Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system
<p>Modern automobiles are equipped with a large number of electronic control units (ECUs) to provide safe, driver assistance and comfortable services. The controller area network (CAN) provides near real-time data transmission between ECUs with adequate reliability for in-vehicle communication...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , , |
| Published: |
2023
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513535736807424 |
|---|---|
| author | Sampath Rajapaksha (17541411) |
| author2 | Harsha Kalutarage (17541414) M. Omar Al-Kadri (17541417) Andrei Petrovski (6262691) Garikayi Madzudzo (17541420) |
| author2_role | author author author author |
| author_facet | Sampath Rajapaksha (17541411) Harsha Kalutarage (17541414) M. Omar Al-Kadri (17541417) Andrei Petrovski (6262691) Garikayi Madzudzo (17541420) |
| author_role | author |
| dc.creator.none.fl_str_mv | Sampath Rajapaksha (17541411) Harsha Kalutarage (17541414) M. Omar Al-Kadri (17541417) Andrei Petrovski (6262691) Garikayi Madzudzo (17541420) |
| dc.date.none.fl_str_mv | 2023-09-01T09:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1016/j.jisa.2023.103570 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Beyond_vanilla_Improved_autoencoder-based_ensemble_in-vehicle_intrusion_detection_system/24717189 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Engineering Automotive engineering Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Controller Area Network (CAN) Machine learning Automotive cybersecurity Deep learning Autoencoder Anomaly detection |
| dc.title.none.fl_str_mv | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p>Modern automobiles are equipped with a large number of electronic control units (ECUs) to provide safe, driver assistance and comfortable services. The controller area network (CAN) provides near real-time data transmission between ECUs with adequate reliability for in-vehicle communication. However, the lack of security measures such as authentication and encryption makes the CAN bus vulnerable to cyberattacks, which affect the safety of passengers and the surrounding environment. Detecting attacks on the CAN bus, particularly masquerade attacks, presents significant challenges. It necessitates an intrusion detection system (IDS) that effectively utilizes both CAN ID and payload data to ensure thorough detection and protection against a wide range of attacks, all while operating within the constraints of limited computing resources. This paper introduces an ensemble IDS that combines a gated recurrent unit (GRU) network and a novel autoencoder (AE) model to identify cyberattacks on the CAN bus. AEs are expected to produce higher reconstruction errors for anomalous inputs, making them suitable for anomaly detection. However, vanilla AE models often suffer from overgeneralization, reconstructing anomalies without significant errors, resulting in many false negatives. To address this issue, this paper proposes a novel AE called Latent AE, which incorporates a shallow AE into the latent space. The Latent AE model utilizes Cramér’s statistic-based feature selection technique and a transformed CAN payload data structure to enhance its efficiency. The proposed ensemble IDS enhances attack detection capabilities by leveraging the best capabilities of independent GRU and Latent AE models, while mitigating the weaknesses associated with each individual model. The evaluation of the IDS on two public datasets, encompassing 13 different attacks, including sophisticated masquerade attacks, demonstrates its superiority over baseline models with near real-time detection latency of 25ms.</p><h2>Other Information</h2> <p> Published in: Journal of Information Security and Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.jisa.2023.103570" target="_blank">https://dx.doi.org/10.1016/j.jisa.2023.103570</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_9bf1fb2d6da56d9e4fe632185b546351 |
| identifier_str_mv | 10.1016/j.jisa.2023.103570 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/24717189 |
| publishDate | 2023 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection systemSampath Rajapaksha (17541411)Harsha Kalutarage (17541414)M. Omar Al-Kadri (17541417)Andrei Petrovski (6262691)Garikayi Madzudzo (17541420)EngineeringAutomotive engineeringInformation and computing sciencesArtificial intelligenceCybersecurity and privacyMachine learningController Area Network (CAN)Machine learningAutomotive cybersecurityDeep learningAutoencoderAnomaly detection<p>Modern automobiles are equipped with a large number of electronic control units (ECUs) to provide safe, driver assistance and comfortable services. The controller area network (CAN) provides near real-time data transmission between ECUs with adequate reliability for in-vehicle communication. However, the lack of security measures such as authentication and encryption makes the CAN bus vulnerable to cyberattacks, which affect the safety of passengers and the surrounding environment. Detecting attacks on the CAN bus, particularly masquerade attacks, presents significant challenges. It necessitates an intrusion detection system (IDS) that effectively utilizes both CAN ID and payload data to ensure thorough detection and protection against a wide range of attacks, all while operating within the constraints of limited computing resources. This paper introduces an ensemble IDS that combines a gated recurrent unit (GRU) network and a novel autoencoder (AE) model to identify cyberattacks on the CAN bus. AEs are expected to produce higher reconstruction errors for anomalous inputs, making them suitable for anomaly detection. However, vanilla AE models often suffer from overgeneralization, reconstructing anomalies without significant errors, resulting in many false negatives. To address this issue, this paper proposes a novel AE called Latent AE, which incorporates a shallow AE into the latent space. The Latent AE model utilizes Cramér’s statistic-based feature selection technique and a transformed CAN payload data structure to enhance its efficiency. The proposed ensemble IDS enhances attack detection capabilities by leveraging the best capabilities of independent GRU and Latent AE models, while mitigating the weaknesses associated with each individual model. The evaluation of the IDS on two public datasets, encompassing 13 different attacks, including sophisticated masquerade attacks, demonstrates its superiority over baseline models with near real-time detection latency of 25ms.</p><h2>Other Information</h2> <p> Published in: Journal of Information Security and Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.jisa.2023.103570" target="_blank">https://dx.doi.org/10.1016/j.jisa.2023.103570</a></p>2023-09-01T09:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1016/j.jisa.2023.103570https://figshare.com/articles/journal_contribution/Beyond_vanilla_Improved_autoencoder-based_ensemble_in-vehicle_intrusion_detection_system/24717189CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/247171892023-09-01T09:00:00Z |
| spellingShingle | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system Sampath Rajapaksha (17541411) Engineering Automotive engineering Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Controller Area Network (CAN) Machine learning Automotive cybersecurity Deep learning Autoencoder Anomaly detection |
| status_str | publishedVersion |
| title | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| title_full | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| title_fullStr | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| title_full_unstemmed | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| title_short | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| title_sort | Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system |
| topic | Engineering Automotive engineering Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Controller Area Network (CAN) Machine learning Automotive cybersecurity Deep learning Autoencoder Anomaly detection |