Sharmin, Shaila and Mansor, Hafizah and Abdul Kadir, Andi Fitriah and Abdul Aziz, Normaziah (2022) Using streaming data algorithm for intrusion detection on the vehicular controller area network. In: 1st International Conference on Ubiquitous Security, UbiSec 2021, 28-31 December 2021, Guangzhou.
|
PDF
- Published Version
Download (352kB) | Preview |
|
![[img]](http://irep.iium.edu.my/96963/4/96963_Using%20Streaming%20Data%20Algorithm%20for%20Intrusion_SCOPUS.png)
|
PDF
- Supplemental Material
Download (167kB) | Preview |
|
![[img]](http://irep.iium.edu.my/style/images/fileicons/application_pdf.png) |
PDF
- Published Version
Download (100kB) |
Abstract
The Controller Area Network (CAN), which is a protocol for the in-vehicle network, is lacking in security features, making the CAN bus vulnerable to a range of cyberattacks such as message injections, replay attacks, and denial of service attacks. This has prompted researchers to develop statistical and machine learning based intrusion detection systems for the CAN bus that use various features such as message timing and frequency to detect attacks. In this paper, the adapted streaming data Isolation Forest (iForestASD) algorithm has been applied to CAN intrusion detection. While the Isolation Forest (iForest) anomaly detection algorithm has a linear time complexity and low memory requirement, iForestASD adapts iForest by employing a sliding window that introduces the ability to handle concept drift, which is often characteristic of streaming data such as CAN bus traffic. The detection model is trained with only message timing information, making it applicable to all vehicles regardless of make and model. Results of experiments that compare the attack detection performance of iForestASD and iForest show that CAN traffic stream demonstrates insignificant concept drift and the detection model does not benefit from being retrained with a sliding window of latest CAN traffic, as in iForestASD. The size of the training sample is, however, found to be an important consideration - a model trained with only 30 s of CAN traffic always yields better detection performance than a model trained with a larger window of CAN traffic.
| Item Type: | Conference or Workshop Item (Invited Papers) |
|---|---|
| Uncontrolled Keywords: | Controller Area Network, Intrusion detection, Isolation forest, Message insertion, Automotive |
| Subjects: | T Technology > T Technology (General) T Technology > T Technology (General) > T175 Industrial research. Research and development |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science |
| Depositing User: | Hafizah Mansor |
| Date Deposited: | 08 Aug 2022 17:46 |
| Last Modified: | 08 Aug 2022 17:48 |
| URI: | http://irep.iium.edu.my/id/eprint/96963 |
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics