计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (1): 34-39.doi: 10.11896/jsjkx.200900181

所属专题: 智能化边缘计算

• 智能化边缘计算* 上一篇    下一篇

基于移动边缘计算的车载CAN网络入侵检测方法

于天琪1, 胡剑凌1, 金炯2, 羊箭锋1   

  1. 1 苏州大学电子信息学院 江苏 苏州 215006
    2 斯威本科技大学软件与电气工程学院 墨尔本 3122
  • 收稿日期:2020-09-25 修回日期:2020-12-07 出版日期:2021-01-15 发布日期:2021-01-15
  • 通讯作者: 羊箭锋(jfyang@suda.edu.cn)
  • 作者简介:tqyu@suda.edu.cn
  • 基金资助:
    江苏省自然科学基金(BK20200858)

Mobile Edge Computing Based In-vehicle CAN Network Intrusion Detection Method

YU Tian-qi1, HU Jian-ling1, JIN Jiong2, YANG Jian-feng1   

  1. 1 School of Electronic and Information Engineering,Soochow University,Suzhou,Jiangsu 215006,China
    2 School of Software and Electrical Engineering,Swinburne University of Technology,Melbourne 3122,Australia
  • Received:2020-09-25 Revised:2020-12-07 Online:2021-01-15 Published:2021-01-15
  • About author:YU Tian-qi,born in 1991,Ph.D,lectu-rer.Her main research interests include Internet of Things,edge computing and sensor data analytics.
    YANG Jian-feng,born in 1978,Ph.D,senior experimentalist.His main research interests include signal proces-sing and electronic countermeasure.
  • Supported by:
    Natural Science Foundation of Jiangsu Province,China(BK20200858).

PDF (PC)

976

摘要: 随着车联网技术的快速发展和广泛部署,其在为智能网联汽车提供互联网与大数据分析等智能化服务的同时,引入了网络入侵等安全与隐私问题。传统车载网络的封闭性导致现有的车载网络通信协议,特别是部署最为广泛的控制器局域网络(Controller Area Network,CAN)总线协议,在发布时缺少隐私与安全保护机制。因此,为检测网络入侵、保护智能网联汽车安全,文中提出了一种基于支持向量数据描述(Support Vector Data Description,SVDD)的车载CAN网络入侵检测方法。该方法提取单位时间窗内CAN网络报文ID的加权自信息量和ID的归一化值作为特征信息,并在移动边缘计算服务器处构建并训练SVDD模型,目标车辆基于训练的SVDD模型进行异常特征值识别,从而实现实时的车载CAN网络入侵检测。文中采用韩国高丽大学HCR实验室公开的CAN网络数据集,对所提方法与3种传统的基于信息熵的车载网络入侵检测方法在拒绝服务攻击和伪装攻击检测准确率方面进行了对比与分析。仿真实验结果表明,在少量报文入侵时,所提方法显著提高了入侵检测的准确率。

关键词: 车联网, 车载网络, 网络入侵检测, 移动边缘计算, 支持向量数据描述算法

Abstract: With the rapid development and pervasive deployment of the Internet of Vehicles (IoV),it provides the services of Internet and big data analytics to the intelligent and connected vehicles,while incurs the issues of security and privacy.The closure of traditional in-vehicle networks leads to the communications protocols,particularly,the most commonly applied controller area network (CAN) bus protocol,lack of security and privacy protection mechanisms.Thus,to detect the network intrusions and protect the vehicles from being attacked,a support vector data description (SVDD) based intrusion detection method is proposed in this paper.Specifically,the weighted self-information of message IDs and the normalized values of IDs are selected as features for SVDD modeling,and the SVDD models are trained at the mobile edge computing (MEC) servers.The vehicles use the trained SVDD models for identifying the abnormal values of the selected features to detect the network intrusions.Simulations are conducted based on the CAN network dataset published by the HCR Lab of Korea University,where three conventional information entropy based in-vehicle network intrusion detection methods are adopted as the benchmarks.As compared to the benchmarks,the proposed method has dramatically improved the intrusion detection accuracy,especially when the number of intruded messages is small.

