Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks

Jeong, Seong-hoon; Jeon, Boo-Sun; Chung, Byeong-Mook; Kim, Huy Kang

doi:10.1016/j.vehcom.2021.100338

Cited by 47 publications

(52 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We will provide in Section IV the attack model on AVTP protocol, created by Jeong et al [25] and us, and list also the relevant AVTP features to be leveraged for anomaly detection.…”

Section: Transmission Of Media Streams Using Avtpmentioning

confidence: 99%

“…In order to detect intrusions on Audio Video Transport Protocol (AVTP), we have used the "Automotive Ethernet Intrusion Dataset" dataset [24] created by Jeong et al [25] and which contains benign and malicious AVTP packet captures from their physical automotive Ethernet testbed. The datasets are recorded in the PCAP file format and, therefore, are viewed using prevalent programming libraries and packet analyzers (such as Wireshark).…”

Section: Dataset Descriptionmentioning

confidence: 99%

“…Among them, Alkhatib et al [11] proposed a deep learning-based sequential model for offline intrusion detection on Scalable Service-Oriented Middleware over IP (SOME/IP) application layer protocol on top of automotive ethernet. Moreover, Jeong et al [25] presented an intrusion detection method for detecting audio-video transport protocol (AVTP) stream injection attacks in automotive ethernet-based networks.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Unsupervised Network Intrusion Detection System for AVTP in Automotive Ethernet Networks

Alkhatib¹,

Mushtaq²,

Ghauch³

et al. 2022

Preprint

View full text Add to dashboard Cite

Network Intrusion Detection Systems are well considered as efficient tools for securing in-vehicle networks against diverse cyberattacks. However, since cyberattack are always evolving, signature-based intrusion detection systems are no longer adopted. An alternative solution can be the deployment of deep learning based intrusion detection system (IDS) which play an important role in detecting unknown attack patterns in network traffic. To our knowledge, no previous research work has been done to detect anomalies on automotive ethernet based invehicle networks using anomaly based approaches. Hence, in this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP), an application layer protocol implemented in the recent in-vehicle network Automotive Ethernet. The CAE consists of an encoder and a decoder with CNN structures that are asymmetrical. Anomalies in AVTP packet stream, which may lead to critical interruption of media streams, are therefore detected by measuring the reconstruction error of each sliding window of AVTP packets. Our proposed approach is evaluated on the recently published "Automotive Ethernet Intrusion Dataset", and is also compared with other state-of-the art traditional anomaly detection and signature based models in machine learning. The numerical results show that our proposed model outperfoms the other methods and excel at predicting unknown in-vehicle intrusions, with 0.94 accuracy. Moreover, our model has a low level of false alarm and miss detection rates for different AVTP attack types.

show abstract

“…We will provide in Section IV the attack model on AVTP protocol, created by Jeong et al [25] and us, and list also the relevant AVTP features to be leveraged for anomaly detection.…”

Section: Transmission Of Media Streams Using Avtpmentioning

confidence: 99%

Section: Dataset Descriptionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Unsupervised Network Intrusion Detection System for AVTP in Automotive Ethernet Networks

Alkhatib¹,

Mushtaq²,

Ghauch³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…A study focused on instruction detection in connected and autonomous vehicles has been given in [24]. The study proposed CNN to detect intrusion in ethernet-based network.…”

Section: Table 2 Hidroid Performance [23]mentioning

confidence: 99%

Exploring Deep Neural Network Capability for Intrusion Detection Using Different Mobile Phones Platforms

Alharbi¹,

Hewahi²

2021

IJCDS

View full text Add to dashboard Cite

Network intrusion activities started since the network typologies become available for public, the target devices were computers, servers, switches, routers and so on, but with the fever of smartphones spreading among the public, these smartphones have become a target for hacker attacks. Network Intrusion Detection System (IDS) is a device, software or both used by network administrator to monitor the network security and recognize any malicious activity or organization's network policy violation. Deep neural network is the famous technology in deep learning where it is an artificial neural network with multiple hidden layers, and it simulates the human brain and it's the central nervous system in thinking and detecting pattern. Mobile phones are widely used today, with different platforms which known now as smartphones, these smartphones belong to many manufacturing and require operating system. This research explores deep neural networks capability for intrusion detection using different mobile phones platforms, the research experiments five deep neural networks approaches, Fully Connected Deep Neural Networks (FCDNN), Convolutional Neural Networks (CNN), Convolutional Neural Networks followed by Fully Connected Neural Networks (CNN&FCDNN), Convolutional Neural Networks followed by Fully Connected Neural Networks and then followed by Convolution Neural Network (CNN&FCDNN&CNN), and finally Fully Connected Deep Neural Networks followed by Convolution Neural Networks (FCDNN&CNN).Two data sets have been used for testing the approaches, Android data set and NSL-KDD data set. The proposed approaches have been compared with each other's and also compared with traditional Machine Learning (ML) approaches. The results show that CNN&FCDNN&CNN is the best deep learning approach where it achieved accuracy of 0.863 and 0.997 for the two data sets Android and NSL-KDD respectively. The accuracy results also show that the best approach is the random forest where it achieved 0.88 and 0.998 for Android and NSL-KDD data sets respectively. Deep neural networks show that they are good machine learning candidates for problems similar to mobile phones intrusion detection systems.

show abstract

“…The ever increasing demand for autonomous vehicles and competition to produce fully autonomous cars by the original equipment manufacturers (OEMs) has grown the CAN bus's security concern. Besides, researchers demonstrated several security vulnerabilities in the CAN bus [8,9]. This work studies viirtual attacks on the safety-critical systems using a compromised ECU through OBD-II port.…”

Section: Attacks On Can Busmentioning

confidence: 99%

GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus

Islam¹,

Devnath²,

Samad³

et al. 2021

Preprint

View full text Add to dashboard Cite

The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel graph-based Gaussian naive Bayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRankrelated features. The GGNB on the real rawCAN data set [1] yields 99.61%, 99.83%, 96.79%, and 96.20% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set [2], the proposed methodology has 100%, 99.85%, 99.92%, 100%, 99.92%, 97.75% and 99.57% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about 239× and 135× lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable

show abstract

Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks

Cited by 47 publications

References 3 publications

Unsupervised Network Intrusion Detection System for AVTP in Automotive Ethernet Networks

Unsupervised Network Intrusion Detection System for AVTP in Automotive Ethernet Networks

Exploring Deep Neural Network Capability for Intrusion Detection Using Different Mobile Phones Platforms

GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus

Contact Info

Product

Resources

About