Skip to main content

Research Repository

Advanced Search

Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system.

Rajapaksha, Sampath; Kalutarage, Harsha; Al-Kadri, M. Omar; Petrovski, Andrei; Madzudzo, Garikayi

Authors

M. Omar Al-Kadri

Garikayi Madzudzo



Abstract

Modern automobiles are equipped with a large number of electronic control units (ECUs) to provide safe driver assistance and comfortable services. The controller area network (CAN) provides near real-time data transmission between ECUs with adequate reliability for in-vehicle communication. However, the lack of security measures such as authentication and encryption makes the CAN bus vulnerable to cyberattacks, which affect the safety of passengers and the surrounding environment. Detecting attacks on the CAN bus, particularly masquerade attacks, presents significant challenges. It necessitates an intrusion detection system (IDS) that effectively utilizes both CAN ID and payload data to ensure thorough detection and protection against a wide range of attacks, all while operating within the constraints of limited computing resources. This paper introduces an ensemble IDS that combines a gated recurrent unit (GRU) network and a novel autoencoder (AE) model to identify cyberattacks on the CAN bus. AEs are expected to produce higher reconstruction errors for anomalous inputs, making them suitable for anomaly detection. However, vanilla AE models often suffer from overgeneralization, reconstructing anomalies without significant errors, resulting in many false negatives. To address this issue, this paper proposes a novel AE called Latent AE, which incorporates a shallow AE into the latent space. The Latent AE model utilizes Cramér's statistic-based feature selection technique and a transformed CAN payload data structure to enhance its efficiency. The proposed ensemble IDS enhances attack detection capabilities by leveraging the best capabilities of independent GRU and Latent AE models, while mitigating the weaknesses associated with each individual model. The evaluation of the IDS on two public datasets, encompassing 13 different attacks, including sophisticated masquerade attacks, demonstrates its superiority over baseline models with near real-time detection latency of 25ms.

Citation

RAJAPAKSHA, S., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and MADZUDZO, G. 2023. Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system. Journal of information security and applications [online], 77, article number 103570. Available from: https://doi.org/10.1016/j.jisa.2023.103570

Journal Article Type Article
Acceptance Date Jul 19, 2023
Online Publication Date Aug 14, 2023
Publication Date Sep 30, 2023
Deposit Date Aug 15, 2023
Publicly Available Date Aug 15, 2023
Journal Journal of Information Security and Applications
Electronic ISSN 2214-2126
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 77
Article Number 103570
DOI https://doi.org/10.1016/j.jisa.2023.103570
Keywords Controller area networks (CANs); Automotive cybersecurity; Machine learning; Deep learning; Autoencoders; Anomaly detection
Public URL https://rgu-repository.worktribe.com/output/2043355

Files




You might also like



Downloadable Citations