计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (12): 334-342.doi: 10.11896/jsjkx.231000117

• 信息安全 • 上一篇    下一篇

一种面向车联网的零日攻击检测方法

王博1, 赵金城1, 徐丙凤1,3, 何高峰2   

  1. 1 南京林业大学信息科学技术学院、人工智能学院 南京 210037
    2 南京邮电大学物联网学院 南京 210003
    3 高安全系统的软件开发与验证技术工业和信息化部重点实验室(南京航空航天大学) 南京 211106
  • 收稿日期:2023-10-18 修回日期:2024-03-15 出版日期:2024-12-15 发布日期:2024-12-10
  • 通讯作者: 徐丙凤(bingfengxu@njfu.edu.cn)
  • 作者简介:(bowang@njfu.edu.cn)
  • 基金资助:
    国家自然科学基金面上项目(62372240);江苏省网络与信息安全重点实验室(BM2003201);南京航空航天大学科研基地创新(理工类)项目(NJ2020022)

Zero Day Attack Detection Method for Internet of Vehicles

WANG Bo1, ZHAO Jincheng1, XU Bingfeng1,3, HE Gaofeng2   

  1. 1 College of Information Science and Technology&Artificial Intelligence, Nanjing Forestry University, Nanjing 210037, China
    2 College of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
    3 Key Laboratory of Safety-Critical Software(Nanjing University of Aeronautics and Astronautics), Ministry of Industry and Information Technology, Nanjing 211106, China
  • Received:2023-10-18 Revised:2024-03-15 Online:2024-12-15 Published:2024-12-10
  • About author:WANG Bo,born in 2000,postgraduate.His main research interests include attack detection in the Internet of Vehicles and so on.
    XU Bingfeng,born in 1986,Ph.D, associate professor,master’s supervisor.Her main research interests include cyber-physical system security and software engineering.
  • Supported by:
    National Natural Science Foundation of China(62372240),Jiangsu Provincial Key Laboratory of Network and Information Security(BM2003201) and Fundamental Research Funds for the Central Universities,NUAA(NJ2020022).

PDF (PC)

221

摘要: 由于缺乏攻击数据,车联网零日攻击检测通常采用基于异常的方法。但车辆实际行驶过程中环境复杂多样、行为模式多变,导致正常的行为模式会出现较大的差异,采用基于异常的方法容易导致高误报率。在车联网环境中零日攻击和已知攻击的攻击原理相似,受迁移学习的启发,基于条件生成对抗网络提出一种应用少样本学习的车联网零日攻击检测方法。首先,提出一种多生成器和多判别器的条件对抗生成网络模型。其次,设计了一种自适应采样数据增强方法,通过对已知的攻击样本进行数据增强优化该网络模型的输入样本以减少误报。为进一步缓解该网络模型的输入攻击样本过少带来的数据不平衡问题,在判别器中给出了一种协作焦点损失函数重点判别难分类数据。最后,基于F2MD车辆网络仿真平台进行了大量实验,实验结果表明所提方法对于零日攻击的检测效果和检测延迟均优于现有方法,为车联网零日攻击检测提供了一种有效的解决方案。

关键词: 车联网, 零日攻击, 条件生成对抗网络, 少样本学习, 异常检测

Abstract: Zero-day attack detection in the Internet of Vehicles usually adopts anomaly-based methods due to the limited availabi-lity of attack data.Nevertheless,the complex and diverse driving environments that vehicles operate in,coupled with the variability of behavioral patterns,resulting in significant deviations in normal behavior.As a consequence,the utilization of anomaly-based methods tends to yield elevated false alarm rates.In the vehicular context,the attack principles of zero-day and known attacks exhibit similarities.Drawing inspiration from transfer learning,a zero-day attack detection method for the Internet of Vehicles is introduced,which is grounded in few-shot learning and employs conditional generative adversarial networks(CGANs).Specifically,a conditional adversarial generative network model is proposed featuring multiple generators and multiple discriminators.Within this framework,an adaptive sampling data augmentation method is developed to enhance the dataset with known attack samples.This augmentation is achieved through the optimization of input samples to effectively reduce the occurrence of false positives.Furthermore,to address the data imbalance issue stemming from a limited number of input attack samples,a collaborative focus loss function is incorporated into the discriminators,with an emphasis on distinguishing challenging-to-classify data.The effectiveness of the proposed method is rigorously assessed through comprehensive experiments conducted on the F2MD vehicle network simulation platform.The experimental results unequivocally establish the superiority of the proposed approach compared to existing methods,both in terms of detection efficacy and latency.As a result,this paper presents an effective solution for zero-day attack detection in the realm of the Internet of Vehicles.