Key words: Internet of Vehicles, In-vehicle network, Mobile edge computing, Network intrusion detection, Support vector data description algorithm

中图分类号: 

  • TN915
[1] LIU Z,ZHANG T.Research on automatic lane change method based on vehicle network information[J].Journal of Chongqing University of Technology (Natural Science),2020,34(4):11-17.
[2] CHEN L,ZHANG D,LIANG J.The Driving active service selection method based on QoS for Internet of Vehicle environment[J].Journal of Chongqing University of Technology (Na-tural Science),2019,33(12):8-17.
[3] LI Y,LUO Q,LIU J,et al.TSP security in intelligent and connected vehicles:challenges and solutions [J].IEEE Wireless Communications,2019,26(3):125-131.
[4] WU W,LI R,XIE G,et al.A survey of intrusion detection for in-vehicle networks [J].IEEE Transactions on Intelligent Transportation System,2020,13(3):919-933.
[5] MILLER C,VALASEK C.Remote exploitation of an unaltered passenger vehicle [R].BlackHat USA,2015.
[6] KEEN SECURITY LAB.Car hacking research:Remote attack Tesla motors [EB/OL].[2020-09-24].https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus.pdf.
[7] YOUNG C,ZAMBRENO J,OLUFOWOBI H,et al.Survey of automotive controller area network intrusion detection systems [J].IEEE Design & Test,2019,36(6):48-55.
[8] CHOI W,JOO K,JO H J,et al.VoltageIDS:Low-level communication characteristics for automotive intrusion detection system[J].IEEE Transactions on Information Forensics Security,2018,13(8):2114-2129.
[9] CHO K T,SHIN K G.Fingerprinting electronic control units for vehicle intrusion detection[C]//25th USENIX Conference on Security Symposium.2016:911-927.
[10] SHIN K G,CHO K T.Viden:Attacker identification on in-vehicle networks[C]//ACM SIGSAC Conference on Computer Communication Security.2017:1109-1123.
[11] SONG H M,KIM H R,KIM H K.Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network[C]//International Conference on Information Networks (ICOIN).2016:63-68.
[12] LEE H,JEONG S H,KIM H K.OTIDS:A novel intrusion detection system for in-vehicle network by using remote frame[C]//15th IEEE PST.2017:5709-5757.
[13] MÜTER M,ASAJ N.Entropy-based anomaly detection for in-vehicle networks[C]//IEEE Intelligent Vehicles Symposium.2011:1110-1115.
[14] YU H,QIN G H,SUN M H,et al.Cyber security and anomaly detection method for in-vehicle CAN[J].Journal of Jilin University (Engineering Edition),2016,46(4):1246-1253.
[15] WU W,HUANG Y,KURACHI R,et al.Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks[J].IEEE Access,2018,6:45233-45245.
[16] YU C,LIN B,GUI P,et al.Deployment and dimensioning of fog computing-based Internet of Vehicle infrastructure for autonomous driving[J].IEEE Internet of Things Journal,2019,6(1):149-160.
[17] YU X,LIU Y,SHI X,et al.Mobile edge computing offloading strategy under Internet of Vehicles scenario[J].Computer Engineering,2020,46(11):29-34,41.
[18] LING F,DUAN J,LI C,et al.Research on dynamic load balancing algorithm for C-V2X edge server[J].Computer Enginee-ring,2020,46(12):201-206,221.
