Abstract
Vehicle data is one of the important sources of traffic accident digital forensics. We propose a novel method using long short-term memory-deep belief network by binary encoding (LSTM-BiDBN) controller area network identifier (CAN ID) to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves. Instead of detecting attacks only aimed at a specific CAN ID, the proposed method fully considers the potential interaction between electronic control units. By this means, we can detect whether the vehicle has been invaded by the outside, to online determine the responsible party of the accident. We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset. Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack, fuzzy attack and impersonation attack with an accuracy value of 97.02%, a false-positive rate of 6.09%, and a false-negative rate of 1.94% compared with traditional methods.
摘要
车辆数据是交通事故数字取证的重要来源之一。提出了一种利用二进制编码的长短期记忆-深度信念网络(LSTM-BiDBN)控制器局域网标识符(CAN ID)提取CAN ID事件序列和CAN ID本身语义的新方法。该方法不仅检测针对特定CAN ID的攻击,而且充分考虑了电子控制单元之间潜在的相互作用。通过这种方式,可以检测车辆是否被外界入侵,从而在线确定事故的责任方。使用LSTM-BiDBN来区分CAN入侵数据集上的无攻击和异常情况。实验结果表明:与传统方法相比,该方法在识别拒绝服务攻击、模糊攻击和模拟攻击引起的异常方面更为有效,准确率为97.02%,误检率为6.09%,错误率为1.94%。
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
LE-KHAC N A, JACOBS D, NIJHOFF J, et al. Smart vehicle forensics: Challenges and case study [J]. Future Generation Computer Systems, 2020, 109: 500–510.
CHECKOWAY S, MCCOY D, KANTOR B, et al. Comprehensive experimental analyses of automotive attack surfaces [C]//20th USENIX Security Symposium. San Francisco: USENIX, 2011: 447–462.
HAN K, DIVYA POTLURI S, SHIN K G. On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks [C]//2013 ACM/IEEE International Conference on Cyber-Physical Systems. Philadelphia: IEEE, 2013: 160–169.
FOSTER I, PRUDHOMME A, KOSCHER K, et al. Fast and vulnerable: A story of telematic failures [C]//9th USENIX Conference on Offensive Technologies. Washington: USENIX, 2015: 1–9.
WANG E, XU W, SASTRY S, et al. Hardware module-based message authentication in intra-vehicle networks [C]//2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems. Pittsburgh: IEEE, 2017: 207–216.
MÜTER M, ASAJ N. Entropy-based anomaly detection for in-vehicle networks [C]//2011 IEEE Intelligent Vehicles Symposium. Baden-Baden: IEEE, 2011: 1110–1115.
LEE H, JEONG S H, KIM H K. OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame [C]//2017 15th Annual Conference on Privacy, Security and Trust. Calgary: IEEE, 2017: 57–66.
ASHFAQ R A R, WANG X Z, HUANG J Z, et al. Fuzziness based semi-supervised learning approach for intrusion detection system [J]. Information Sciences, 2017, 378: 484–497.
IDHAMMAD M, AFDEL K, BELOUCH M. Semi-supervised machine learning approach for DDoS detection [J]. Applied Intelligence, 2018, 48(10): 3193–3208.
PAZUL K. Controller area network (CAN) basics [EB/OL]. [2022-05-24]. https://cika.com/soporte/Information/Microchip/AnalogInterface/CAN/AppNotes/AN713(DS00713a).pdf.
YU F, LI D F, CROLLA D A. Integrated Vehicle Dynamics Control — state-of-the art review [C]//2008 IEEE Vehicle Power and Propulsion Conference. Harbin: IEEE, 2008: 1–6.
KOSCHER K, CZESKIS A, ROESNER F, et al. Experimental security analysis of a modern automobile [C]//2010 IEEE Symposium on Security and Privacy. Oakland: IEEE, 2010: 447–462.
HOPPE T, KILTZ S, DITTMANN J. Security threats to automotive CAN networks—Practical examples and selected short-term countermeasures [J]. Reliability Engineering & System Safety, 2011, 96(1): 11–25.
THEISSLER A. Anomaly detection in recordings from in-vehicle networks [M]//Big data applications and principes. Madrid: Universidad Politécnica de Madrid, 2014: 23–38.
KANG M J, KANG J W. Intrusion detection system using deep neural network for in-vehicle network security [J]. PLoS ONE, 2016, 11(6): e0155781.
YU Y, SI X S, HU C H, et al. A review of recurrent neural networks: LSTM cells and network architectures [J]. Neural Computation, 2019, 31(7): 1235–1270.
ALKHATIB N, GHAUCH H, DANGER J L. SOME/IP intrusion detection using deep learning-based sequential models in automotive Ethernet networks [C]//2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference. Vancouver: IEEE, 2021: 954–962.
KHAN Z, CHOWDHURY M, ISLAM M, et al. Long short-term memory neural networks for false information attack detection in software-defined in-vehicle network [DB/OL]. (2019-06-24). https://arxiv.org/abs/1906.10203.
HOSSAIN M D, INOUE H, OCHIAI H, et al. LSTM-based intrusion detection system for in-vehicle can bus communications [J]. IEEE Access, 2020, 8: 185489–185502.
SEGER C. An investigation of categorical variable encoding techniques in machine learning: Binary versus one-hot and feature hashing [R]. Stockholm: KTH Royal Institute of Technology, 2018.
HINTON G E, OSINDERO S, TEH Y W. A fast learning algorithm for deep belief nets [J]. Neural Computation, 2006, 18(7): 1527–1554.
HE K M, ZHANG X Y, REN S Q, et al. Delving deep into rectifiers: Surpassing human-level performance on ImageNet classification [C]//2015 IEEE International Conference on Computer Vision. Santiago: IEEE, 2015: 1026–1034.
HOCHREITER S, SCHMIDHUBER J. Long short-term memory [J]. Neural Computation, 1997, 9(8): 1735–1780.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National Key R&D Program of China (No. 2017YFA60700602)
Rights and permissions
About this article
Cite this article
Liu, W., Xu, J., Yang, G. et al. Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection. J. Shanghai Jiaotong Univ. (Sci.) 29, 1161–1168 (2024). https://doi.org/10.1007/s12204-022-2549-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-022-2549-8
Key words
- digital forensics
- deep belief network (DBN)
- long short-term memory (LSTM)
- binary encoding
- controller area network identifier (CAN ID)
- responsible party