBN来区分CAN入侵数据集上的无攻击和异常情况。实验结果表明：与传统方法相比，该方法在识别拒绝服务攻击、模糊攻击和模拟攻击引起的异常方面更为有效，准确率为97.02%，误检率为6.09%，错误率为1.94%。

关键词: 数字取证，深度信念网络，长短期记忆，二进制编码，控制器局域网标识符，责任方

CLC Number:

TP181

LIU Wen^{1, 3} (刘文), XU Jianxin^{2, 4} (许剑新), YANG Genke^{1, 3∗}(杨根科), CHEN Yuanfang⁵ (陈媛芳). Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection[J]. J Shanghai Jiaotong Univ Sci, 2024, 29(6): 1161-1168.

References

[1] LE-KHAC N A, JACOBS D, NIJHOFF J, et al. Smart vehicle forensics: Challenges and case study [J]. Future Generation Computer Systems, 2020, 109: 500-510.
[2] CHECKOWAY S, MCCOY D, KANTOR B, et al.Comprehensive experimental analyses of automotive attack surfaces [C]//20th USENIX Security Symposium. San Francisco: USENIX, 2011: 447-462.
[3] HAN K, DIVYA POTLURI S, SHIN K G. On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks [C]//2013 ACM/IEEE International Conference on Cyber-Physical Systems. Philadelphia: IEEE, 2013:160-169.
[4] FOSTER I, PRUDHOMME A, KOSCHER K, et al.Fast and vulnerable: A story of telematic failures[C]//9th USENIX Conference on Offensive Technologies. Washington: USENIX, 2015: 1-9.
[5] WANG E, XU W, SASTRY S, et al. Hardware modulebased message authentication in intra-vehicle networks[C]//2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems. Pittsburgh: IEEE, 2017:207-216.
[6] MUTER M, ASAJ N. Entropy-based anomaly detection for in-vehicle networks [C]//2011 IEEE Intelligent Vehicles Symposium. Baden-Baden: IEEE, 2011:1110-1115.
[7] LEE H, JEONG S H, KIM H K. OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame [C]//2017 15th Annual Conferenceon Privacy, Security and Trust. Calgary: IEEE, 2017:57-66.
[8] ASHFAQ R A R, WANG X Z, HUANG J Z, et al.Fuzziness based semi-supervised learning approach for intrusion detection system [J]. Information Sciences,2017, 378: 484-497.
[9] IDHAMMAD M, AFDEL K, BELOUCH M. Semisupervised machine learning approach for DDoS detection [J]. Applied Intelligence, 2018, 48(10): 3193-3208.
[10] PAZUL K. Controller area network (CAN) basics[EB/OL]. [2022-05-24]. https://cika.com/soporte/Information/Microchip/AnalogInterface/CAN/AppNotes/AN713(DS00713a).pdf.
[11] YU F, LI D F, CROLLA D A. Integrated Vehicle Dynamics Control — state-of-the art review [C]//2008 IEEE Vehicle Power and Propulsion Conference.Harbin: IEEE, 2008: 1-6.
[12] KOSCHER K, CZESKIS A, ROESNER F, et al. Experimental security analysis of a modern automobile [C]//2010 IEEE Symposium on Security and Privacy.Oakland: IEEE, 2010: 447-462.
[13] HOPPE T, KILTZ S, DITTMANN J. Security threats to automotive CAN networks— Practical examples and selected short-term countermeasures [J]. Reliability Engineering & System Safety, 2011, 96(1): 11-25.
[14] THEISSLER A. Anomaly detection in recordings from in-vehicle networks [M]//Big data applications and principes. Madrid: Universidad Politecnica de Madrid,2014: 23-38.
[15] KANG M J, KANG J W. Intrusion detection system using deep neural network for in-vehicle network security [J]. PLoS ONE, 2016, 11(6): e0155781.
[16] YU Y, SI X S, HU C H, et al. A review of recurrent neural networks: LSTM cells and network architectures [J]. Neural Computation, 2019, 31(7): 1235-1270.
[17] ALKHATIB N, GHAUCH H, DANGER J L.SOME/IP intrusion detection using deep learningbased sequential models in automotive Ethernet networks [C]//2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference. Vancouver: IEEE, 2021: 954-962.
[18] KHAN Z, CHOWDHURY M, ISLAM M, et al. Long short-term memory neural networks for false information attack detection in softwaredefined in-vehicle network [DB/OL]. (2019-06-24).https://arxiv.org/abs/1906.10203.
[19] HOSSAIN M D, INOUE H, OCHIAI H, et al. LSTMbased intrusion detection system for in-vehicle can bus communications [J]. IEEE Access, 2020, 8: 185489-185502.
[20] SEGER C. An investigation of categorical variable encoding techniques in machine learning: Binary versus one-hot and feature hashing [R]. Stockholm: KTH Royal Institute of Technology, 2018.
[21] HINTON G E, OSINDERO S, TEH Y W. A fast learning algorithm for deep belief nets [J]. Neural Computation, 2006, 18(7): 1527-1554.
[22] HE K M, ZHANG X Y, REN S Q, et al. Delving deep into rectifiers: Surpassing human-level performance on ImageNet classification [C]//2015 IEEE International Conference on Computer Vision. Santiago:IEEE, 2015: 1026-1034.
[23] HOCHREITER S, SCHMIDHUBER J. Long shortterm memory [J]. Neural Computation, 1997, 9(8):1735-1780.

Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection

基于LSTM-BiDBN入侵检测系统的在线车辆取证责任方认定方法

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	LIU Yuesheng (刘月笙), HE Ning^∗(贺宁), HE Lile (贺利乐), ZHANG Yiwen (张译文), XI Kun (习坤), ZHANG Mengrui (张梦芮). Self-Tuning of MPC Controller for Mobile Robot Path Tracking Based on Machine Learning [J]. J Shanghai Jiaotong Univ Sci, 2024, 29(6): 1028-1036.
[2]	LI Mingai1,2,3∗ (李明爱), XU Dongqin1 (许东芹). Transfer Learning in Motor Imagery Brain Computer Interface: A Review [J]. J Shanghai Jiaotong Univ Sci, 2024, 29(1): 37-59.