Long Short-Term Memory Neural Network-Based Attack Detection Model for In-Vehicle Network Security

Khan, Zadid; Chowdhury, Mashrur; Islam, Mhafuzul; Huang, Chin-Ya; Rahman, Mizanur

doi:10.1109/lsens.2020.2993522

Cited by 43 publications

(29 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…L. Hyunsang et al [14] developed an IDS by analyzing the request-response message in the CAN bus, based on an offset ratio and time interval analysis. Khan et al [15] Khan et al investigated SDN-based false data injection into the brake-related ECUs. They developed false information attack dataset and applied LSTM to detect the attack, and they achieved a detection rate of 87%.…”

Section: Related Workmentioning

confidence: 99%

LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications

et al. 2020

View full text Add to dashboard Cite

The modern automobile is a complex piece of technology that uses the Controller Area Network (CAN) bus system as a central system for managing the communication between the electronic control units (ECUs). Despite its central importance, the CAN bus system does not support authentication and authorization mechanisms, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways including Denial of Service (DoS), Fuzzing and Spoofing attacks. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We generate our own dataset by first extracting attack-free data from our experimental car and by injecting attacks into the latter and collecting the dataset. We use the dataset for testing and training our model. With our selected hyper-parameter values, our results demonstrate that our classifier is efficient in detecting the CAN bus network attacks, we achieved an overall detection accuracy of 99.995%. We also compare the proposed LSTM method with the Survival Analysis for automobile IDS dataset which is developed by the Hacking and Countermeasure Research Lab, Korea. Our proposed LSTM model achieves a higher detection rate than the Survival Analysis method. INDEX TERMS Modern Car Security, Controller Area Network, Deep Learning, LSTM, Intrusion Detection System FIGURE 1. CAN message format in 11bit mode with DLC=8. There are no security features implemented in this protocol.

show abstract

Section: Related Workmentioning

confidence: 99%

LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications

et al. 2020

View full text Add to dashboard Cite

show abstract

“…And then, the spatial-temporal features were employed to perform the classification. For the realtime detection of anomalies within the in-vehicle network, Khan et al [18] developed LSTM based false information attack/anomaly detection model. They adopted the LSTM model to process the time-series data to get the sequential variation patterns.…”

Section: Wireless Communications and Mobile Computingmentioning

confidence: 99%

LCHI: Low‐Order Correlation and High‐Order Interaction Integrated Model Oriented to Network Intrusion Detection

Lei

Xia

Wang

2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Network intrusion poses a severe threat to the Internet of Things (IoT). Thus, it is essential to study information security protection technology in IoT. Learning sophisticated feature interactions is critical in improving detection accuracy for network intrusion. Despite significant progress, existing methods seem to have a strong bias towards single low- or high-order feature interaction. Moreover, they always extract all possible low-order interactions indiscriminately, introducing too much noise. To address the above problems, we propose a low-order correlation and high-order interaction (LCHI) integrated feature extraction model. First, we selectively extract the beneficial low-order correlation between the same-type features by the multivariate correlation analysis (MCA) model and attention mechanism. Second, we extract the complicated high-order feature interaction by the deep neural network (DNN) model. Finally, we emphasize both the low- and high-order feature interactions and incorporate them. Our LCHI model seamlessly combines the linearity of MCA in modeling lower-order feature correlation and the nonlinearity of DNN in modeling higher-order feature interaction. Conceptually, our LCHI is more expressive than the previous models. We carry on a series of experiments on the public wireless and wired network intrusion detection datasets. The experimental results show that LCHI improves 1.06%, 2.46%, 3.74%, 0.25%, 1.17%, and 0.64% on the AWID, NSL-KDD, UNSW-NB15, CICIDS 2017, CICIDS 2018, and DAPT 2020 datasets, respectively.

show abstract

“…We create the amplitude shift cyberattack following the study by Khan et al [4]. In the amplitude shift attack, the amplitude of a feature of the in-vehicle network data is shifted (up or down) by a random constant value within a time interval.…”

Section: Attack Modelmentioning

confidence: 99%

“…bus used in existing vehicles do not have sufficient security features [4] [5], and the security can be improved using machine learning (ML) models. The study by Song et al shows an accuracy of 99% in detecting denial of service (DoS) attacks using ML models [5].…”

Section: Introductionmentioning

confidence: 99%

“…The study by Song et al shows an accuracy of 99% in detecting denial of service (DoS) attacks using ML models [5]. The recent study by Khan et al shows a detection accuracy of 87.8% on detecting amplitude shift attacks using a deep neural network (DNN) [4]. To improve the attack detection accuracy, we combine a quantum machine learning method, more specifically a quantum NN, with a classical NN.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hybrid Quantum-Classical Neural Network for Cloud-supported In-Vehicle Cyberattack Detection

islam¹,

Chowdhury²,

Khan³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

A classical computer works with ones and zeros, whereas a quantum computer uses ones, zeros, and superpositions of ones and zeros, which enables quantum computers to perform a vast number of calculations simultaneously compared to classical computers. In a cloud-supported cyber-physical system environment, running a machine learning application in quantum computers is often difficult, due to the existing limitations of the current quantum devices. However, with the combination of quantum-classical neural networks (NN), complex and high-dimensional features can be extracted by the classical NN to a reduced but more informative feature space to be processed by the existing quantum computers. In this study, we develop a hybrid quantum-classical NN to detect an amplitude shift cyber-attack on an in-vehicle control area network (CAN) dataset. We show that using the hybrid quantum-classical NN, it is possible to achieve an attack detection accuracy of 94%, which is higher than a Long short-term memory (LSTM) NN (87%) or quantum NN alone (62%)

show abstract

Long Short-Term Memory Neural Network-Based Attack Detection Model for In-Vehicle Network Security

Cited by 43 publications

References 13 publications

LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications

LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications

LCHI: Low‐Order Correlation and High‐Order Interaction Integrated Model Oriented to Network Intrusion Detection

Hybrid Quantum-Classical Neural Network for Cloud-supported In-Vehicle Cyberattack Detection

Contact Info

Product

Resources

About