Journal of IKEEE (전기전자학회논문지)

Institute of Korean Electrical and Electronics Engineers (한국전기전자학회)
권호 표지
DOI QR코드

DOI QR Code

RIDS: Random Forest-Based Intrusion Detection System for In-Vehicle Network

RIDS: 랜덤 포레스트 기반 차량 내 네트워크 칩입 탐지 시스템

  • Received : 2022.12.13
  • Accepted : 2022.12.20
  • Published : 2022.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

본 논문은 CAN(Controller Area Network) 버스에서 해킹에 의한 공격을 탐지하기 위한 랜덤 포레스트 기반 칩입 감지 시스템(RIDS: Random Forest-Based Intrusion Detection)을 제안한다. RIDS는 CAN 버스에서 나타날 수 있는 전형적인 세 가지 공격, 즉 DoS(Denial of Service) 공격, Fuzzing 공격, Spoofing 공격을 탐지하며, 데이터 프레임 사이의 시간 간격과 그 편차, 페이로드끼리의 해밍 거리와 그 편차의 네 가지 파라미터를 사용하여 공격을 판단한다. RIDS는 메모리 중심 방식의 아키텍쳐를 가지며 노드의 정보를 메모리에 저장하여 사용하며 트리의 개수와 깊이만 조절하면 DoS 공격, Fuzzing 공격, Spoofing 공격을 모두 탐지할 수 있도록 확장이 용이한 구조로 설계되었다. 시뮬레이션 결과 RIDS는 정확도 0.9835, F1 점수 0.9545로 세 가지 공격을 효과적으로 탐지할 수 있었다.

Keywords

Acknowledgement

This work was supported by Industrial Technology Challenge Track of the Ministry of Trade, Industry and Energy (MOTIE) / Korea Evaluation Institute of Industrial Technology (KEIT). (20012624) It was supported by the R&D Program of the Ministry of Trade, Industry, and Energy (MOTIE) and Korea Evaluation Institute of Industrial Technology (KEIT). (RS-2022-00155731, RS-2022-00154973)

References

  1. C. Kim, "A Study on the Standard Development Trend for Automotive Security Threats," Review of KIISC, vol.29, no.1, pp.20-25, 2019.
  2. ISO 21434:2021, "Road vehicles - Cybersecurity engineering," https://www.iso.org/standard/70918.html
  3. ISO 11898-1:2015, "Road vehicles - Controller area network (CAN) - Part 1: Data link layer and physical signalling," https://www.iso.org/standard/63648.html
  4. S. Jeong, Y. Kim, and S. Lee, "Vehicle ECU Design Incorporating LIN/CAN Vehicle Interface with Kalman Filter Function," J.inst.Korean.electr. elctron.eng., vol.25, no.4, pp.762-765, 2021. DOI: 10.7471/ikeee.2021.25.4.762
  5. UNECE WP.29, "Proposal for a new UN Regulation on uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system," http://www.unec.org/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf
  6. L. Breiman, "Random Forests," Machine Learning, vol.45, pp.5-32, 2001. https://doi.org/10.1023/A:1010933404324
  7. S. Mehedi, A. Anwar, Z. Rahman, and K. Ahmed, "Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks," Sensors, vol.21, no.14, pp.4736, 2021. https://doi.org/10.3390/s21144736
  8. ISO 15031-1:2010, "Road vehicles - Communication between vehicle and external equipment for emissions-related diagnostics - Part 1: General information and use case definition," https://www.iso.org/standard/51828.html
  9. C. Miller and C. Valasek, "Adventures in Automotive Networks and Control Units," https://ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf
  10. H. Park, Self-Studying Machine Learning + Deep Learning, Hanbit Media, 2020.
  11. https://www.python.org
  12. https://scikit-learn.org/stable
  13. https://scikit-learn.org/stable/modules/generated/sklearn.model_selection.GridSearchCV.html
  14. H. Lee, S. Jeong and H. Kim, "OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame," Proceedings of Annual Conference on Privacy, Security and Trust, pp.57-5709, 2017. DOI: 10.1109/PST.2017.00017
  15. E. Seo, H. Song, and H. Kim, "GIDS: GAN-Based Intrusion Detection System for In-Vehicle Network," Proceedings of Annual Conference on Privacy, Security and Trust, pp.1-6, 2018. DOI: 10.1109/PST.2018.8514157
  16. H. Song, H. Kim and H. Kim, "Intrusion Detection System-Based on the Analysis of Time Intervals of Messages for In-Vehicle Network," Proceedings of International Conference on Information Networking, pp.63-68, 2016. DOI: 10.1109/ICOIN.2016.7427089
  17. R. Hamming, "Error detecting and error correcting codes," Bell Labs Technical Journal, vol.29, no.2, pp.147-160, 1960. DOI: 10.1002/j.1538-7305.1950.tb00463.x
  18. D. Stabil, M. Marchetti, and M. Colajanni, "Detecting Attacks to Internal Vehicle Networks through Hamming Distance," Proceedings of AEIT International Annual Conference, pp.1-6, 2017. DOI: 10.23919/AEIT.2017.8240550
  19. X. Lin, R. Blanton, and D. Thomas, "Random Forest Architectures on FPGA for Multiple Applications," Proceedings of GLS-VLSI, pp.415-418, 2017. DOI: 10.1145/3060403.3060416