전기전자학회논문지 (Journal of IKEEE)

  • 제28권1호
  • /
  • Pages.6-13
  • /
  • 2024
  • /
  • 1226-7244(pISSN)
  • /
  • 2288-243X(eISSN)
한국전기전자학회 (Institute of Korean Electrical and Electronics Engineers)
권호 표지
DOI QR코드

DOI QR Code

가우시안 커널 밀도 추정 함수를 이용한 오토인코더 기반 차량용 침입 탐지 시스템

Autoencoder-Based Automotive Intrusion Detection System Using Gaussian Kernel Density Estimation Function

  • Donghyeon Kim (School of Electronic Engineering and Department of Intelligent Semiconductor, Soongsil University) ;
  • Hyungchul Im (School of Electronic Engineering and Department of Intelligent Semiconductor, Soongsil University) ;
  • Seongsoo Lee (School of Electronic Engineering and Department of Intelligent Semiconductor, Soongsil University)
  • 투고 : 2024.03.18
  • 심사 : 2024.03.25
  • 발행 : 2024.03.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 비지도학습 모델인 오토인코더와 가우시안 커널 밀도 추정 함수를 이용하여 차량용 CAN 네트워크에서 비정상적인 데이터를 탐지하는 방안을 제안한다. 제안하는 오토인코더 모델은 정상 데이터에서 CAN 프레임의 ID만으로 학습시킨다. 이후 가우시안 커널 밀도 추정 함수를 이용하여 구한 최적의 프레임 개수와 손실 임계값을 가지는 모델을 사용하여 비정상 데이터를 효과적으로 탐지한다. DoS 공격, Gear 스푸핑 공격, RPM 스푸핑 공격, Fuzzy 공격 등 4가지 공격 데이터로 오토인코더 기반 IDS를 검증하였으며 성능을 평가하였다. 기존 비지도학습 기반 모델들과 비교했을 때 우수한 성능을 나타냈으며 모든 평가 지표에서 99% 이상의 성능을 나타냈다.

This paper proposes an approach to detect abnormal data in automotive controller area network (CAN) using an unsupervised learning model, i.e. autoencoder and Gaussian kernel density estimation function. The proposed autoencoder model is trained with only message ID of CAN data frames. Afterwards, by employing the Gaussian kernel density estimation function, it effectively detects abnormal data based on the trained model characterized by the optimally determined number of frames and a loss threshold. It was verified and evaluated using four types of attack data, i.e. DoS attacks, gear spoofing attacks, RPM spoofing attacks, and fuzzy attacks. Compared with conventional unsupervised learning-based models, it has achieved over 99% detection performance across all evaluation metrics.

키워드

과제정보

This work was supported by the R&D Program of the Ministry of Trade, Industry, and Energy (MOTIE) and Korea Evaluation Institute of Industrial Technology (KEIT) (RS-2022-00155731, RS-2023-00232192). It was also supported by MOTIE and Korea Institute for Advancement of Technology (KIAT) (P0012451). The authors wish to thank Em. Prof. Boo-Gyoun Kim for his comments and discussions and IC Design Education Center (IDEC) for CAD support.

