Controller area network (CAN) are widely used in smart vehicles to realize information interactions between electronic control units and other devices in vehicles. Owing to an increase in external communication interfaces, the cybersecurity of in-vehicle CAN bus networks is threatened. In-vehicle CAN intrusion detection systems with high detection rates and low false-negative rates have become important security protection measures for automotive networks. The boundary of the current machine learning-based in-vehicle CAN bus intrusion detection algorithm to determine the anomalous behavior triggered by CAN messages is unclear, and a validity check is required after the intrusion detection algorithm is designed. To solve the low coverage rate problem in the process of validating intrusion detection algorithms, an in-vehicle CAN fuzz-testing message generation model, the field-associative mutation generation adversarial network (FAMGAN), is proposed. To improve the defects of high randomness in generating messages in traditional fuzz-testing algorithms, FAMGAN adopts field division based on a conditional random field and the field association method based on the Apriori algorithm. Experiments were conducted on a real car using a code-built intrusion detection algorithm. The results demonstrate that FAMGAN can efficiently generate anomalous CAN messages and evaluate the performance of an in-vehicle CAN intrusion detection algorithm.
Citation: Zhongwei Li, Wenqi Jiang, Xiaosheng Liu, Kai Tan, Xianji Jin, Ming Yang. GAN model using field fuzz mutation for in-vehicle CAN bus intrusion detection[J]. Mathematical Biosciences and Engineering, 2022, 19(7): 6996-7018. doi: 10.3934/mbe.2022330
Controller area network (CAN) are widely used in smart vehicles to realize information interactions between electronic control units and other devices in vehicles. Owing to an increase in external communication interfaces, the cybersecurity of in-vehicle CAN bus networks is threatened. In-vehicle CAN intrusion detection systems with high detection rates and low false-negative rates have become important security protection measures for automotive networks. The boundary of the current machine learning-based in-vehicle CAN bus intrusion detection algorithm to determine the anomalous behavior triggered by CAN messages is unclear, and a validity check is required after the intrusion detection algorithm is designed. To solve the low coverage rate problem in the process of validating intrusion detection algorithms, an in-vehicle CAN fuzz-testing message generation model, the field-associative mutation generation adversarial network (FAMGAN), is proposed. To improve the defects of high randomness in generating messages in traditional fuzz-testing algorithms, FAMGAN adopts field division based on a conditional random field and the field association method based on the Apriori algorithm. Experiments were conducted on a real car using a code-built intrusion detection algorithm. The results demonstrate that FAMGAN can efficiently generate anomalous CAN messages and evaluate the performance of an in-vehicle CAN intrusion detection algorithm.
| [1] |
A. Neffati, A. Marzouki, Local energy management in hybrid electrical vehicle via fuzzy rules system, AIMS Energy, 8 (2020), 421–437. https://doi.org/10.3934/energy.2020.3.421 doi: 10.3934/energy.2020.3.421
|
| [2] | Y. Ma, Z. Wang, H. Yang, Artificial intelligence applications in the development of autonomous vehicles: A survey, IEEE/CAA J. Autom. Sin., 7 (2020), 315–329. https://doi.org/1109/JAS.2020.1003021 |
| [3] |
Z. Feng, M. He, B. Li, Research on car information security attack and protection technology, J. Cyber Secur., 2 (2017), 1–14. https://doi.org/10.19363/j.cnki.cn10-1380/tn.2017.04.001 doi: 10.19363/j.cnki.cn10-1380/tn.2017.04.001
