Journal of IKEEE (전기전자학회논문지)

Institute of Korean Electrical and Electronics Engineers (한국전기전자학회)
권호 표지
DOI QR코드

DOI QR Code

Intrusion Detection System for In-Vehicle Network to Improve Detection Performance Considering Attack Counts and Attack Types

공격 횟수와 공격 유형을 고려하여 탐지 성능을 개선한 차량 내 네트워크의 침입 탐지 시스템

  • Received : 2022.12.13
  • Accepted : 2022.12.19
  • Published : 2022.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

본 논문에서는 공격 횟수와 공격 유형을 모두 고려하여 차량 내 네트워크에서 해킹을 탐지하는 침입 탐지 시스템의 성능을 개선하는 기법을 제안한다. 침입 탐지 시스템에서 침입을 정상으로 잘못 인식하는 FNR(False Negative Rate)과 정상을 침입으로 잘못 인식하는 FPR(False Positive Rate)은 모두 차량의 안전에 큰 영향을 미친다. 본 논문에서는 일정 홧수 이상 공격으로 탐지된 데이터 프레임을 자동적으로 공격으로 처리하며, 자동 공격으로 판단하는 방법도 공격 유형에 따라 다르게 적용함으로서 FNR과 FPR을 모두 개선하는 침입 탐지 기법을 제안하였다. 시뮬레이션 결과 제안하는 기법은 DoS(Denial of Service) 공격과 Spoofing 공격에서 FNR과 FPR을 효과적으로 개선할 수 있었다.

Keywords

Acknowledgement

This work was supported by Industrial Technology Challenge Track of the Ministry of Trade, Industry and Energy (MOTIE) / Korea Evaluation Institute of Industrial Technology (KEIT). (20012624) It was supported by the R&D Program of the Ministry of Trade, Industry, and Energy (MOTIE) and Korea Evaluation Institute of Industrial Technology (KEIT). (20008417, RS-2022-00155731)

References

  1. T. Hoppe, S. Kiltz, and J. Dittmann, "Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures," Reliability Engineering & System Safety, vol.96, no.1, pp.11-25, 2011. DOI: 10.1016/j.ress.2010.06.026
  2. E. Aliwa, C. Perera, and O. Rana, "Cyberattacks and Countermeasures For In-Vehicle Networks," ACM Computing Surveys, vol.54, no.1, pp.1-37, 2020. DOI: 10.1145/3431233
  3. A. Theissler, "Anomaly detection in recordings from in-vehicle networks," Proceedings of International Workshop on Big Data Applications and Principles, pp.1-10, 2014.
  4. A. Tomlinson, J. Bryans, and S. Shaikh, "Using a one-class compound classifier to detect in-vehicle network attacks," Proceedings of Genetic and Evolutionary Computation Conference, pp.1926-1929, 2018. DOI: 10.1145/3205651.3208223
  5. D. Tian, Y. Li, Y. Wang, X. Duan, C. Wang, W. Wang, R. Hui, and P. Guo, "An intrusion detection system based on machine learning for CAN-Bus," Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol.221, pp.285-294, 2018. DOI: 10.1007/978-3-319-74176-5_25
  6. M. Kang and J. Kang, "Intrusion detection system using deep neural network for in-vehicle network security," PLoS ONE, vol.11, no.6, pp.1-17, 2016. DOI: 10.1371/journal.pone.0155781
  7. E. Seo, H. Song, and H. Kim, "GIDS: GAN-Based Intrusion Detection System for In-Vehicle Network," Proceedings of Annual Conference on Privacy, Security and Trust, pp.1-6, 2018. DOI: 10.1109/PST.2018.8514157
  8. H. Song, J. Woo, and H. Kim, "In-vehicle network intrusion detection using deep convolutional neural network," Vehicular Communications, vol.21, pp.100198, 2020. DOI: 10.1016/j.vehcom.2019.100198
  9. T. Kang, J. Lee, and S. Lee, "Counterattack Method against Hacked Node in CAN Bus Physical Layer," j.inst.Korean.electr.electron.eng., vol.23, no.4, pp.1469-1472, 2019. DOI: 10.7471/ikeee.2019.23.4.1469
  10. H. Song, H. Kim, and H. Kim, "Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network," Proceedings of International Conference on Information Networking, pp.63-68, 2016. DOI: 10.1109/ICOIN.2016.7427089
  11. D. Stabil, M. Marchetti, and M. Colajanni, "Detecting Attacks to Internal Vehicle Networks through Hamming Distance," Proceedings of AEIT International Annual Conference, pp.1-6, 2017. DOI: 10.23919/AEIT.2017.8240550
  12. A. Tomlinson, J. Bryans, and S. Shaikh, "Towards Viable Intrusion Detection Methods for The Automotive Controller Area Network," Proceedings of Computer Science in Cars Symposium, pp.1-9, 2018. DOI: 10.1145/3273946.3273950