車載資源約束下的控制器域網(wǎng)絡(luò)異常檢測自適應(yīng)優(yōu)化方法

張金鋒; 張震; 劉少勛; 鄔江興

doi:10.11999/JEIT220692

車載資源約束下的控制器域網(wǎng)絡(luò)異常檢測自適應(yīng)優(yōu)化方法

doi: 10.11999/JEIT220692 cstr: 32379.14.JEIT220692

張金鋒^{1, 2, ,},
張震^{2, 3},
劉少勛²,
鄔江興^{1, 2, 3}

1.
東南大學(xué)網(wǎng)絡(luò)空間安全學(xué)院南京 211189
2.
網(wǎng)絡(luò)通信與安全紫金山實(shí)驗(yàn)室南京 211111
3.
國家數(shù)字交換系統(tǒng)工程技術(shù)研究中心鄭州 450002

基金項(xiàng)目: 河南省重大科技專項(xiàng)(221100240100)，鄭州市重大科技創(chuàng)新專項(xiàng)(2021KJZX0060-3)

詳細(xì)信息

作者簡介:
張金鋒：男，高級工程師，研究方向?yàn)橹悄芫W(wǎng)聯(lián)汽車廣義功能安全、AI安全

張震：男，副教授，研究方向?yàn)橹悄芫W(wǎng)聯(lián)汽車廣義功能安全、網(wǎng)絡(luò)測量與管理

劉少勛：男，高級工程師，研究方向?yàn)橹悄芫W(wǎng)聯(lián)汽車廣義功能安全、工業(yè)互聯(lián)網(wǎng)擬態(tài)安全

鄔江興：男，教授，研究方向?yàn)閮?nèi)生安全、多模態(tài)網(wǎng)絡(luò)等

通訊作者:
張金鋒　zhangjinfeng@pmlabs.com.cn

中圖分類號: TN919.5
計(jì)量
- 文章訪問數(shù): 535
- HTML全文瀏覽量: 322
- PDF下載量: 117
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2022-05-30
- 修回日期: 2022-09-09
- 網(wǎng)絡(luò)出版日期: 2022-09-15
- 刊出日期: 2023-07-10

Adaptive Optimization Method for Controller Area Network Anomaly Detection under Vehicle Resource Constraints

ZHANG Jinfeng^{1, 2
, ,},
ZHANG Zhen^{2, 3},
LIU Shaoxun²,
WU Jiangxing^{1, 2, 3}

1.
School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
2.
Network Communication and Security Purple Mountain Laboratory, Nanjing 211111, China
3.
National Digital Switching System Engineering and Technological Research and Development Center, Zhengzhou 450002, China

Funds: The Major Science and Technology Project of Henan Province (221100240100), The Major Science and Technology Innovation Special Project of Zhengzhou (2021KJZX0060-3)

摘要

摘要: 針對在有限的車載資源約束條件下，如何兼顧控制器域網(wǎng)絡(luò)(CAN)異常檢測準(zhǔn)確度和時效性的問題，該文提出一種CAN網(wǎng)絡(luò)異常檢測自適應(yīng)優(yōu)化方法。首先，基于信息熵建立了CAN網(wǎng)絡(luò)異常檢測的準(zhǔn)確度和時效性量化指標(biāo)，并將CAN網(wǎng)絡(luò)異常檢測建模為多目標(biāo)優(yōu)化問題；然后，設(shè)計(jì)了求解多目標(biāo)優(yōu)化問題的第二代非支配排序遺傳算法(NSGA-II)，將帕累托前沿作為CAN網(wǎng)絡(luò)異常檢測模型參數(shù)的優(yōu)化調(diào)整空間，提出了滿足不同場景需求的檢測模型魯棒控制機(jī)制。通過實(shí)驗(yàn)分析，深入剖析了優(yōu)化參數(shù)對異常檢測的影響，驗(yàn)證了所提方法能夠在有限車載資源下適應(yīng)多樣化檢測場景需求。
- 智能網(wǎng)聯(lián)汽車 /
- 資源約束 /
- 控制器域網(wǎng)絡(luò)異常檢測 /
- 多目標(biāo)優(yōu)化 /
- 魯棒控制機(jī)制
Abstract: Considering the problem of how to take into account the accuracy and timeliness of Controller Area Network(CAN) anomaly detection under the constraints of limited vehicle resources, an adaptive optimization method for CAN anomaly detection is proposed. Firstly, based on information entropy, the quantification index of the accuracy and timeliness of CAN network anomaly detection is established, and the CAN anomaly detection is modeled as a multi-objective optimization problem. Then, the Non-dominated Sorting Genetic Algorithm-II (NSGA-II) algorithm for solving the multi-objective optimization problem is designed. The Pareto frontier is used as the optimization and adjustment space of the parameters of the CAN anomaly detection model, and a robust control mechanism of the detection model is proposed to meet the needs of different scenarios. Through experimental analysis, the influence of optimization parameters on anomaly detection is deeply analyzed, and it is verified that the proposed method can adapt to the needs of diverse detection scenarios under limited vehicle resources.
- Intelligent networked vehicle /
- Resource constraints /
- Controller Area Network(CAN) anomaly detection /
- Mmulti-objective optimization /
- Robust control mechanism

