Visible to the public A Study on Attack Pattern Generation and Hybrid MR-IDS for In-Vehicle Network

TitleA Study on Attack Pattern Generation and Hybrid MR-IDS for In-Vehicle Network
Publication TypeConference Paper
Year of Publication2021
AuthorsKang, Dong Mug, Yoon, Sang Hun, Shin, Dae Kyo, Yoon, Young, Kim, Hyeon Min, Jang, Soo Hyun
Conference Name2021 International Conference on Artificial Intelligence in Information and Communication (ICAIIC)
KeywordsCAN, controller area network security, Cyber-physical systems, Ethernet, feature extraction, Hybrid MR-IDS, Hybrid power systems, Internet of Things, Intrusion detection, machine learning, machine learning algorithms, network intrusion, pubcrawl, Real-time Systems, Resiliency, Ruleset
AbstractThe CAN (Controller Area Network) bus, which transmits and receives ECU control information in vehicle, has a critical risk of external intrusion because there is no standardized security system. Recently, the need for IDS (Intrusion Detection System) to detect external intrusion of CAN bus is increasing, and high accuracy and real-time processing for intrusion detection are required. In this paper, we propose Hybrid MR (Machine learning and Ruleset) -IDS based on machine learning and ruleset to improve IDS performance. For high accuracy and detection rate, feature engineering was conducted based on the characteristics of the CAN bus, and the generated features were used in detection step. The proposed Hybrid MR-IDS can cope to various attack patterns that have not been learned in previous, as well as the learned attack patterns by using both advantages of rule set and machine learning. In addition, by collecting CAN data from an actual vehicle in driving and stop state, five attack scenarios including physical effects during all driving cycle are generated. Finally, the Hybrid MR-IDS proposed in this paper shows an average of 99% performance based on F1-score.
DOI10.1109/ICAIIC51459.2021.9415261
Citation Keykang_study_2021