Key words: Internet of Vehicles, Zero-day attack, Conditional generative adversarial network, Few-shot learning, Anomaly detection

中图分类号: 

  • TP393
[1]XU M,HOANG D T,KANG J,et al.Secure and ReliableTransfer Learning Framework for 6G-enabled Internet of Vehicles[J].IEEE Wireless Communications,2022,29(4):132-139.
[2]MOYA OSORIO D P,AHMAD I,SANCHEZ J D V,et al.Towards 6G-Enabled Internet of Vehicles:Security and Privacy[J].IEEE Open Journal of the Communications Society,2022,3:82-105.
[3]DEEMANTHA R,HETTIGE B.Autonomous Car:Current Issues,Challenges and Solution:A Review[C]//15th Interna-tional Research Conference.2023.
[4]GUO Y.A review of Machine Learning-based zero-day attackdetection:Challenges and future directions[J].Computer Communications,2023,198:175-185.
[5]MARTINS I,RESENDE J S,SOUSA P R,et al.Host-based IDS:a review and open issues of an anomaly detection system in IoT[J].Future Generation Computer Systems,2022,133:95-113.
[6]YANG L,MOUBAYED A,SHAMI A.MTH-IDS:A Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles[J].IEEE Internet of Things Journal,2022,9(1):616-632.
[7]LIU Y,XUE H,ZHUANG W,et al.CT2-MDS:Cooperativetrust-aware tolerant misbehaviour detection system for connec-ted and automated vehicles[J].IET Intelligent Transport Systems,2022,16(2):218-231.
[8]ZHAO J,SHETTY S,PAN J W,et al.Transfer learning for detecting unknown network attacks[J].EURASIP Journal on Information Security,2019,2019(1):1.
[9]THANKAPPAN M,RIFÀ-POUS H,GARRIGUES C.Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks:A state of the art review[J].Expert Systems with Applications,2022,210:118401.
[10]SAMEERA N,SHASHI M.Deep transductive transfer learning framework for zero-day attack detection[J].ICT Express,2020,6(4):361-367.
[11]MEHEDI S T,ANWAR A,RAHMAN Z,et al.Dependable Intrusion Detection System for IoT:A Deep Transfer Learning-based Approach[J].IEEE Transactions on Industrial Informa-tics,2023,19(1):1006-1017.
[12]DAR S UH,YURT M,KARACAN L,et al.Image Synthesis in Multi-Contrast MRI With Conditional Generative Adversarial Networks[J].IEEE Transactions on Medical Imaging,2019,38(10):2375-2388.
[13]HU W,GAO J,LI B,et al.Anomaly Detection Using Local Kernel Density Estimation and Context-Based Regression[J].IEEE Transactions on Knowledge and Data Engineering,2020,32(2):218-233.
[14]NOURETDINOV I,GAMMERMAN J,FONTANA M,et al.Multi-level conformal clustering:A distribution-free technique for clustering and anomaly detection[J].Neurocomputing,2020,397:279-291.
[15]YANG J,CHEN Y,RAHARDJA S.Neighborhood representative for improving outlier detectors[J].Information Sciences,2023,625:192-205.
[16]ZHAO X,WU Y,LEE D L,et al.iForest:Interpreting Random Forests via Visual Analytics[J].IEEE Transactions on Visua-lization and Computer Graphics,2019,25(1):407-416.
[17]ALI ALHEETI K M,MCDONALD-MAIER K.Intelligent intrusion detection in external communication systems for autonomous vehicles[J].Systems Science & Control Engineering,2018,6(1):48-56.
[18]IMAN M,ARABNIA H R,RASHEED K.A Review of Deep Transfer Learning and Recent Advancements[J].Technologies,2023,11(2):40.
[19]ANAND P,SINGH Y,SINGH H,et al.SALT:transfer lear-ning-based threat model for attack detection in smart home[J].Scientific Reports,2022,12(1):12247.
