A Hybrid Anomaly Detection System for Electronic Control Units Featuring Replicator Neural Networks

Weber, M.; Pistorius, Felix; Sax, Eric; Maas, Jonas; Zimmer, Bastian

doi:10.1007/978-3-030-03405-4_4

Cited by 15 publications

(15 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then deep learning-based approaches are proposed as it helps to manage the communication messages in the network. The deep learning-based approach makes lowpriority monitoring to be applied and it is difficult to apply the high-priority systems [31] and [32]. The deep-based auto encoder approach is proposed in order to identify the attacks as it uses the LSTM model and it contains message ID to identify the complex networks.…”

Section: Related Workmentioning

confidence: 99%

“…With the LSTM classifier, supervised learning models are applied and to classify the attacks on the networks. Then [33] proposed the LSTM-based encoder and decoder architecture as it uses certain messages to make them construct the given input. This encoder and decoder use Knearest neighbor and estimator to identify the intrusion on the networks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Auto Deep Learning-based Automated Surveillance Technique to Recognize the Activities in the Cyber-Physical System

Archana

Kavitha

Vathsala³

2023

IJRITCC

View full text Add to dashboard Cite

In recent days, the Internet of Things (IoT) plays a significant role and increasing in rapid usage in various applications. As IoT is being developed for cyber-physical systems in the specific domain of e-health care, military, etc. Based on real-time applications, security plays a vital role in certain activities in educational institutions. In the institutions, there are multiple videos are collected and stored in the data repositories. Those datasets are developed specifically for certain activities and no other datasets are developed for academic activities. As there is a large number of videos and images are collected and considered, advanced technologies like, deep learning and IoT are used to perform certain tasks. In this paper, a Auto Deep learning-based Automated Identification Framework (DLAIF) is proposed to consider and reconsider the activities based on image pre-processing, model can be trained through the proposed GMM model and then predication to make an effective surveillance process based on HMM. This proposed process makes to recognize the activities through EM and log Likelihood for cyber-physical systems. In the performance analysis, the proposed model efficiency can be determined through Accuracy detection, False Positive rate and F1 Score requirement. Then calculating the accuracy is more effective for the proposed model compared to other existing models such as BWMP and LATTE.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Auto Deep Learning-based Automated Surveillance Technique to Recognize the Activities in the Cyber-Physical System

Archana

Kavitha

Vathsala³

2023

IJRITCC

View full text Add to dashboard Cite

show abstract

“…Purely payload-based methods, however, fail to capture the timing/sequence of messages in an attack, leading to parts of attack messages being flagged as benign. Hybrid schemes use both the message timing/frequency and the payload information to capture a more holistic view of the network, allowing them to extract specific signatures of transmitting ECUs, receiving ECUs, and messages [27]. Machine learning-based techniques further generalises such techniques when trained with large datasets through classification approaches, sequential techniques, and deep learningbased schemes.…”

Section: A Controller Area Networkmentioning

confidence: 99%

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN

Khandelwal,

Shreejith

2023

2023 33rd International Conference on Field-Programmable Logic and Applications (FPL)

View full text Add to dashboard Cite

Vehicles today comprise intelligent systems like connected autonomous driving and advanced driving assistance systems (ADAS) to enhance the driving experience, which is enabled through increased connectivity to infrastructure and fusion of information from different sensing modes. However, the rising connectivity coupled with the legacy network architecture within vehicles can be exploited for launching active and passive attacks on critical vehicle systems and directly affecting the safety of passengers. Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors in recent literature, whose deployments are enabled through quantised neural networks targeting low-power platforms. Multiple models are often required to simultaneously detect multiple attack vectors, increasing the area, (resource) cost, and energy consumption. In this paper, we present a case for utilising custom-quantised MLP's (CQMLP) as a multi-class classification model, capable of detecting multiple attacks from the benign flow of controller area network (CAN) messages. The specific quantisation and neural architecture are determined through a joint design space exploration, resulting in our choice of the 2-bit precision and the n-layer MLP. Our 2-bit version is trained using Brevitas and optimised as a dataflow hardware model through the FINN toolflow from AMD/Xilinx, targeting an XCZU7EV device. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages (DoS, fuzzing, and spoofing attack) with a very high accuracy of 99.9%, on par with the state-of-the-art methods in the literature. Furthermore, the dataflow model can perform line rate detection at a latency of 0.11 ms from message reception while consuming 0.23 mJ/inference, making it ideally suited for integration with an ECU in critical CAN networks.

show abstract

“…We modified the original coherence analysis with the weighted phase angle to include the phase information. Below we show these modifications of the original approach, which is represented by Equation 6.…”

Section: ) Extended Coherence Analysismentioning

confidence: 99%

“…One such intelligent technique for the detection of attacks are IDSs which can be divided into two types [5]. First, techniques that use unusual behaviour or signatures from data streams to infer the presence of attackers [6], [7]. Second, signaturebased techniques that are focused on specific patterns in the network to detect malicious actions.…”

Section: Introductionmentioning

confidence: 99%

CAN Radar: Sensing Physical Devices in CAN Networks based on Time Domain Reflectometry

Rumez

Dürrwang

Brecht

et al. 2019

2019 IEEE Vehicular Networking Conference (VNC)

Self Cite

View full text Add to dashboard Cite

The presence of security vulnerabilities in automotive networks has already been shown by various publications in recent years. Due to the specification of the Controller Area Network (CAN) as a broadcast medium without security mechanisms, attackers are able to read transmitted messages without being noticed and to inject malicious messages. In order to detect potential attackers within a network or software system as early as possible, Intrusion Detection Systems (IDSs) are prevalent. Many approaches for vehicles are based on techniques which are able to detect deviations from specified CAN network behaviour regarding protocol or payload properties. However, it is challenging to detect attackers who secretly connect to CAN networks and do not actively participate in bus traffic. In this paper, we present an approach that is capable of successfully detecting unknown CAN devices and determining the distance (cable length) between the attacker device and our sensing unit based on Time Domain Reflectometry (TDR) technique. We evaluated our approach on a real vehicle network.

show abstract

A Hybrid Anomaly Detection System for Electronic Control Units Featuring Replicator Neural Networks

Cited by 15 publications

References 6 publications

Auto Deep Learning-based Automated Surveillance Technique to Recognize the Activities in the Cyber-Physical System

Auto Deep Learning-based Automated Surveillance Technique to Recognize the Activities in the Cyber-Physical System

Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN

CAN Radar: Sensing Physical Devices in CAN Networks based on Time Domain Reflectometry

Contact Info

Product

Resources

About