Research On Vehicle Network Intrusion Detection Based On Association Rules

This article is completed under the background of the support project of the Sichuan provincial science and Technology Department.The purpose of this paper is to study the information security of vehicular network,and analyze the information security hidden trouble of vehicular network in detail from the internal and external environment of vehicular network.Because the information security of the car's vehicle network external environment can be defended through traditional methods,so this paper puts the center of gravity on the interior of car vehicle network.This paper is based on the model of the traditional intrusion detection system,an intrusion detection system model suitable for vehicle network is proposed.The main research work of this article is as follows:? The research on the safety of vehicle network information security is summarized by the domestic and foreign related researchers,organizations and universities.Because the research on information security of car vehicle network is a new field at home and abroad,so different researchers,organizations are directed at a certain direction about research in this area.Therefore,the research in this area is not perfect enough,so we can see that the current research in this field is still at the initial stage at home and abroad.? The information security threat of car vehicle network is analyzed.First,the external security threats of car vehicle network are analyzed: TSP security threat,APP security threat,T-Box security threat,IVI security threat and the hidden security risks and the attack cases and attack modes are described respectively.Then the information security threat in car vehicle network is analyzed: the security threat of CAN-Bus bus and the security threat of ECU.All aspects of the threat of CAN bus are described.Finally,the vehicle ECU security threats and three typical attack modes are analyzed.? The correlation and characteristics of vehicle vehicular network ECU are studied.Because the relevance and characteristics of the car vehicular network ECU are not open to third parties.In order to obtain the correlation and characteristics between the car vehicle network ECU,excavating the data of the vehicle network message.It lays the foundation for the next design of the intrusion detection system.? The terms of clock offset,clock frequency,clock skew,relative clock offset,relative clock skew are defined.On the basis of these concepts,design the mark parameter of ECU transmitter which sends vehicular network message and verify the feasibility of using clock skew to mark ECU.? A cumulative clock offset model is designed to express the clock skew parameter.In order to obtain the unknown clock skew parameter in the cumulative clock offset model,design of clock skew estimation algorithm and use the accumulative sum algorithms to determine whether the ECU behavior of the vehicle network has an intrusion behavior.? Use the CANoe softwart to design the network topology of the corresponding attack behavior and use the intrusion detection system experiments on these attacks.The experimental results show that the intrusion detection model proposed in this paper can effectively detect the intrusion behavior.