|
| [4] | H. Kong, T. Kim, M. Hong, A security risk assessment framework for smart car, in International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), (2016), 102–108, https://doi.org/10.1109/IMIS.2016.42 |
| [5] |
R. Solaiman, T. Kherbek, A. Ahmad, Defining a new method to set certainty factors to improve power systems prognosis with fuzzy petri nets, AIMS Energy, 8 (2020), 686–700. https://doi.org/10.3934/energy.2020.4.686 doi: 10.3934/energy.2020.4.686
|
| [6] | K. Nohara, K. Asahi, M. Yoshikawa, Study of threat for automotive embedded system by Trojan virus, in 2014 IEEE 3rd Global Conference on Consumer, (2014), 405–406, https://doi.org/10.1109/GCCE.2014.7031151 |
| [7] | S. Abbott-McCune, L. A. Shay, Intrusion prevention system of automotive network CAN bus, in 2016 IEEE International Carnahan Conference (ICCST), (2016), 1–8, https://doi.org/10.1109/CCST.2016.7815711 |
| [8] | B. Marco, Design and implementation of an intrusion detection system (IDS) for in-vehicle networks, Master thesis, University of Gothenburg, 2017. |
| [9] | L. Kang, H. Shen, Abnormal message detection for CAN bus based on message transmission behaviors, in 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), (2020), 432–441. https://doi.org/10.1109/ICDCS47774.2020.00041 |
| [10] |
H. Markus, S. Thilo, D. Katharina, U. Holger, CANet: An unsupervised intrusion detection system for high dimensional CAN bus data, IEEE Access, 8 (2020), 58194–58205. https://doi.org/10.1109/ACCESS.2020.2982544 doi: 10.1109/ACCESS.2020.2982544
|
| [11] |
S. Lokman, A. Othman, M. Abu-Bakar, Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review, EURASIP J. Wirel. Commun. Netw., 1 (2019), 184–200. https://doi.org/10.1186/s13638-019-1484-3 doi: 10.1186/s13638-019-1484-3
|
| [12] | C. Miller, C. Valasek, Adventures in automotive networks and control units, 2013. Available from: https://defcon.org/html/defcon-21/dc-21-speakers.html. |
| [13] | C. Valasek, C. Miller, Who's behind the wheel? Exposing the vulnerabilities and risks of high tech vehicles, 2015. Available from: https://icitech.org/wp-content/uploads/2015/09/ICIT-Brief_Whos-Behind-the-Wheel_Car-Hacking1.pdf. |
| [14] | A. Greenberg, The jeep hackers are back to prove car hacking can get much worse, 2016. Available from: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/. |
| [15] | T. Huang, J. Zhou, A. Bytes, ATG: An attack traffic generation tool for security testing of in-vehicle CAN bus, ACM Int. Conf. Proc. Ser., (2018), 1–6, https://doi.org/10.1145/3230833.3230843 |
| [16] |
H. Olufowobi, C. Young, J. Zambreno, G. Bloom, SAIDuCANT: Specification-based automotive intrusion detection using Controller Area Network (CAN) timing, IEEE Trans. Veh. Technol., 69 (2020), 1484–1494, https://doi.org/10.1109/TVT.2019.2961344 doi: 10.1109/TVT.2019.2961344
|
| [17] | X. Zhou, R. Jiang, M. Tian, H. Qu, H. Zhang, Temperature-sensitive Fingerprinting on ECU Clock Offset for CAN Intrusion Detection and Source Identification, in Proceedings of the ACM Turing Celebration Conference-China, (2020), 89–94, https://doi.org/10.1145/3393527.3393543 |
| [18] | D. Li, M. Tian, R. Jiang, K. Yang, Exploiting temperature-varied voltage fingerprints for in-vehicle CAN intrusion detection, in ACM Turing Award Celebration Conference-China (ACM TURC 2021), (2021), 116–120, https://doi.org/10.1145/3472634.3472662 |
| [19] |
W. Jiang, Z. Li, K. Tan, An adaptive intrusion detection algorithm for in-vehicle CAN bus based on periodicity of message, J. Phys. Conf. Ser., 1748 (2021), 1–9, https://doi.org/10.1088/1742-6596/1748/3/032023 doi: 10.1088/1742-6596/1748/3/032023
|
| [20] |
R. Islam, M. K. Devnath, M. D. Samad, S. M. Kadry, GGNB: Graph-based Gaussian naive Bayes intrusion detection system for CAN bus, Veh. Commun., 33 (2021), 69–79. https://doi.org/10.1016/j.vehcom.2021.100442 doi: 10.1016/j.vehcom.2021.100442
