Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach

Barletta, Vita Santa; Caivano, Danilo; Nannavecchia, Antonella; Scalera, Michele

doi:10.3390/fi12070119

Cited by 61 publications

(27 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To generate accurate in-vehicle data, Vita Santa Barletta et al [14] and Huaxin Li et al [1] generated data by accessing the CAN network via OBD-II of the real vehicle. Messages were injected to perform a specific attack on the CAN bus, and data between two sensors were analyzed to estimate the category of the attack.…”

Section: Literature Reviewmentioning

confidence: 99%

Towards a Lightweight Intrusion Detection Framework for In-Vehicle Networks

Basavaraj

Tayeb

2022

JSAN

View full text Add to dashboard Cite

With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Towards a Lightweight Intrusion Detection Framework for In-Vehicle Networks

Basavaraj

Tayeb

2022

JSAN

View full text Add to dashboard Cite

show abstract

“…However, this method has drawbacks, particularly when the in-vehicle environment changes often; these drawbacks might include the constant requirement for calibration and data updates. Other work by Barletta et al [233] proposed an IDS based on a combination of an unsupervised Kohonen Self-Organizing Map (SOM) network and k-means algorithm. The CAN IDs, timestamp, DLC and data field were used as features in order to identify attack messages sent on the CAN bus.…”

Section: F Intrusion Detection Systemmentioning

confidence: 99%

Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses

et al. 2021

View full text Add to dashboard Cite

“…CAN messages can be periodic, sporadic, or aperiodic. Periodic messages are sent at regular time intervals, sporadic messages occur with a minimum time interval and aperiodic messages at arbitrary times [19]. Hence, starting from timestamp defined as S i , with i = 1, .…”

Section: Data Preprocessingmentioning

confidence: 99%

“…In our research, we implemented an anomaly-based IDS for the identification of attack messages injected on the CAN bus using both supervised and unsupervised SOM networks [19] combined with a K-means clustering algorithm.…”

Section: Introductionmentioning

confidence: 99%

A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

et al. 2020

Self Cite

View full text Add to dashboard Cite

The diffusion of connected devices in modern vehicles involves a lack in security of the in-vehicle communication networks such as the controller area network (CAN) bus. The CAN bus protocol does not provide security systems to counter cyber and physical attacks. Thus, an intrusion-detection system to identify attacks and anomalies on the CAN bus is desirable. In the present work, we propose a distance-based intrusion-detection network aimed at identifying attack messages injected on a CAN bus using a Kohonen self-organizing map (SOM) network. It is a power classifier that can be trained both as supervised and unsupervised learning. SOM found broad application in security issues, but was never performed on in-vehicle communication networks. We performed two approaches, first using a supervised X–Y fused Kohonen network (XYF) and then combining the XYF network with a K-means clustering algorithm (XYF–K) in order to improve the efficiency of the network. The models were tested on an open source dataset concerning data messages sent on a CAN bus 2.0B and containing large traffic volume with a low number of features and more than 2000 different attack types, sent totally at random. Despite the complex structure of the CAN bus dataset, the proposed architectures showed a high performance in the accuracy of the detection of attack messages.

show abstract

Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach

Cited by 61 publications

References 45 publications

Towards a Lightweight Intrusion Detection Framework for In-Vehicle Networks

Towards a Lightweight Intrusion Detection Framework for In-Vehicle Networks

Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses

A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

Contact Info

Product

Resources

About