HTML全文

圖 1 CAN網(wǎng)絡(luò)數(shù)據(jù)結(jié)構(gòu)

下載: 全尺寸圖片幻燈片

圖 2 部分攻擊CAN報(bào)文逃避檢測的情況

下載: 全尺寸圖片幻燈片

圖 3 適應(yīng)多樣化場景的CAN網(wǎng)絡(luò)異常檢測優(yōu)化方法總體思路

下載: 全尺寸圖片幻燈片

圖 4 基于NSGA-II的CAN網(wǎng)絡(luò)異常檢測優(yōu)化算法流程

下載: 全尺寸圖片幻燈片

圖 5 適應(yīng)多樣化檢測場景的魯棒控制機(jī)制總體流程

下載: 全尺寸圖片幻燈片

圖 6 不同采樣窗口大小條件下的CAN報(bào)文信息熵變化趨勢

下載: 全尺寸圖片幻燈片

圖 7 不同采樣窗口大小條件下的入侵檢測準(zhǔn)確度變化情況

下載: 全尺寸圖片幻燈片

圖 8 不同滑動尺度下的CAN報(bào)文信息熵變化情況

下載: 全尺寸圖片幻燈片

圖 9 不同滑動尺度下的入侵檢測準(zhǔn)確度變化情況

下載: 全尺寸圖片幻燈片

圖 10 不同滑動尺度下的入侵檢測時效性變化情況

下載: 全尺寸圖片幻燈片

圖 11 不同靈敏度下的入侵檢測準(zhǔn)確度變化趨勢

下載: 全尺寸圖片幻燈片

圖 12 多目標(biāo)優(yōu)化方法實(shí)驗(yàn)案例計(jì)算結(jié)果

下載: 全尺寸圖片幻燈片

圖 13 本文方法在不同檢測場景下的適用性分析

下載: 全尺寸圖片幻燈片

圖 14 報(bào)文數(shù)量遞增策略下的檢測準(zhǔn)確度比較分析

下載: 全尺寸圖片幻燈片

圖 15 注入頻次遞減策略下的檢測準(zhǔn)確度比較分析

下載: 全尺寸圖片幻燈片

算法1 基于信息熵檢測CAN報(bào)文的準(zhǔn)確度算法
輸入：CAN 報(bào)文集合$ {S_{{\text{data}}}} $
輸出：檢測準(zhǔn)確度$P ({\bf{IDS}} )$
(1) 從$ {S_{{\text{data}}}} $中提取CAN 報(bào)文ID集$ {S_{{\text{ID}}}} $；
(2) 循環(huán)計(jì)算每個滑動窗口CAN報(bào)文的檢測準(zhǔn)確度：
(a) 利用式(2)計(jì)算滑動窗口內(nèi)的CAN報(bào)文ID 信息熵$H{\text{(} }{\bf{IDS}}{\text{)} }$；
(b)將$H{\text{(} }{\bf{IDS}}{\text{)} }$與$S{\text{(} }{\bf{IDS}}{\text{)} }$進(jìn)行比較，若$H{\text{(} }{\bf{IDS}}{\text{)} } \in S{\text{(} }{\bf{IDS}}{\text{)} }$，則　　　　判斷窗口內(nèi)報(bào)文正常；
(c) 將檢測結(jié)果與實(shí)際結(jié)果比較，得到單次檢測的準(zhǔn)確度；
(d) 并統(tǒng)計(jì)未被列入檢測窗口的正常消息比例。
(3) 綜合每次窗口滑動檢測結(jié)果，利用式(4)計(jì)算最終準(zhǔn)確度。