|
| [21] |
R. Islam, R. U. D. Refat, S. M. Yerram, H. Malik, Graph-based intrusion detection system for Controller Area Networks, IEEE Trans. Intell. Transp. Syst. (T-ITS), 23 (2022), 1727–1736, https://doi.org/10.1109/TITS.2020.3025685 doi: 10.1109/TITS.2020.3025685
|
| [22] |
K. Tan, Z. Li, W. Jiang Y. Guan, W. Tong, In-vehicle CAN bus anomaly detection algorithm based on linear chain condition random field, in 2019 IEEE 19th International Conference on Communication Technology (ICCT), (2019), 1153–1159, https://doi.org/10.1109/ICCT46805.2019.8947020 doi: 10.1109/ICCT46805.2019.8947020
|
| [23] |
Y. He, Z. Jia, M. Hu, C. Cui, Y. Cheng, Y. Yang, The hybrid similar neighborhood robust factorization machine model for can bus intrusion detection in the in-vehicle network, IEEE Trans. Intell. Transp. Syst.(T-ITS), 22 (2021), 1–9, https://doi.org/10.1109/TITS.2021.3113638 doi: 10.1109/TITS.2021.3113638
|
| [24] |
G. Xie, L. T. Yang, Y. Yang, H. Luo, R. Li, M. Alazab, Threat analysis for automotive CAN networks: A GAN model-based intrusion detection technique, IEEE Trans. Intell. Transp. Syst.(T-ITS), 22 (2021), 4467–4477, https://doi.org/10.1109/TITS.2021.3055351 doi: 10.1109/TITS.2021.3055351
|
| [25] | H. Lee, K. Choi, K. Chung, J. Kim, K. Yim, Fuzzing CAN packets into automobiles, in IEEE International Conference on Advanced Information Networking & Applications (AINA), (2015), 817–821, https://doi.org/10.1109/AINA.2015.274 |
| [26] | D. S. Fowler, J. Bryans, M. Cheah, P. Wooderson, S. A. Shaikh, A method for constructing automotive cybersecurity tests, a CAN fuzz testing example, in IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), (2019), 1–8, https://doi.org/10.1109/QRS-C.2019.00015 |
| [27] | E. Seo, H. Song, H. Kim, GIDS: GAN based intrusion detection system for in-vehicle network, in 2018 16th Annual Conference on Privacy, Security and Trust (PST), (2018), 1–6, https://doi.org/10.1109/PST.2018.8514157 |
| [28] |
C. Zhang, H. Zhao, Z. Cao. The vulnerability mining method for KWP2000 protocol based on deep learning and fuzzing, J. Shand. Univ., 32 (2018), 17–22, https://doi.org/10.6040/j.issn.1672-3961.0.2018.340 doi: 10.6040/j.issn.1672-3961.0.2018.340
|
| [29] | D. S. Fowler, J. Bryans, S. A. Shaikh, P. Wooderson, Fuzz testing for automotive cyber-security, in 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), (2018), 239–246, https://doi.org/10.1109/DSN-W.2018.00070 |
| [30] | H. Lee, S. H. Jeong, H. K. Kim, OTIDS: A novel intrusion detection system for in-vehicle network by using remote frame, in 2017 15th Annual Conference on Privacy, Security and Trust (PST), (2017), 57–5709, https://doi.org/10.1109/PST.2017.00017 |
| [31] | M. Arjovsky, S. Chintala, L. Bottou. Wasserstein GAN, preprint, arXiv: 1701.07875. |
| [32] | I. Gulrajani, F. Ahmed, M. Arjovsky, Improved training of wasserstein GANs, Adv. Neural Inf. Proc. Syst., (2017), 5767–5777, https://doi.org/10.48550/arXiv.1704.00028. |
| [33] | J. Lafferty, A. Mccallum, F. Pereira, Conditional random fields: Probabilistic models for segmenting and labeling sequence data, in Proceedings of the Eighteenth International Conference on Machine Learning, (2001), 282–289, Available from: https://www.seas.upenn.edu/~strctlrn/bib/PDF/crf.pdf. |
| [34] |
M. Marchetti, D. Stabili, READ: Reverse engineering of automotive data frames, IEEE Trans. Inf. Forensics Secur., 14 (2019), 1083–1097, https://doi.org/10.1109/TIFS.2018.2870826 doi: 10.1109/TIFS.2018.2870826
|
Figures(13) / Tables(4)
Zhongwei Li, Wenqi Jiang, Xiaosheng Liu, Kai Tan, Xianji Jin, Ming Yang. GAN model using field fuzz mutation for in-vehicle CAN bus intrusion detection[J]. Mathematical Biosciences and Engineering, 2022, 19(7): 6996-7018. doi: 10.3934/mbe.2022330
DownLoad: