ANOMALY-BASED INTRUSION DETECTION FOR A VEHICLE CAN BUS: A CASE FOR HYUNDAI AVANTE CN7

Flooding, spoofing, replay, and fuzzing are common in various types of attacks faced by enterprises and various network systems. In-vehicle network systems are not immune to attacks and threats. Intrusion detection systems using different algorithms are proposed to enhance the security of the in-vehicle network. We use a dataset provided and collected in "Car Hacking: Attack and Defense Challenge" during 2020. This dataset has been realized by the organizers of the challenge for security researchers. With the aid of this dataset, the work aimed to develop attack and detection techniques of Controller Area Network (CAN) using different algorithms such as support vector machine and Feedforward Neural Network. This research work also provides a comparison of the rendering of these algorithms. Based on experimental results, this work will help future researchers to benchmark their results for the given dataset. The results obtained in this work show that the model selection does not depend only on the model's accuracy that is explained by the accuracy paradox. Therefore, for the overall result accuracy of 62.65%, they show that the support vector machine presents the most satisfying output in terms of precision and recall. The Radial basis kernel gives 65% and 67% precision for fuzzing and flooding and the recall of 64% and 100% for replay and spoofing, respectively.

Download Full-text

The Evolution of Vector Machine Support in the Field of Intrusion Detection Systems

10.5121/csit.2021.111817 ◽

2021 ◽

Author(s):

Ouafae Elaeraj ◽

Cherkaoui Leghris

Keyword(s):

Intrusion Detection ◽

Local Area Network ◽

Detection Efficiency ◽

Training Data ◽

Intrusion Detection Systems ◽

Gaussian Kernel ◽

Support Vector ◽

Good Prediction ◽

Area Network ◽

Detection Systems

With the increase in Internet and local area network usage, malicious attacks and intrusions into computer systems are growing. The design and implementation of intrusion detection systems became extremely important to help maintain good network security. Support vector machines (SVM), a classic pattern recognition tool, has been widely used in intrusion detection. They make it possible to process very large data with great efficiency and are easy to use, and exhibit good prediction behavior. This paper presents a new SVM model enriched with a Gaussian kernel function based on the features of the training data for intrusion detection. The new model is tested with the CICIDS2017 dataset. The test proves better results in terms of detection efficiency and false alarm rate, which can give better coverage and make the detection more effective.

Download Full-text

Analysis of Support Vector Machine-based Intrusion Detection Techniques

Arabian Journal for Science and Engineering ◽

10.1007/s13369-019-03970-z ◽

2019 ◽

Vol 45 (4) ◽

pp. 2371-2383 ◽

Cited By ~ 2

Author(s):

Bhoopesh Singh Bhati ◽

C. S. Rai

Keyword(s):

Support Vector Machine ◽

Intrusion Detection ◽

Support Vector ◽

Detection Techniques

Download Full-text

Intrusion Detection System Based on Hybrid Feature Selection and Support Vector Machine (HFS-SVM)

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.781.125 ◽

2015 ◽

Vol 781 ◽

pp. 125-128 ◽

Cited By ~ 1

Author(s):

Yonchanok Khaokaew ◽

Tanapat Anusas-Amornkul ◽

Koonlachat Meesublak

Keyword(s):

Support Vector Machine ◽

Feature Selection ◽

Intrusion Detection ◽

Motif Discovery ◽

Detection System ◽

Random Projection ◽

Support Vector ◽

Training Time ◽

Detection Techniques ◽

Projection Techniques

In recent years, anomaly based intrusion detection techniques are continuously developed and a support vector machine (SVM) is one of the technique. However, it requires training time and storage if there are lots of numbers of features. In this paper, a hybrid feature selection, using Correlation based on Feature Selection and Motif Discovery using Random Projection techniques, is proposed to reduce the number of features from 41 to 3 features with KDD'99 dataset. It is compared with a regular SVM technique with 41 features. The results show that the accuracy rate is also high at 98% and the training time is less than the regular SVM almost by half.

Download Full-text

Implementation of parallel algorithm for support vector machine applied to intrusion detection systems

2016 International Conference on Computing, Analytics and Security Trends (CAST) ◽

10.1109/cast.2016.7914962 ◽

2016 ◽

Cited By ~ 1

Author(s):

N. Z. Tarapore ◽

D.B. Kulkarni ◽

V. Kamakshi Prasad

Keyword(s):

Support Vector Machine ◽

Intrusion Detection ◽

Parallel Algorithm ◽

Intrusion Detection Systems ◽

Support Vector ◽

Detection Systems

Download Full-text

An Enhanced Intelligent Intrusion Detection System using Machine Learning

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.h6932.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 2177-2181

Keyword(s):

