Vehicle data is one of the important sources of traffic accident digital forensics. We propose a novel method using long short-term memory-deep belief network by binary encoding (LSTM-BiDBN) controller area network identifier (CAN ID) to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves. Instead of detecting attacks only aimed at a specific CAN ID, the proposed method fully considers the potential interaction between electronic control units. By this means, we can detect whether the vehicle has been invaded by the outside, to online determine the responsible party of the accident. We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset. Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack, fuzzy attack and impersonation attack with an accuracy value of 97.02%, a false-positive rate of 6.09%, and a false-negative rate of 1.94% compared with traditional methods.
刘文1
,
3,许剑新2
,
4,杨根科1
,
3,陈媛芳5
. Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection[J]. Journal of Shanghai Jiaotong University(Science), 2024
, 29(6)
: 1161
-1168
.
DOI: 10.1007/s12204-022-2549-8
[1] LE-KHAC N A, JACOBS D, NIJHOFF J, et al. Smart vehicle forensics: Challenges and case study [J]. Future Generation Computer Systems, 2020, 109: 500-510.
[2] CHECKOWAY S, MCCOY D, KANTOR B, et al.Comprehensive experimental analyses of automotive attack surfaces [C]//20th USENIX Security Symposium. San Francisco: USENIX, 2011: 447-462.
[3] HAN K, DIVYA POTLURI S, SHIN K G. On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks [C]//2013 ACM/IEEE International Conference on Cyber-Physical Systems. Philadelphia: IEEE, 2013:160-169.
[4] FOSTER I, PRUDHOMME A, KOSCHER K, et al.Fast and vulnerable: A story of telematic failures[C]//9th USENIX Conference on Offensive Technologies. Washington: USENIX, 2015: 1-9.
[5] WANG E, XU W, SASTRY S, et al. Hardware module�based message authentication in intra-vehicle networks[C]//2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems. Pittsburgh: IEEE, 2017:207-216.
[6] MUTER M, ASAJ N. Entropy-based anomaly detection for in-vehicle networks [C]//2011 IEEE Intelligent Vehicles Symposium. Baden-Baden: IEEE, 2011:1110-1115.
[7] LEE H, JEONG S H, KIM H K. OTIDS: A novel in�trusion detection system for in-vehicle network by using remote frame [C]//2017 15th Annual Conferenceon Privacy, Security and Trust. Calgary: IEEE, 2017:57-66.
[8] ASHFAQ R A R, WANG X Z, HUANG J Z, et al.Fuzziness based semi-supervised learning approach for intrusion detection system [J]. Information Sciences,2017, 378: 484-497.
[9] IDHAMMAD M, AFDEL K, BELOUCH M. Semi�supervised machine learning approach for DDoS detection [J]. Applied Intelligence, 2018, 48(10): 3193-3208.
[10] PAZUL K. Controller area network (CAN) basics[EB/OL]. [2022-05-24]. https://cika.com/soporte/Information/Microchip/AnalogInterface/CAN/App�Notes/AN713(DS00713a).pdf.
[11] YU F, LI D F, CROLLA D A. Integrated Vehicle Dynamics Control — state-of-the art review [C]//2008 IEEE Vehicle Power and Propulsion Conference.Harbin: IEEE, 2008: 1-6.
[12] KOSCHER K, CZESKIS A, ROESNER F, et al. Experimental security analysis of a modern automobile [C]//2010 IEEE Symposium on Security and Privacy.Oakland: IEEE, 2010: 447-462.
[13] HOPPE T, KILTZ S, DITTMANN J. Security threats to automotive CAN networks— Practical examples and selected short-term countermeasures [J]. Reliability Engineering & System Safety, 2011, 96(1): 11-25.
[14] THEISSLER A. Anomaly detection in recordings from in-vehicle networks [M]//Big data applications and principes. Madrid: Universidad Politecnica de Madrid,2014: 23-38.
[15] KANG M J, KANG J W. Intrusion detection system using deep neural network for in-vehicle network security [J]. PLoS ONE, 2016, 11(6): e0155781.
[16] YU Y, SI X S, HU C H, et al. A review of recurrent neural networks: LSTM cells and network architectures [J]. Neural Computation, 2019, 31(7): 1235-1270.
[17] ALKHATIB N, GHAUCH H, DANGER J L.SOME/IP intrusion detection using deep learning�based sequential models in automotive Ethernet net�works [C]//2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference. Vancouver: IEEE, 2021: 954-962.
[18] KHAN Z, CHOWDHURY M, ISLAM M, et al. Long short-term memory neural networks for false information attack detection in software�defined in-vehicle network [DB/OL]. (2019-06-24).https://arxiv.org/abs/1906.10203.
[19] HOSSAIN M D, INOUE H, OCHIAI H, et al. LSTM�based intrusion detection system for in-vehicle can bus communications [J]. IEEE Access, 2020, 8: 185489-185502.
[20] SEGER C. An investigation of categorical variable encoding techniques in machine learning: Binary versus one-hot and feature hashing [R]. Stockholm: KTH Royal Institute of Technology, 2018.
[21] HINTON G E, OSINDERO S, TEH Y W. A fast learning algorithm for deep belief nets [J]. Neural Computation, 2006, 18(7): 1527-1554.
[22] HE K M, ZHANG X Y, REN S Q, et al. Delving deep into rectifiers: Surpassing human-level perfor�mance on ImageNet classification [C]//2015 IEEE In�ternational Conference on Computer Vision. Santiago:IEEE, 2015: 1026-1034.
[23] HOCHREITER S, SCHMIDHUBER J. Long shortterm memory [J]. Neural Computation, 1997, 9(8):1735-1780.