[19] TAX M J D,DUIN P W R.Support Vector Data Description[J].Machine Learning,2004,54:45-66.
[20] Support Vector Data Description (SVDD) Toolkit [EB/OL].[2020-09-24].https://github.com/iqiukp/SVDD.
[1] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[2] 陈晶, 吴玲玲.
多源异构环境下的车联网大数据混合属性特征检测方法
Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment
计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[3] 于滨, 李学华, 潘春雨, 李娜.
基于深度强化学习的边云协同资源分配算法
Edge-Cloud Collaborative Resource Allocation Algorithm Based on Deep Reinforcement Learning
计算机科学, 2022, 49(7): 248-253. https://doi.org/10.11896/jsjkx.210400219
[4] 李梦菲, 毛莺池, 屠子健, 王瑄, 徐淑芳.
基于深度确定性策略梯度的服务器可靠性任务卸载策略
Server-reliability Task Offloading Strategy Based on Deep Deterministic Policy Gradient
计算机科学, 2022, 49(7): 271-279. https://doi.org/10.11896/jsjkx.210600040
[5] 方韬, 杨旸, 陈佳馨.
D2D辅助移动边缘计算下的卸载策略优化
Optimization of Offloading Decisions in D2D-assisted MEC Networks
计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114
[6] 刘漳辉, 郑鸿强, 张建山, 陈哲毅.
多无人机使能移动边缘计算系统中的计算卸载与部署优化
Computation Offloading and Deployment Optimization in Multi-UAV-Enabled Mobile Edge Computing Systems
计算机科学, 2022, 49(6A): 619-627. https://doi.org/10.11896/jsjkx.210600165
[7] 谢万城, 李斌, 代玥玥.
空中智能反射面辅助边缘计算中基于PPO的任务卸载方案
PPO Based Task Offloading Scheme in Aerial Reconfigurable Intelligent Surface-assisted Edge Computing
计算机科学, 2022, 49(6): 3-11. https://doi.org/10.11896/jsjkx.220100249
[8] 周天清, 岳亚莉.
超密集物联网络中多任务多步计算卸载算法研究
Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks
计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147
[9] 彭冬阳, 王睿, 胡谷雨, 祖家琛, 王田丰.
视频缓存策略中QoE和能量效率的公平联合优化
Fair Joint Optimization of QoE and Energy Efficiency in Caching Strategy for Videos
计算机科学, 2022, 49(4): 312-320. https://doi.org/10.11896/jsjkx.210800027
[10] 宋涛, 李秀华, 李辉, 文俊浩, 熊庆宇, 陈杰.
大数据时代下车联网安全加密认证技术研究综述
Overview of Research on Security Encryption Authentication Technology of IoV in Big Data Era
计算机科学, 2022, 49(4): 340-353. https://doi.org/10.11896/jsjkx.210400112
[11] 张海波, 张益峰, 刘开健.
基于NOMA-MEC的车联网任务卸载、迁移与缓存策略
Task Offloading,Migration and Caching Strategy in Internet of Vehicles Based on NOMA-MEC
计算机科学, 2022, 49(2): 304-311. https://doi.org/10.11896/jsjkx.210100157
[12] 梁俊斌, 张海涵, 蒋婵, 王天舒.
移动边缘计算中基于深度强化学习的任务卸载研究进展
Research Progress of Task Offloading Based on Deep Reinforcement Learning in Mobile Edge Computing
计算机科学, 2021, 48(7): 316-323. https://doi.org/10.11896/jsjkx.200800095
[13] 宋海宁, 焦健, 刘永.
高速公路中的移动边缘计算研究
Research on Mobile Edge Computing in Expressway
计算机科学, 2021, 48(6A): 383-386. https://doi.org/10.11896/jsjkx.200900212
[14] 唐亮, 李飞.
基于决策树的车联网安全态势预测模型研究
Research on Forecasting Model of Internet of Vehicles Security Situation Based on Decision Tree
计算机科学, 2021, 48(6A): 514-517. https://doi.org/10.11896/jsjkx.200700158
[15] 俞建业, 戚湧, 王宝茁.
基于Spark的车联网分布式组合深度学习入侵检测方法
Distributed Combination Deep Learning Intrusion Detection Method for Internet of Vehicles Based on Spark
计算机科学, 2021, 48(6A): 518-523. https://doi.org/10.11896/jsjkx.200700129
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发