计算机科学 ›› 2022, Vol. 49 ›› Issue (6A): 562-570.doi: 10.11896/jsjkx.210700106

• 信息安全 • 上一篇    下一篇

基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法

周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧   

  1. 湖南科技大学信息与电气工程学院 湖南 湘潭 411201
  • 出版日期:2022-06-10 发布日期:2022-06-08
  • 通讯作者: 陈磊 (chenlei@hnust.edu.cn)
  • 作者简介:(745387409@qq.com)
  • 基金资助:
    国家自然科学基金(62103143);湖南省自然科学基金( 2020JJ5199);国家重点研发计划(2019YFE0105300/2019YFE0118700)

SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm

ZHOU Zhi-hao, CHEN Lei, WU Xiang, QIU Dong-liang, LIANG Guang-sheng, ZENG Fan-qiao   

  1. School of Information and Electrical Engineering,Hunan University of Science and Technology,Xiangtan,Hunan 411201,China
  • Online:2022-06-10 Published:2022-06-08
  • About author:ZHOU Zhi-hao,born in 2000,postgra-duate.His main research interests include information security,machine learning and embedded-development.
    CHEN Lei,born in 1986,Ph.D,lecturer.His main research interests include deep learning,network representation learning,information security of industrial control system and big data analysis.
  • Supported by:
    National Natural Science Foundation of China(62103143),Natural Science Foundation of Hunan Province(2020JJ5199) and National Key Research and Development Program(2019YFE0105300/2019YFE0118700).

摘要: 随着车联网中车载装备智能化程度的飞速发展,其与互联网对接的程度日益加深,而车载CAN总线受到的网络攻击数量更多、攻击方式更复杂、攻击特征更隐蔽。目前车联网入侵检测才刚起步,基于防火墙或规则库等传统检测模型无法获取隐藏的深层攻击特征,基于深度学习的智能检测模型又因训练参数多、攻击数据不均衡等呈现过/欠拟合以及训练复杂等问题。针对以上问题,文中以车载CAN总线为对象,提出了一种基于SMOTE-SDSAE-SVM的CAN总线入侵检测方法(简称3S),尝试结合深度学习和机器学习理论,从而同时提取网络攻击的深度特征和保证模型训练的高效性,并解决网络攻击类别不平衡、CAN报文含噪声等问题。首先,为了解决网络攻击类别不平衡问题,利用SMOTE技术对不平衡类别的攻击数据进行近邻采样,从而生成更多同类别近似样本;其次,结合稀疏自编码和去噪自编码,以消除噪声数据的影响同时增加特征提取的时效性,并通过堆叠多层稀疏去噪自编码最终实现CAN报文的深度特征提取;最后,利用SVM对提取的深度特征进行精确分类,实现对CAN报文的异常检测,从而发现网络攻击。通过在沃尔沃CAN数据集和CAR-HACKING数据集上的大量实验,有效证明了本文3S算法较其他算法而言拥有更好的入侵检测准确率和更低的漏报率/误报率。

关键词: CAN总线, SDSAE, SMOTE, SVM, 入侵检测, 深度学习

Abstract: With the rapid development of in-vehicle equipment intelligence on the Internet of Vehicles,due to its increasingly deepened connection with the Internet,the number of network attacks on the vehicle CAN bus has been increased,the attack methods have become more complex and the attack characteristics have become more concealed.At present,the intrusion detection of the Internet of Vehicles has just started.Traditional detection models based on firewall or rule bases are unable to obtain the hidden deep features of network attacks,but the intelligent detection models based on deep learning present problems such as “over-fitting” or “under-fitting” due to too many training parameters and unbalanced training datasets.To solve the above problems,an SMOTE-SDSAE-SVM based intrusion detection algorithm for CAN bus of vehicles is proposed in this paper,which is simply called 3S.This algorithm tries to combine deep learning and machine learning techniques to extract deep features of network attacks and ensure the efficiency of model training.The main contributions are as follows.Firstly,to balance the training samples of different categories,SMOTE method is used to generate more similar samples through the nearest neighbor sampling strategy.Secondly,sparse autoencoder and denoising autoencoder are combined to increase the speed of feature extraction and eliminate noise effects.And the deep feature of the CAN message is eventually extracted by stacking multi-layer sparse denoising autoencoder.Finally,SVM is used to accurately classify the extracted deep features of CAN messages,thereby discovering network attacks.According to the extensive experiments on the Volvo CAN dataset and the CAR-HACKING dataset,the proposed 3S algorithm is proved to have better accuracy and lower false alarm rate than other algorithms.

