一种车载控制器局域网络入侵检测算法及硬件加速  被引量：2

作　　者：许鹤 吴迪 卢继武[1] 李仁发 Xu He;Wu Di;Lu Jiwu;Li Renfa(College of Electrical and Information Engineering,Hunan University,Changsha 410082;College of Computer Science and Electronic Engineering,Hunan University,Changsha 410082;Key Laboratory for Embedded and Network Computing of Hunan Province(Hunan University),Changsha 410082)

机构地区：[1]湖南大学电气与信息工程学院,长沙410082 [2]湖南大学信息科学与工程学院,长沙410082 [3]嵌入式与网络计算湖南省重点实验室(湖南大学),长沙410082

出　　处：《计算机研究与发展》2023年第12期2783-2796,共14页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61932010,61972145);湖南省自然科学基金项目(2023JJ30146)。

摘　　要：控制器局域网(controller area network,CAN)总线协议广泛应用于车辆系统,是一种高效的标准总线,可实现所有电子控制单元(electronic control units,ECUs)之间的通信.然而,CAN总线由于缺乏安全防御功能,很容易受到攻击.针对车载入侵检测提出一种自注意力机制(self-attention mechanism,SAM)增强的网格型长短时记忆(grid long short-term memory,Grid LSTM)网络,称为SALVID.SAM可以增强针对CAN总线的攻击行为特征,Grid LSTM可以有效提取时序数据的深度特征.通过从实际汽车中提取的正常CAN数据生成5个攻击数据集,包括拒绝服务(denial of service,DoS)攻击、模糊攻击、欺骗攻击、重放攻击和删除攻击,比较了具有不同模型深度的各种模型的性能,结果表明,在检测CAN总线攻击方面,SALVID具有最佳性能.该模型可以识别带有小批量特征的攻击,整体检测准确率为98.98%,这在以往的研究中是很难做到的.还设计并实现了基于现场可编程门阵列(field programmable gate array,FPGA)嵌入式平台的SALVID模型,并基于训练好的模型使用并行优化和量化来加速计算.实验结果表明,即使有一定程度的量化,SALVID仍然表现出98.81%的高检测准确率和1.88 ms的低时延.该研究为设计高性能实时车载入侵检测系统提供了一种新思路.A controller area network(CAN)bus protocol is widely used in the vehicular system and is an efficient standard bus enabling communication between all electronic control units(ECUs).However,the CAN bus is easy to be attacked because of a lack of security defense features.We propose self-attention mechanism(SAM)enhanced grid long short-term memory(Grid LSTM)for vehicular intrusion detection,namely SALVID.The SAM can enhance the characteristics of CAN bus-oriented attack behavior,and the Grid LSTM can effectively extract the depth features of time series data.We generate five attack datasets by extracting benign CAN data from the actual car,including denial of service(DoS),fuzzy,spoofing,replay,and delete attacks.We compare the performance of various models with different model depths,and the results demonstrate that SALVID has the best performance in detecting the attacks on CAN bus.SALVID can identify attacks with small-batch features according to an overall detection accuracy of 98.98%,which is hard to be done in previous studies.We also design and implement SALVID based on field programmable gate array(FPGA)embedded platform and use parallel optimization and quantification to accelerate the model based on previous experiments.Even with a certain degree of quantification,SALVID still displays high detection accuracy of 98.81%and a latency of 1.88 ms.The investigation provides a new idea for designing high-performance and real-time vehicular intrusion detection systems.

关 键 词：控制器局域网 时序数据 入侵检测 网格型长短时记忆网络 自注意力机制 现场可编程门阵列 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]