Machine Learning ◽

Support Vector Machine ◽

Random Forest ◽

Intrusion Detection ◽

Performance Metrics ◽

Recognition Rate ◽

Reduction Rate ◽

Training Data ◽

Support Vector ◽

Detection Techniques

Numerous Intrusion detection techniques are used to find the anomalies that depends on the accuracy, detection rate etc. The purpose of the system is to detect the anomalies based on the given dataset thereby improving the accuracy. A CWS IDS is proposed to find the anomalies in the network, that combines machine learning techniques autoencoder and support vector machine for feature extraction and classification. This is evaluated on the training and testing datasets of NSL KDD dataset that accomplishes well in terms of reduction rate and precision. By combining autoencoder and support vector machine for finding the anomalies, the performance metrics of the system is improved.The system is related with single SVM and Random forest classifier. The performance measures such as precision, recall, accuracy and F-measure is equated with the SVM, random forest, and CWS IDS for training data and test data. Thereby the recognition rate is enhanced and both false positives, false negatives are lesser

Download Full-text

Intrusion Detection for In-vehicle Network by Using Single GAN in Connected Vehicles

Journal of Circuits System and Computers ◽

10.1142/s0218126621500079 ◽

2020 ◽

pp. 2150007

Author(s):

Yuanda Yang ◽

Guoqi Xie ◽

Jilong Wang ◽

Jia Zhou ◽

Ze Xia ◽

...

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Area Network ◽

Detection Time ◽

Evaluation Performance ◽

Privacy And Security ◽

Detection Systems ◽

Évaluation Performance ◽

Attack Data ◽

Vehicle Network

Controller area network (CAN) bus-based connected and even self-driving vehicles suffer severe cybersecurity challenges because connections from outside the vehicle and an existing security vulnerability on CAN expose passengers to privacy and security threats. Generative adversarial nets (GAN)-based intrusion detection systems (IDSs) for in-vehicle network can eliminate the limit of insufficient types of attack data suffered by the deep learning-based IDSs. The existing GAN-based IDS is a hybrid deep learning model built by DNN and GAN, which is too complex to have a short detection time. The evaluation performance of this model can be further improved. To mitigate this issue, we propose another GAN-based intrusion detection method for in-vehicle network, which is a single improved GAN. The proposed model can have better evaluation metrics, e.g., the testing accuracy rate is up to 99.8% and poor detection performance is addressed when a single GAN is used in intrusion detection for the in-vehicle network. In this paper, we design a new loss function for generator in GAN to enhance an ability to produce fake abnormal data, and utilize a sparse enhancement training method helping discriminator in GAN to correct the arbitration bias for fake attack data every 100 steps. In addition, we utilize fewer convolution and de-convolution layers for constructing GAN model, which can reduce the calculation time theoretically and ultimately shorten the detection time to [Formula: see text][Formula: see text]ms for a data block built by 64 CAN messages. We evaluate this improved GAN-based intrusion detection by test set. The results demonstrate that our method has not only a capacity of five classifications, but also better evaluation performance than the existing method in the area of GAN-based IDSs for the in-vehicle network.

Download Full-text

A new ensemble based approach for intrusion detection system using voting

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189764 ◽

2021 ◽

pp. 1-11

Author(s):

Nitesh Singh Bhati ◽

Manju Khari

Keyword(s):

Support Vector Machine ◽

Intrusion Detection ◽

Detection System ◽

Severe Form ◽

Machine Learning Algorithms ◽

Support Vector ◽

Detection Systems ◽

Confidential Data ◽

Effective System ◽

Better Than

With the increase in the amount of data available today, the responsibility of keeping that data safe has also taken a more severe form. To prevent confidential data from getting in the hands of an attacker, some measures need to be taken. Here comes the need for an effective system, which can classify the traffic as an attack or normal. Intrusion Detection Systems can do this work with perfection. Many machine learning algorithms are used to develop efficient IDS. These IDS provide remarkable results. However, ensemble-based IDS using voting have been seen to outperform individual approaches (Support Vector Machine and ExtraTree). Since the Voting methodology is able to work around both, theoretically similar and different classifiers and produce a single classifier based on the majority characteristics, it proved to be better than the other ensemble based techniques. In this paper, an ensemble IDS implementation is presented based on the voting ensemble method, using the two algorithms, Support Vector Machine (SVC) and ExtraTree. The experiment is performed on the KDDCup99 Dataset. The evaluation of the performance of the proposed method is based on the comparison with an unoptimized implementation of the same. The results based on performing the experiment in Python fetched an accuracy of 99.90%.

Download Full-text

Intrusions detection using optimized support vector machine

International Journal of Advances in Applied Sciences ◽

10.11591/ijaas.v9.i1.pp62-66 ◽

2020 ◽

Vol 9 (1) ◽

pp. 62

Author(s):

Mehdi Moukhafi ◽

Khalid El Yassini ◽

Bri Seddik

Keyword(s):

Support Vector Machine ◽

Network Security ◽

Intrusion Detection ◽

Computer Network ◽

Internet Technology ◽

Classification Model ◽

Support Vector ◽

Detection Systems ◽

Network Technologies ◽

Security Network

<p><span>Computer network technologies are evolving fast and the development of internet technology is more quickly, people more aware of the importance of the network security. Network security is main issue of computing because the number attacks are continuously increasing. For these reasons, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network’s resources. Recent advances in information technology, specially in data mining, have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study proposes a new method of intrusion detection that uses support vector machine optimizing optimizing by a genetic algorithm. to improve the efficiency of detecting known and unknown attacks, we used a Particle Swarm Optimization algorithm to select the most influential features for learning the classification model.</span></p>

Download Full-text