Key words: CAN bus, Deep learning, Intrusion detection, SDSAE, SMOTE, SVM

中图分类号: 

  • TP183
[1] QIAN Z H,WANG Y J.IoT technology and application[J].Acta Electronica Sinica,2012,40(5):1023-1029.
[2] QIE G,ZHANG Y.Intelligent Connected Vehicle:A Survey of the Technical Analysis[J].Mobile Communications,2020,44(1):80-85.
[3] LI K Q,DAI Y F,LI S B,et al.State-of-the-art and technical trends of intelligent and connected vehicles[J].Journal of Automotive Safety and Energy,2017,8(1):1-14.
[4] XUN Y J,LIU J J,ZHAO J.Research on security threat of intelligent connected vehicle[J].Chinese Journal on Internet of Things,2019,3(4):72-81.
[5] YANG D,JIANG K,ZHAO D,et al.Intelligent and connected vehicles:Current status and future perspectives[J].Science China-Technological Sciences,2018,61(10):1446-1471.
[6] ALNABULSI H,ISLAM R.Protecting code injection attacks in intelligent transportation system[C]//Trust Security and Privacy in Computing and Communications.Piscataway:IEEE Press,2019:799-806.
[7] HAO J,HAN G.On the Modeling of Automotive Security:ASurvey of Methods and Perspectives[J].Future Internet,2020,12(11):198.
[8] MÜTER M,GROLL A,FREILING F C.A structured approach to anomaly detection for in-vehicle networks[C]//2010 Sixth International Conference on Information Assurance and Security(IAS).IEEE,2010:92-98.
[9] HAN J,PEI J,KAMBER M.Data mining:concepts and techniques[M].San Francisco:Elsevier,2011.
[10] GUO T,XU Z,YAO X,et al.Robust online time series prediction with recurrent neural networks[C]//2016 IEEE International Conference on Data Science and Advanced Analytics(DSAA).IEEE,2016:816-825.
[11] TAYLOR A,LEBLANC S,JAPKOWICZ N.Anomaly detection in automobile control network data with long short-term memory networks[C]//2016 IEEE International Conference on Data Science and Advanced Analytics(DSAA).IEEE,2016:130-139.
[12] LIANG J,CHEN J,ZHANG X,et al.One-hot encoding and convolutional neural network based anomaly detection[J].Journal Tsinghua University(Science & Technology),2019,59(7):523-529.
[13] ZHU F,WU W,FU Y C,et al.A Dual Deep Network Based Secure Deep Reinforcement Learning Method[J].Chinese Journal of Computers,2019,42(8):1-15.
[14] AN T L,WANG C D,YANG C.Research on vehicle bus anomaly detection based on LSTM[J].Journal of Tianjin University of Technology,2020,36(3):6-10.
[15] LIU X Q,SHAN C,REN J D,et al.An intrusion detection method based on multi-dimensional optimization of traffic anomaly analysis[J].Netinfo Security,2019,4(1):14-26.
[16] LI L J,YU Y,BAI S S,et al.Intrusion Detection Model Based on Double Training Technique[J].Transactions of Beijing Institute of Technology,2017(12):1246-1252.
[17] CHAWALA N V,BOWYER K W,HALL L O,et al.SMOTE:synthetic minority over-sampling technique[J].Journal of Artificial Intelligence Research,2002,16(1):321-357.
[18] LIN Y.Research on fusion algorithm of extreme learning machine and auto-encoder [D].Changchun:Jilin University,2016.
[19] PARK S,SEO S,KIM J.Network intrusion detection usingstacked denoising autoencoder[J].Advanced Science Letters,2017,23(10):9907-9911.
[20] VINCENT P,LATOCHELLE H,LAJOIE I,et al.Stacked denoising auto-encoders:learning useful representations in a deep network with a local denoising criterion[J].The Journal of Machine Learning Research,2010,11(12):3371-3408.
[21] SUN W J,SHAO S Y,ZHAO R,et al.A sparse auto-encoder-based deep neural network approach for induction motor faults classification[J].Measurement,2016,89:171-178.
