一种面向车联网的零日攻击检测方法  

作　　者：王博 赵金城 徐丙凤[1,3] 何高峰 WANG Bo;ZHAO Jincheng;XU Bingfeng;and HE Gaofeng(College of Information Science and Technology&Artificial Intelligence,Nanjing Forestry University,Nanjing 210037,China;College of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210003,China;Key Laboratory of Safety-Critical Software(Nanjing University of Aeronautics and Astronautics),Ministry of Industry and Information Technology,Nanjing 211106,China)

机构地区：[1]南京林业大学信息科学技术学院、人工智能学院,南京210037 [2]南京邮电大学物联网学院,南京210003 [3]高安全系统的软件开发与验证技术工业和信息化部重点实验室(南京航空航天大学),南京211106

出　　处：《计算机科学》2024年第12期334-342,共9页Computer Science

基　　金：国家自然科学基金面上项目(62372240);江苏省网络与信息安全重点实验室(BM2003201);南京航空航天大学科研基地创新(理工类)项目(NJ2020022)。

摘　　要：由于缺乏攻击数据,车联网零日攻击检测通常采用基于异常的方法。但车辆实际行驶过程中环境复杂多样、行为模式多变,导致正常的行为模式会出现较大的差异,采用基于异常的方法容易导致高误报率。在车联网环境中零日攻击和已知攻击的攻击原理相似,受迁移学习的启发,基于条件生成对抗网络提出一种应用少样本学习的车联网零日攻击检测方法。首先,提出一种多生成器和多判别器的条件对抗生成网络模型。其次,设计了一种自适应采样数据增强方法,通过对已知的攻击样本进行数据增强优化该网络模型的输入样本以减少误报。为进一步缓解该网络模型的输入攻击样本过少带来的数据不平衡问题,在判别器中给出了一种协作焦点损失函数重点判别难分类数据。最后,基于F2MD车辆网络仿真平台进行了大量实验,实验结果表明所提方法对于零日攻击的检测效果和检测延迟均优于现有方法,为车联网零日攻击检测提供了一种有效的解决方案。Zero-day attack detection in the Internet of Vehicles usually adopts anomaly-based methods due to the limited availabi-lity of attack data.Nevertheless,the complex and diverse driving environments that vehicles operate in,coupled with the variability of behavioral patterns,resulting in significant deviations in normal behavior.As a consequence,the utilization of anomaly-based methods tends to yield elevated false alarm rates.In the vehicular context,the attack principles of zero-day and known attacks exhibit similarities.Drawing inspiration from transfer learning,a zero-day attack detection method for the Internet of Vehicles is introduced,which is grounded in few-shot learning and employs conditional generative adversarial networks(CGANs).Specifically,a conditional adversarial generative network model is proposed featuring multiple generators and multiple discriminators.Within this framework,an adaptive sampling data augmentation method is developed to enhance the dataset with known attack samples.This augmentation is achieved through the optimization of input samples to effectively reduce the occurrence of false positives.Furthermore,to address the data imbalance issue stemming from a limited number of input attack samples,a collaborative focus loss function is incorporated into the discriminators,with an emphasis on distinguishing challenging-to-classify data.The effectiveness of the proposed method is rigorously assessed through comprehensive experiments conducted on the F2MD vehicle network simulation platform.The experimental results unequivocally establish the superiority of the proposed approach compared to existing methods,both in terms of detection efficacy and latency.As a result,this paper presents an effective solution for zero-day attack detection in the realm of the Internet of Vehicles.

关 键 词：车联网 零日攻击 条件生成对抗网络 少样本学习 异常检测 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]