Abstract
The CAN-Bus is currently the most widely used vehicle bus network technology, but it is designed for needs of vehicle control system, having massive data and lacking of information security mechanisms and means. The Intrusion Detection System (IDS) based on machine learning is an efficient active information security defense method and suitable for massive data processing. We use a machine learning algorithm—Gradient Boosting Decision Tree (GBDT) in IDS for CAN-Bus and propose a new feature based on entropy as the feature construction of GBDT algorithm. In detection performance, the IDS based on GBDT has a high True Positive (TP) rate and a low False Positive (FP) rate.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Senn, S.: Analysis and application for CAN-bus controller integrated in AVR MCU, pp. 2661–2674 (1996)
Ricci, C.P.: Controller area network bus (2013)
Taha, A.E.M., Nasser, N.: Utilizing CAN-Bus and smartphones to enforce safe and responsible driving, pp. 111–115 (2015)
Guerrero-Ibanez, J.A., Zeadally, S., Contreras-Castillo, J.: Integration challenges of intelligent transportation systems with connected vehicle, cloud computing, and internet of things technologies. IEEE Wirel. Commun. 22, 122–128 (2015)
Huang, C.H., Chen, H.Y., Huang, T.F., Tzeng, Y.Y., Li, P.Y., Wu, P.S.: A self-adaptive system for vehicle information security applications. In: IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, pp. 188–192 (2015)
Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_1
Biryukov, A., Cannière, C.D.: Data encryption standard (DES) (2005)
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)
Manner, J., Karagiannis, G., Mcdonald, A.: NSIS Signaling Layer Protocol (NSLP) for quality-of-service signaling. IETF 31(2), 152–160 (2010)
Huang, M.Y., Jasper, R.J., Wicks, T.M.: A large scale distributed intrusion detection framework based on attack strategy analysis. Comput. Netw. 31(23–24), 2465–2475 (1998)
Hoppe, T., Kiltz, S., Dittmann, J.: Security Threats to Automotive CAN networks – practical examples and selected short-term countermeasures. In: Harrison, Michael D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 235–248. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87698-4_21
Cheng, K., Zhang, C.: Feature-based weighted Naive Bayesian classifier. Comput. Simul. 23(10), 92–94 (2006)
Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: Intelligent Vehicles Symposium, pp. 1110–1115 (2011)
Robnikšikonja, M., Kononenko, I.: Theoretical and empirical analysis of ReliefF and RReliefF. Mach. Learn. 53(1), 23–69 (2003)
Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: Intelligent Vehicles Symposium, pp. 220–225 (2008)
Friedman, J.H.: Greedy function approximation: a gradient boosting machine. Annal. Stat. 29, 1189–1232 (2001)
Hamid, Y., Sugumaran, M., Journaux, L.: Machine learning techniques for intrusion detection: a comparative analysis. In: International Conference on Informatics and Analytics (2016)
Xu, M., Watanachaturaporn, P., Varshney, P.K., Arora, M.K.: Decision tree regression for soft classification of remote sensing data. Remote Sens. Environ. 97, 322–336 (2005)
Takimoto, E., Maruoka, A.: Top-down decision tree learning as information based boosting. Theor. Comput. Sci. 292, 447–464 (2003)
Iqbal, M.R.A., Rahman, S., Nabil, S.I., Chowdhury, I.U.A.: Knowledge based decision tree construction with feature importance domain knowledge. In: International Conference on Electrical & Computer Engineering, pp. 659–662 (2012)
Liang, J., Shi, Z., Li, D., Wierman, M.J.: Information entropy, rough entropy and knowledge granulation in incomplete information systems. Int. J. Gen. Syst. 35(6), 641–654 (2006)
Acknowledgments
This research was supported by the National Key Research and Development Program of China (2016YFB0100902).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Tian, D. et al. (2018). An Intrusion Detection System Based on Machine Learning for CAN-Bus. In: Chen, Y., Duong, T. (eds) Industrial Networks and Intelligent Systems. INISCOM 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 221. Springer, Cham. https://doi.org/10.1007/978-3-319-74176-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-74176-5_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74175-8
Online ISBN: 978-3-319-74176-5
eBook Packages: Computer ScienceComputer Science (R0)