基于移动边缘计算的车载CAN网络入侵检测方法  被引量：15

作　　者：于天琪 胡剑凌[1] 金炯 羊箭锋[1] YU Tian-qi;HU Jian-ling;JIN Jiong;YANG Jian-feng(School of Electronic and Information Engineering,Soochow University,Suzhou,Jiangsu 215006,China;School of Software and Electrical Engineering,Swinburne University of Technology,Melbourne 3122,Australia)

机构地区：[1]苏州大学电子信息学院,江苏苏州215006 [2]斯威本科技大学软件与电气工程学院,墨尔本3122

出　　处：《计算机科学》2021年第1期34-39,共6页Computer Science

基　　金：江苏省自然科学基金(BK20200858)。

摘　　要：随着车联网技术的快速发展和广泛部署,其在为智能网联汽车提供互联网与大数据分析等智能化服务的同时,引入了网络入侵等安全与隐私问题。传统车载网络的封闭性导致现有的车载网络通信协议,特别是部署最为广泛的控制器局域网络(Controller Area Network,CAN)总线协议,在发布时缺少隐私与安全保护机制。因此,为检测网络入侵、保护智能网联汽车安全,文中提出了一种基于支持向量数据描述(Support Vector Data Description,SVDD)的车载CAN网络入侵检测方法。该方法提取单位时间窗内CAN网络报文ID的加权自信息量和ID的归一化值作为特征信息,并在移动边缘计算服务器处构建并训练SVDD模型,目标车辆基于训练的SVDD模型进行异常特征值识别,从而实现实时的车载CAN网络入侵检测。文中采用韩国高丽大学HCR实验室公开的CAN网络数据集,对所提方法与3种传统的基于信息熵的车载网络入侵检测方法在拒绝服务攻击和伪装攻击检测准确率方面进行了对比与分析。仿真实验结果表明,在少量报文入侵时,所提方法显著提高了入侵检测的准确率。With the rapid development and pervasive deployment of the Internet of Vehicles(IoV),it provides the services of Internet and big data analytics to the intelligent and connected vehicles,while incurs the issues of security and privacy.The closure of traditional in-vehicle networks leads to the communications protocols,particularly,the most commonly applied controller area network(CAN)bus protocol,lack of security and privacy protection mechanisms.Thus,to detect the network intrusions and protect the vehicles from being attacked,a support vector data description(SVDD)based intrusion detection method is proposed in this paper.Specifically,the weighted self-information of message IDs and the normalized values of IDs are selected as features for SVDD modeling,and the SVDD models are trained at the mobile edge computing(MEC)servers.The vehicles use the trained SVDD models for identifying the abnormal values of the selected features to detect the network intrusions.Simulations are conducted based on the CAN network dataset published by the HCR Lab of Korea University,where three conventional information entropy based in-vehicle network intrusion detection methods are adopted as the benchmarks.As compared to the benchmarks,the proposed method has dramatically improved the intrusion detection accuracy,especially when the number of intruded messages is small.

关 键 词：车联网 移动边缘计算 车载网络 网络入侵检测 支持向量数据描述算法 

分 类 号：TN915[电子电信—通信与信息系统]