scholarly journals A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks

2020 ◽  
Vol 10 (15) ◽  
pp. 5062
Author(s):  
Vita Santa Barletta ◽  
Danilo Caivano ◽  
Antonella Nannavecchia ◽  
Michele Scalera
Keyword(s):  
Intrusion Detection ◽  
Communication Networks ◽  
High Performance ◽  
Clustering Algorithm ◽  
Can Bus ◽  
Detection System ◽  
Complex Structure ◽  
Area Network ◽  
Self Organizing Map ◽  
Vehicle Communication

The diffusion of connected devices in modern vehicles involves a lack in security of the in-vehicle communication networks such as the controller area network (CAN) bus. The CAN bus protocol does not provide security systems to counter cyber and physical attacks. Thus, an intrusion-detection system to identify attacks and anomalies on the CAN bus is desirable. In the present work, we propose a distance-based intrusion-detection network aimed at identifying attack messages injected on a CAN bus using a Kohonen self-organizing map (SOM) network. It is a power classifier that can be trained both as supervised and unsupervised learning. SOM found broad application in security issues, but was never performed on in-vehicle communication networks. We performed two approaches, first using a supervised X–Y fused Kohonen network (XYF) and then combining the XYF network with a K-means clustering algorithm (XYF–K) in order to improve the efficiency of the network. The models were tested on an open source dataset concerning data messages sent on a CAN bus 2.0B and containing large traffic volume with a low number of features and more than 2000 different attack types, sent totally at random. Despite the complex structure of the CAN bus dataset, the proposed architectures showed a high performance in the accuracy of the detection of attack messages.

scholarly journals Evaluation of CAN Bus Security Challenges

Sensors ◽  
2020 ◽  
Vol 20 (8) ◽  
pp. 2364 ◽  
Author(s):  
Mehmet Bozdal ◽  
Mohammad Samie ◽  
Sohaib Aslam ◽  
Ian Jennions
Keyword(s):  
Automobile Industry ◽  
Can Bus ◽  
Detection System ◽  
Area Network ◽  
Financial Loss ◽  
Safe Driving ◽  
Vehicle Communication ◽  
Security Issues ◽  
Attack Surface ◽  
Encryption And Authentication

The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack prevention, mainly based on an intrusion detection system (IDS).

scholarly journals Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach

2020 ◽  
Vol 12 (7) ◽  
pp. 119
Author(s):  
Vita Santa Barletta ◽  
Danilo Caivano ◽  
Antonella Nannavecchia ◽  
Michele Scalera
Keyword(s):  
Intrusion Detection ◽  
Can Bus ◽  
Traditional Approach ◽  
Detection Accuracy ◽  
Area Network ◽  
Vehicle Communication ◽  
Traditional Procedure ◽  
Wide Range ◽  
Som Network ◽  
Portable Communication

The diffusion of embedded and portable communication devices on modern vehicles entails new security risks since in-vehicle communication protocols are still insecure and vulnerable to attacks. Increasing interest is being given to the implementation of automotive cybersecurity systems. In this work we propose an efficient and high-performing intrusion detection system based on an unsupervised Kohonen Self-Organizing Map (SOM) network, to identify attack messages sent on a Controller Area Network (CAN) bus. The SOM network found a wide range of applications in intrusion detection because of its features of high detection rate, short training time, and high versatility. We propose to extend the SOM network to intrusion detection on in-vehicle CAN buses. Many hybrid approaches were proposed to combine the SOM network with other clustering methods, such as the k-means algorithm, in order to improve the accuracy of the model. We introduced a novel distance-based procedure to integrate the SOM network with the K-means algorithm and compared it with the traditional procedure. The models were tested on a car hacking dataset concerning traffic data messages sent on a CAN bus, characterized by a large volume of traffic with a low number of features and highly imbalanced data distribution. The experimentation showed that the proposed method greatly improved detection accuracy over the traditional approach.

scholarly journals An IoT-Focused Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets

Sensors ◽  
2021 ◽  
Vol 21 (2) ◽  
pp. 656
Author(s):  
Xavier Larriva-Novo ◽  
Víctor A. Villagrá ◽  
Mario Vega-Barbas ◽  
Diego Rivera ◽  
Mario Sanz Rodrigo
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
High Performance ◽  
Learning Algorithm ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Statistical Characteristics ◽  
Detection Techniques ◽  
Traffic Characteristics ◽  
Benchmark Datasets

Security in IoT networks is currently mandatory, due to the high amount of data that has to be handled. These systems are vulnerable to several cybersecurity attacks, which are increasing in number and sophistication. Due to this reason, new intrusion detection techniques have to be developed, being as accurate as possible for these scenarios. Intrusion detection systems based on machine learning algorithms have already shown a high performance in terms of accuracy. This research proposes the study and evaluation of several preprocessing techniques based on traffic categorization for a machine learning neural network algorithm. This research uses for its evaluation two benchmark datasets, namely UGR16 and the UNSW-NB15, and one of the most used datasets, KDD99. The preprocessing techniques were evaluated in accordance with scalar and normalization functions. All of these preprocessing models were applied through different sets of characteristics based on a categorization composed by four groups of features: basic connection features, content characteristics, statistical characteristics and finally, a group which is composed by traffic-based features and connection direction-based traffic characteristics. The objective of this research is to evaluate this categorization by using various data preprocessing techniques to obtain the most accurate model. Our proposal shows that, by applying the categorization of network traffic and several preprocessing techniques, the accuracy can be enhanced by up to 45%. The preprocessing of a specific group of characteristics allows for greater accuracy, allowing the machine learning algorithm to correctly classify these parameters related to possible attacks.

Sign in / Sign up

Export Citation Format

Share Document