[20]MICHAU G,FINK O.Unsupervised transfer learning for ano-maly detection:Application to complementary operating condition transfer[J].Knowledge-Based Systems,2021,216:106816.
[21]ZHOU T,LI Q,LU H,et al.GAN review:Models and medical image fusion applications[J].Information Fusion,2023,91:134-148.
[22]HOSSAIN M S,BETTS J M,PAPLINSKI A P.Dual Focal Lossto address class imbalance in semantic segmentation[J].Neurocomputing,2021,462:69-87.
[23]KAMEL J,ANSARI M R,PETIT J,et al.Simulation Framework for Misbehavior Detection in Vehicular Networks[J].IEEE Transactions on Vehicular Technology,2020,69(6):6631-6643.
[24]KAMEL J,WOLF M,VAN DER HEI R W,et al.VeReMi Extension:A Dataset for Comparable Evaluation of Misbehavior Detection in VANETs[C]//ICC 2020-2020 IEEE Interna-tional Conference on Communications(ICC).Dublin,Ireland:IEEE,2020:1-6.
[25]RUFF L,VANDERMEULEN R A,GÖRNITZ N,et al.Deep One-Class Classification[C]//International Conference on Machine Learning.2018:4393-4402.
[26]SHENKAR T,WOLF L.Anomaly detection for tabular datawith internal contrastive learning[C]//International Conference on Learning Representations.2022.
[27]ZONG B,SONG Q,MIN M R,et al.Deep autoencoding gaussian mixture model for unsupervised anomaly detection[C]//International Conference on Artificial Neural Networks.2018.
[28]RUFF L,VANDERMEULEN R A,GÖRNITZ N,et al.Deep Semi-Supervised Anomaly Detection[C]//International Confe-rence on Learning Representations.2020.
[29]PANG G,SHEN C,JIN H,et al.Deep Weakly-supervisedAnomaly Detection[C]//Proceedings of the 29th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2023.
[30]XU H,WANG Y,WEI J,et al.Fascinating Supervisory Signals and Where to Find Them:Deep Anomaly Detection with Scale Learning[C]//International Conference on Machine Learning.2023.
[31]NGO C P,WINARTO A A,LI C K K,et al.Fence GAN:Towards Better Anomaly Detection[C]//2019 IEEE 31st International Conference on Tools with Artificial Intelligence.2019:141-148.
[32]LIU Y,LI Z,ZHOU C,et al.Generative Adversarial ActiveLearning for Unsupervised Outlier Detection[J].IEEE Transactions on Knowledge and Data Engineering,2020,32(8):1517-1528.
[33]MOUSTAFA N,SLAY J.UNSW-NB15:a comprehensive data set for network intrusion detection systems[C]//2015 Military Communications and Information Systems Conference(MilCIS).Canberra,Australia:IEEE,2015:1-6.
[34]YIN Y,JANG-JACCARD J,XU W,et al.IGRF-RFE:a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset[J].Journal of Big Data,2023,10(1):15.
[35]SINHA J,MANOLLAS M.Efficient Deep CNN-BiLSTM Model for Network Intrusion Detection[C]//Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition.Xiamen,China:ACM,2020:223-231.
[36]ABUALHOUL M Y,SHAGDAR O,NASHASHIBI F.Visible Light inter-vehicle Communication for platooning of autonomous vehicles[C]//2016 IEEE Intelligent Vehicles Symposium(IV).Gotenburg,Sweden:IEEE,2016:508-513.
[37]MOUBAYED A,SHAMI A,HEIDARI P,et al.Edge-EnabledV2X Service Placement for Intelligent Transportation Systems[J].IEEE Transactions on Mobile Computing,2021,20(4):1380-1392.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发