下載: 導(dǎo)出CSV

表 1 CAN報(bào)文實(shí)驗(yàn)數(shù)據(jù)集

數(shù)據(jù)集	數(shù)量	ID范圍
Normal	30000	0x001～0x7ff
DoS	36000	0x000～0x7ff
Injection	36000	0x000～0x7ff

下載: 導(dǎo)出CSV

表 2 本文所提優(yōu)化方法的帕累托前沿

序號	參數(shù)			準(zhǔn)確度	時效性
序號	窗口大小	滑動尺度	閾值區(qū)間靈敏度	準(zhǔn)確度	時效性
1	27	4	2.3625	1.000	0.1290
2	54	6	2.4146	0.999	0.1000
3	21	1	2.3821	0.994	0.0448
4	206	2	2.5523	0.992	0.0096

下載: 導(dǎo)出CSV

參考文獻(xiàn)(26)

[1]	李克強(qiáng), 戴一凡, 李升波, 等. 智能網(wǎng)聯(lián)汽車(ICV)技術(shù)的發(fā)展現(xiàn)狀及趨勢[J]. 汽車安全與節(jié)能學(xué)報(bào), 2017, 8(1): 1–14. doi: 10.3969/j.issn.1674-8484.2017.01.001 LI Keqiang, DAI Yifan, LI Shengbo, et al. State-of-the-art and technical trends of intelligent and connected vehicles[J]. Journal of Automotive Safety and Energy, 2017, 8(1): 1–14. doi: 10.3969/j.issn.1674-8484.2017.01.001
[2]	吳武飛, 李仁發(fā), 曾剛, 等. 智能網(wǎng)聯(lián)車網(wǎng)絡(luò)安全研究綜述[J]. 通信學(xué)報(bào), 2020, 41(6): 161–174. doi: 10.11959/j.issn.1000-436x.2020130 WU Wufei, LI Renfa, ZENG Gang, et al. Survey of the intelligent and connected vehicle cybersecurity[J]. Journal on Communications, 2020, 41(6): 161–174. doi: 10.11959/j.issn.1000-436x.2020130
[3]	中國汽車工程學(xué)會. 智能網(wǎng)聯(lián)汽車信息安全白皮書[R]. 中國智能網(wǎng)聯(lián)汽車產(chǎn)業(yè)創(chuàng)新聯(lián)盟成立大會, 2017. China Society of Automotive Engineering. White paper on intelligent network automobile information security[R]. Inaugural Conference of China Intelligent Connected Vehicle Industry Innovation Alliance, 2017.
[4]	KOSCHER K, CZESKIS A, ROESNER F, et al. Experimental security analysis of a modern automobile[C]. 2010 IEEE Symposium on Security and Privacy, Oakland, USA, 2010: 447–462.
[5]	CHECKOWAY S, MCCOY D, KANTOR B, et al. Comprehensive experimental analyses of automotive attack surfaces[C]. The 20th USENIX Conference on Security, San Francisco, USA, 2011: 447–462.
[6]	WOO S, JO H J, and LEE D H. A practical wireless attack on the connected car and security protocol for in-vehicle CAN[J]. IEEE Transactions on Intelligent Transportation Systems, 2015, 16(2): 993–1006. doi: 10.1109/TITS.2014.2351612
[7]	SONG H M, KIM H R, and KIM H K. Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network[C]. 2016 International Conference on Information Networking, Kota Kinabalu, Malaysia, 2016: 63–68.
[8]	YANG Yun, DUAN Zongtao, and TEHRANIPOOR M. Identify a spoofing attack on an in-vehicle CAN bus based on the deep features of an ECU fingerprint signal[J]. Smart Cities, 2020, 3(1): 17–30. doi: 10.3390/smartcities3010002
[9]	JING Ning and LIU Jiajia. An experimental study towards attacker identification in automotive networks[C]. 2019 IEEE Global Communications Conference, Waikoloa, USA, 2019: 1–6.
[10]	YANG Yuanda, XIE Guoqi, WANG Jilong, et al. Intrusion detection for in-vehicle network by using single GAN in connected vehicles[J]. Journal of Circuits, Systems and Computers, 2021, 30(1): 2150007. doi: 10.1142/S0218126621500079
[11]	LI Yang, MOUBAYED A, HAMIEH I, et al. Tree-based intelligent intrusion detection system in internet of vehicles[C]. 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, USA, 2019: 1–6.
[12]	KANG Minju and KANG J W. A novel intrusion detection method using deep neural network for in-vehicle network security[C]. 2016 IEEE 83rd Vehicular Technology Conference, Nanjing, China, 2016: 1–5.
