Research On Intrusion Detection System For In-Vehicle Networks

In order to improve the driver’s safety and convenience,the intelligent connected vehicle integrates the functions of navigation,mobile office,vehicle control,auxiliary driving,etc.The rich interface makes the in-vehicle networks more likely to become the target of hacker attacks,causing major security problems such as information leakage,vehicle out of control,etc.,therefore,the intelligent Internet connected vehicle is facing more severe network security risks than the traditional vehicle,how to design in-vehicle networks protection strategy is a huge challenge.Whether the attack on in-vehicle networks is wired or wireless,the final foothold is on the controller area network(CAN).As the de facto standard of invehicle networks,CAN bus does not have enough security functions,such as message encryption and sender authentication,which cannot protect the network from cheating,intrusion and control and other network attacks.As in-vehicle networks are facing the increasingly serious situation of network security threat,this thesis fully considers the constraints of the in-vehicle networks in the process of design and actual use,combined with the characteristics of the attacker,carries out the research on the in-vehicle network intrusion detection system.By analyzing the attacker model,the in-vehicle network attacks can be divided into two categories,namely,masquerade attack and injection attack.Then,two new intrusion detection schemes are designed to detect the two attacks and protect the security of in-vehicle networks.The main contributions of this thesis are summarized as follows.To counter the masquerade attack,this thesis proposes a new intrusion detection system,which uses the inimitable characteristics of the electronic CAN signal as the fingerprint of the electronic control unit(ECU)to identify the source of the attacker.Firstly,according to the characteristics of the collected ECU voltage data,a voltage raw data processing mechanism is proposed.The ECU voltage signals are divided into three groups,and statistical features are extracted from each group respectively.By considering each group separately,the important features which enable ECUs to be identified are more obvious.Secondly,the feature attributes of the dataset are sorted and dimensionally reduced by using the sequential forward selection process.According to this mechanism,the ECU fingerprint dataset is established.Then,we use the dataset to train the gradient boosting decision tree classification model,and use the trained model to realize the high probability identification rate of the normal ECU fingerprint.In this way we transform the ECU identification problem into a multi-class classification problem,the trained model can be used for the detection of illegal intrusion.In order to verify the accuracy of the proposed intrusion detection system,experiments are carried out with the data collected from real vehicles.The experimental results validate that the proposed intrusion detection system can correctly identify masquerade attacks,and the detection accuracy is higher than the existing three intrusion detection systems.To counter the injection attack,this paper proposes a new intrusion detection system.The system analyzes the transmission rule of CAN bus data stream and finds out the abnormal value by outlier detection method.Firstly,according to the characteristics of CAN bus data flow,the data contents transmitted on CAN bus are recorded,and the change rules of data content are extracted to obtain the characteristics of each CAN message.Secondly,PCA model is used to analyze and reduce the dimension of the data set’s characteristic attributes.Based on this,the data set of normal CAN message field is established.Then we use the dataset to train the OCSVM classification model,and the abnormal CAN data recognition problem is transformed into the outlier detection problem.OCSVM tries to find a closed space to cover the normal samples,and any point outside the closed space is judged as an exception.Finally,the data collected on the real vehicle verifies the recognition accuracy of the proposed intrusion detection system.The experimental results show that the intrusion detection system can accurately identify injection Do S attack,fuzzy attack,and abnormal driving behavior.