ID Sequence Analysis for Intrusion Detection in the CAN bus using Long Short Term Memory Networks

機関リポジトリ HANDLE オープンアクセス

抄録

The number of computer controlled vehicles throughout the world is rising at a staggering speed. Even though this enhances the driving experience, it opens a new security hole in the automotive industry. To alleviate this issue, we are proposing an intrusion detection system (IDS) to the controller area network (CAN), which is the de facto communication standard of present-day vehicles. We implemented an IDS based on the analysis of ID sequences. The IDS uses a trained Long-Short Term Memory (LSTM) to predict an arbitration ID that will appear in the future by looking back to the last 20 packet arbitration IDs. The output from the LSTM network is a softmax probability of all the 42 arbitration IDs in our test car. The softmax probability is used in two approaches for IDS. In the first approach, a single arbitration ID is predicted by taking the class which has the highest softmax probability. This method only gave us an accuracy of 0.6. Applying this result in a real vehicle would give us a lot of false negatives, hence we devised a second approach that uses log loss as an anomaly signal. The evaluated log loss is compared with a predefined threshold to see if the result is in the anomaly boundary. Furthermore, We have tested our approach using insertion, drop and illegal ID attacks which greatly outperform the conventional method with practical F1 scores of 0.9, 0.84, and 1.0 respectively.

キーワード

詳細情報 詳細情報について

問題の指摘

ページトップへ