[13]	CASILLO M, COPPOLA S, DE SANTO M, et al. Embedded intrusion detection system for detecting attacks over CAN-BUS[C]. 2019 4th International Conference on System Reliability and Safety, Rome, Italy, 2019: 136–141.
[14]	VAN WYK F, WANG Yiyang, KHOJANDI A, et al. Real-time sensor anomaly detection and identification in automated vehicles[J]. IEEE Transactions on Intelligent Transportation Systems, 2020, 21(3): 1264–1276. doi: 10.1109/TITS.2019.2906038
[15]	BHATIA R, KUMAR V, SERAG K, et al. Evading voltage-based intrusion detection on automotive CAN[C]. 28th Annual Network and Distributed System Security Symposium (NDSS), 2021.
[16]	CHOI W, JOO K, JO H J, et al. Voltageids: Low-level communication characteristics for automotive intrusion detection system[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(8): 2114–2129. doi: 10.1109/TIFS.2018.2812149
[17]	LEE H, JEONG S H, and KIM H K. OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame[C]. 2017 15th Annual Conference on Privacy, Security and Trust (PST), Calgary, Canada, 2017: 57–66.
[18]	HALDER S, CONTI M, and DAS S K. COIDS: A clock offset based intrusion detection system for controller area networks[C]. The 21st International Conference on Distributed Computing and Networking, Kolkata, India, 2020: 22.
[19]	CHO K T and SHIN K G. Fingerprinting electronic control units for vehicle intrusion detection[C]. The 25th USENIX Conference on Security Symposium, Austin, USA, 2016: 911–927.
[20]	MÜTER M and ASAJ N. Entropy-based anomaly detection for in-vehicle networks[C]. 2011 IEEE Intelligent Vehicles Symposium (IV), Baden-Baden, Germany, 2011: 1110–1115.
[21]	VIRMANI D, TANEJA S, CHAWLA T, et al. Entropy deviation method for analyzing network intrusion[C]. 2016 International Conference on Computing, Communication and Automation, Greater Noida, India, 2016: 515–519.
[22]	ZHAO Yuntao, ZHANG Wenbo, FENG Yongxin, et al. A classification detection algorithm based on joint entropy vector against application-layer DDoS attack[J]. Security and Communication Networks, 2018, 2018: 9463653. doi: 10.1155/2018/9463653
[23]	WANG Qian, LU Zhaojun, and QU Gang. An entropy analysis based intrusion detection system for controller area network in vehicles[C]. 2018 31st IEEE International System-on-Chip Conference (SOCC), Arlington, USA, 2018: 90–95.
[24]	于赫, 秦貴和, 孫銘會, 等. 車載CAN總線網(wǎng)絡(luò)安全問題及異常檢測方法[J]. 吉林大學(xué)學(xué)報(bào):工學(xué)版, 2016, 46(4): 1246–1253. doi: 10.13229/j.cnki.jdxbgxb201604034 YU He, QIN Guihe, SUN Minghui, et al. Cyber security and anomaly detection method for in-vehicle CAN[J]. Journal of Jilin University:Engineering and Technology Edition, 2016, 46(4): 1246–1253. doi: 10.13229/j.cnki.jdxbgxb201604034
[25]	董書琴, 張斌. 基于深度特征學(xué)習(xí)的網(wǎng)絡(luò)流量異常檢測方法[J]. 電子與信息學(xué)報(bào), 2020, 42(3): 695–703. doi: 10.11999/JEIT190266 DONG Shuqin and ZHANG Bin. Network traffic anomaly detection method based on deep features learning[J]. Journal of Electronics &Information Technology, 2020, 42(3): 695–703. doi: 10.11999/JEIT190266
[26]	MARCHETTI M, STABILI D, GUIDO A, et al. Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms[C]. 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI), Bologna, Italy, 2016: 1–6.