참고문헌

  1. B. Bari, K. Yelamarthi, and S. Ghafoor, "Intrusion Detection in Vehicle Controller Area Network (CAN) Bus Using Machine Learning: A Comparative Performance Study," Sensors, vol.23, no.7, pp.3610, 2023. DOI: 10.3390/s23073610 
  2. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, and S. Savage, "Experimental security analysis of a modern automobile," Proceedings of IEEE Symposium on Security and Privacy, 2010. DOI: 10.1109/SP.2010.34 
  3. A. Theissler, "Anomaly detection in recordings from in-vehicle networks," Proceedings of International Workshop on Big Data Applications and Principles, 2014. 
  4. A. Tomlinson, J. Bryans, and S. Shaikh, "Using a one-class compound classifier to detect in-vehicle network attacks," Proceedings of Genetic and Evolutionary Computation Conference, 2018. DOI: 10.1145/3205651.3208223 
  5. D. Lee, C. Han, and S. Lee, "RIDS: Random Forest-Based Intrusion Detection System for In-Vehicle Network," Korean.electr.elctron.eng., vol.26, no.4, pp. 614, 2022. DOI: 10.7471/ikeee.2022.26.4.614 
  6. D. Lee, C. Han, and S. Lee, "Design and Implementation of Automotive Intrusion Detection System Using Ultra-Lightweight Convolutional Neural Network," Korean.electr.elctron.eng., vol.27, no.4, pp.524, 2023. DOI: 10.7471/ikeee.2023.27.4.524 
  7. H. Song, J. Woo, and H. Kim, "In-vehicle network intrusion detection using deep convolutional neural network," Vehicular Communications, vol.21, pp.100198, 2020. DOI: 10.1016/j.vehcom.2019.100198 
  8. E. Seo, H. Song, and H. Kim, "GIDS: GAN based intrusion detection system for in-vehicle network," Proceedings of. Annual Conference on Privacy, Security and Trust, 2018. DOI: 10.48550/arXiv.1907.07377 
  9. P. Araujo-Filho, A. Pinheiro, G. Kaddoum, D. Campelo, and F. Soares, "An Efficient Intrusion Prevention System for CAN: Hindering Cyber-Attacks With a Low-Cost Platform," IEEE Access, vol.9, pp.166855, 2021. DOI: 10.1109/ACCESS.2021.3136147 
  10. K. Agrawal, T. Alladi, A. Agrawal, V. Chamola, and A. Benslimane, "NovelADS: A Novel Anomaly Detection System for Intra-Vehicular Networks," IEEE Transactions on Intelligent Transportation Systems, vol.23, no.11, pp.22596, 2022. DOI: 10.1109/TITS.2022.3146024 
  11. F. Luo, J. Wang, X. Zhang, Y. Jiang, Z. Li, and C. Luo, "In-vehicle network intrusion detection systems: a systematic survey of deep learning-based approaches," PeerJ Computer Science, vol.9, pp. 1648, 2023. DOI: 10.7717/peerj-cs.1648 
  12. H. Alqahtani and G. Kumar, "A deep learning-based intrusion detection system for in-vehicle networks," Computers and Electrical Engineering, vol.104, Part. B, pp.108447, 2022. DOI: 10.1016/j.compeleceng.2022.108447 
  13. J. Ashraf, A. Bakhshi, N. Moustafa, H. Khurshid, A. Javed, and A. Beheshti, "Novel Deep Learning-Enabled LSTM Autoencoder Architecture for Discovering Anomalous Events From Intelligent Transportation Systems," IEEE Transactions on Intelligent Transportation Systems, vol.22, no.7, pp.4507, 2021. DOI: 10.1109/TITS.2020.3017882 
  14. S. Longari, D. Valcarcel, M. Zago, M. Carminati, and S. Zanero, "CANnolo: An Anomaly Detection System Based on LSTM Autoencoders for Controller Area Network," IEEE Transactions on Network and Service Management, vol.18, no.2, pp.19134, 2021. DOI: 10.1109/TNSM.2020.3038991 
  15. P. Cheng, M. Han, and G. Liu, "DESC-IDS: Towards an efficient real-time automotive intrusion detection system based on deep evolving stream clustering," Future Generation Computer Systems, vol.140, pp.266, 2023. DOI: 10.1016/j.future.2022.10.020 
  16. P. Wei, B. Wang X. Dai, L. Li, and F. He, "A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder," Digital Communications and Networks, vol.9, no.1, pp.14, 2023. DOI: 10.1016/j.dcan.2022.04.021 
  17. S. Lokman, A. Othman, S. Musa, and M. Bakar, "Deep contractive autoencoder-based anomaly detection for in-vehicle controller area network (CAN)," Progress in Engineering Technology, Springer Cham, 2019. DOI: 10.1007/978-3-030-28505-0_16 
  18. V. Kukkala, S. Thiruloga, and S. Pasricha, "INDRA: Intrusion Detection Using Recurrent Autoencoders in Automotive Embedded Systems," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol.39, no.11, pp.3698, 2020. DOI: 10.1109/TCAD.2020.3012749 
  19. T. Hoang and D. Kim, "Detecting in-vehicle intrusion via semi-supervised learning-based convolutional adversarial autoencoders," Vehicular Communications, vol.38, pp.100520, 2022. DOI: 10.1016/j.vehcom.2022.100520 
  20. Hacking and Countermeasure Research Lab, "Car-Hacking Dataset," https://ocslab.hksecurity.net/Datasets/car-hacking-dataset/