[22] XING C,MA L,YANG X Q.Stacked denoise autoencoder based feature extraction and classification for hyperspectral images[J].Journal of Sensors,2016,2016:1-10.
[23] ANDREAS T.Anomaly detection in recordings from in-vehicle networks[J].Big Data and Applications,2014(3):23-29.
[24] CRISTIANINI N,TAYLOR J S.An introduction to supportvector machines and other kernel-based learning methods[M].Beijing:Publishing House of Electronics Industry,2004.
[25] AMARNATH B,BALAMURUGAN S A A.Review on feature se-lection techniques and its impact for effective data classification using UCI machine learning repository dataset[J].Journal of Engineering Science and Technology,2016,11(11):1639-1646.
[26] MOUSTAFA N,SLAY J.UNSW-NB15:a comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//Proceedings of the 2015 Military Communications and Information Systems Conference.Canberra,ACT,Australia:IEEE,2015:1-6.
[27] GOH J,ADEPU S,JUNEJO K N,et al.A dataset to support research in the design of secure water treatment systems[C]//International Conference on Critical Information Infrastructures Security.Cham:Springer,2016:88-99.
[28] AHMED C M,PALLETI V R,MATHUR A P.WADI:a water distribution testbed for research in the design of secure cyber physical systems[C]//Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks.2017:25-28.
[1] 饶志双, 贾真, 张凡, 李天瑞.
基于Key-Value关联记忆网络的知识图谱问答方法
Key-Value Relational Memory Networks for Question Answering over Knowledge Graph
计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[2] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3] 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺.
时序知识图谱表示学习
Temporal Knowledge Graph Representation Learning
计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[4] 王剑, 彭雨琦, 赵宇斐, 杨健.
基于深度学习的社交网络舆情信息抽取方法综述
Survey of Social Network Public Opinion Information Extraction Based on Deep Learning
计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099
[5] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[6] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[7] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
[8] 孙奇, 吉根林, 张杰.
基于非局部注意力生成对抗网络的视频异常事件检测方法
Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection
计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061
[9] 刘卫明, 安冉, 毛伊敏.
基于聚类和WOA的并行支持向量机算法
Parallel Support Vector Machine Algorithm Based on Clustering and WOA
计算机科学, 2022, 49(7): 64-72. https://doi.org/10.11896/jsjkx.210500040
[10] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[11] 程成, 降爱莲.
基于多路径特征提取的实时语义分割方法
Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction
计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157
[12] 侯钰涛, 阿布都克力木·阿布力孜, 哈里旦木·阿布都克里木.
中文预训练模型研究进展
Advances in Chinese Pre-training Models
计算机科学, 2022, 49(7): 148-163. https://doi.org/10.11896/jsjkx.211200018
[13] 周慧, 施皓晨, 屠要峰, 黄圣君.
基于主动采样的深度鲁棒神经网络学习
Robust Deep Neural Network Learning Based on Active Sampling
计算机科学, 2022, 49(7): 164-169. https://doi.org/10.11896/jsjkx.210600044
[14] 苏丹宁, 曹桂涛, 王燕楠, 王宏, 任赫.
小样本雷达辐射源识别的深度学习方法综述
Survey of Deep Learning for Radar Emitter Identification Based on Small Sample
计算机科学, 2022, 49(7): 226-235. https://doi.org/10.11896/jsjkx.210600138
[15] 王君锋, 刘凡, 杨赛, 吕坦悦, 陈峙宇, 许峰.
基于多源迁移学习的大坝裂缝检测
Dam Crack Detection Based on Multi-source Transfer Learning
计算机科学, 2022, 49(6A): 319-324. https://doi.org/10.11896/jsjkx.210500124
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!