Histogram-Based Intrusion Detection and Filtering Framework for Secure and Safe In-Vehicle Networks

Derhab, Abdelouahid; Belaoued, Mohamed; Mohiuddin, Irfan; Kurniawan, Fajri; Khan, Muhammad Khurram

doi:10.1109/tits.2021.3088998

Cited by 40 publications

(23 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The suggested technique is compared with recent methodologies [ 40 , 43 , 44 , 45 , 46 ], as shown in Table 12 and Table 13 against DoS and fuzzy attacks obtained from the car hacking dataset. Although most of the methods achieve high accuracy, our proposed IDS shows improved performance compared to other methodologies.…”

Section: Resultsmentioning

confidence: 99%

Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks

Khan

Lim

Kim

2023

Sensors

View full text Add to dashboard Cite

For in-vehicle network communication, the controller area network (CAN) broadcasts to all connected nodes without address validation. Therefore, it is highly vulnerable to all sorts of attack scenarios. This research proposes a novel intrusion detection system (IDS) for CAN to identify in-vehicle network anomalies. The statistical characteristics of attacks provide valuable information about the inherent intrusion patterns and behaviors. We employed two real-world attack scenarios from publicly available datasets to record a real-time response against intrusions with increased precision for in-vehicle network environments. Our proposed IDS can exploit malicious patterns by calculating thresholds and using the statistical properties of attacks, making attack detection more efficient. The optimized threshold value is calculated using brute-force optimization for various window sizes to minimize the total error. The reference values of normality require a few legitimate data frames for effective intrusion detection. The experimental findings validate that our suggested method can efficiently detect fuzzy, merge, and denial-of-service (DoS) attacks with low false-positive rates. It is also demonstrated that the total error decreases with an increasing attack rate for varying window sizes. The results indicate that our proposed IDS minimizes the misclassification rate and is hence better suited for in-vehicle networks.

show abstract

Section: Resultsmentioning

confidence: 99%

Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks

Khan

Lim

Kim

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…This type of IDS highly depends on predefined rules. H-IDFS has been introduced based on the histogram structure for intrusion detection and filtering [28]. In the training phase, CAN data are divided into windows, with each window containing eight consecutive data bytes (Payload) from sequential packets.…”

Section: A Related Work In In-vehicle Network Intrusion Detectionmentioning

confidence: 99%

CF-AIDS: Comprehensive Frequency-Agnostic Intrusion Detection System on In-Vehicle Network

Islam,

Sahlabadi,

Kim

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Many studies have focused on obtaining high accuracy in the design of Intrusion Detection Systems (IDS) for in-vehicle networks, neglecting the significance of different intensive packet injection techniques. Because of their reliance on scenario-specific training datasets, these IDSs are vulnerable to failing to detect real-world attacks. This study implemented deep learning (DL)-based classification for intrusion detection using a Gated Recurrent Unit (GRU) while considering various intrusion frequencies. Different intrusion frequencies are comprehensively addressed with frequency-agnostic intrusion and resolved by generalizing features for DL input through time series segmentation and frequency domain conversion using Gabor filtering.For training purposes, five types of vehicle data are used, encompassing DoS, fuzzing, and replay attack scenarios. The accuracy range for mechanical version vehicles is typically between 95% and 100%. For electronic vehicles, it is around 90%. Considering the nature of this IDS system, it has been named a Comprehensive Frequency-Agnostic Intrusion Detection System (CF-AIDS). Although this IDS can perform better in all aspects, achieving more efficient results requires a larger amount of situational data.

show abstract

“…Derhab et al [2] proposed a Histogram-based Intrusion Detection and Filtering (H-IDFS) framework. The proposed framework, first, groups CAN frames into windows and calculates their histograms which are, then, fed into a multi-class classifier to identify windows containing malicious CAN frames.…”

Section: Related Workmentioning

confidence: 99%

“…For a safe, efficient, and comfortable operation of modern vehicles, data is transmitted through intra-vehicle and over inter-vehicle networks depending on system-level requirements [1]. This provides new cyber attack surfaces for potential intrusions into the vehicle systems, which can put road users' lives at risk if exploited by malicious agents [2,3].…”

Section: Introductionmentioning

confidence: 99%

A Novel Detection Approach of Unknown Cyber-Attacks for Intra-Vehicle Networks Using Recurrence Plots and Neural Networks

Al-Jarrah

Haloui

Dianati

et al. 2023

IEEE Open J. Veh. Technol.

View full text Add to dashboard Cite

Proliferation of connected services in modern vehicles could make them vulnerable to a wide range of cyber-attacks through intra-vehicle networks that connect various vehicle systems. Designers usually equip vehicles with predesigned counter-measures, but these may not be effective against novel cyber-attacks. Intrusion Detection Systems (IDSs) serve as an additional layer of defence when conventional measures that are implemented by the designers fail. Several intrusion detection techniques, such as rule-based IDS, have been proposed in the literature but these techniques have limited capability in detecting novel cyber-attacks. This paper proposes a new Machine Learning (ML)-based IDS for detecting novel cyber-attacks in intra-vehicle networks, specifically in Controller Area Networks (CANs). The proposed IDS generates high-level representations of CAN messages transmitted on the bus exploiting their temporal properties as well as the intra and inter message dependencies through the use of Recurrence Plot (RP), which are then fed into a bespoke Neural Network, designed and trained to detect novel intrusions. Evaluations of the performance of the proposed IDS in comparison with that of the state-of-the-art existing IDS schemes namely Decision Tree (DT), Random Forest (RF) and other well-known approaches demonstrate the superiority of the proposed IDS in this paper.

show abstract

Histogram-Based Intrusion Detection and Filtering Framework for Secure and Safe In-Vehicle Networks

Cited by 40 publications

References 36 publications

Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks

Intrusion Detection System CAN-Bus In-Vehicle Networks Based on the Statistical Characteristics of Attacks

CF-AIDS: Comprehensive Frequency-Agnostic Intrusion Detection System on In-Vehicle Network

A Novel Detection Approach of Unknown Cyber-Attacks for Intra-Vehicle Networks Using Recurrence Plots and Neural Networks

Contact Info

Product

Resources

About