A game theory based multi layered intrusion detection framework for VANET

doi:10.1016/j.future.2017.12.008

Future Generation Computer Systems

Volume 82, May 2018, Pages 12-28

https://doi.org/10.1016/j.future.2017.12.008 Get rights and content

Highlights

•
A multi-layered game theory based VANET intrusion detection framework is proposed.
•
A novel clustering and CH election algorithm for VANET is proposed.
•
A payment structure based on VCG mechanism is proposed for the CH election.
•
Proposed framework achieves high detection rate and accuracy across wide range of attacks.

Abstract

Vehicular Ad-hoc Networks (VANETs) are vulnerable to various type of network attacks like Blackhole attack, Denial of Service (DoS), Sybil attack etc. Intrusion Detection Systems (IDSs) have been proposed in the literature to address these security threats. However, high vehicular mobility makes the process of formulating an IDS framework for VANET a difficult task. Moreover, VANETs operate in bandwidth constrained wireless radio spectrum. Therefore, IDS frameworks that introduce significant volume of IDS traffic are not suitable for VANETs. In addition, dynamic network topology, communication overhead and scalability to higher vehicular density are some other issues that needs to be addressed while developing an IDS framework for VANETs. This paper aims to address these issues by proposing a multi-layered game theory based intrusion detection framework and a novel clustering algorithm for VANET. The communication overhead of the IDS is reduced by using a set of specification rules and a lightweight neural network based classifier module for detecting malicious vehicles. The volume of IDS traffic is minimized by modeling the interaction between the IDS and the malicious vehicle as a two player non-cooperative game and adopting a probabilistic IDS monitoring strategy based on the Nash Equilibrium of the game. Finally, the proposed clustering algorithm maintains the stability of the IDS framework, which ensures that the framework scales up well to networks with higher vehicular densities. Simulation results show that the proposed framework achieves high accuracy and detection rate across wide range of attacks, while at the same time minimizes the overall volume of intrusion detection related traffic introduced into the vehicular network.

Introduction

The concept of enabling vehicles with the capability to make transportation infrastructure more secure and efficient has received immense attention in recent years. This has lead to the emergence of Vehicular Ad-hoc Networks (VANETs), which are formed on the fly by a network of vehicles equipped with multiple sensors and On Board Units (OBUs). The OBUs enable vehicles to connect with Road Side Units (RSUs) through a wireless short-range direct communication link based on the IEEE 802.11p radio frequency channel. VANET uses various type of notification messages like Post Crash Notification (PCN), Road Hazard Condition Notification (RHCN), Stopped/Slow Vehicle Advisor (SVA) etc., to provide vehicular communication.

VANET uses 75 MHz of Dedicated Short Range Communications (DSRC) spectrum at 5.9 GHz to support IEEE 802.11p standard for communication among vehicles. DSRC provides a communication range of 300–1000 m with a data rate of more than 27 Mbps and supports a vehicular mobility as high as 200 kmph [1]. The IEEE P1609 working group has proposed DSRC as IEEE 802.11p standard for Wireless Access in Vehicular Environment (WAVE) platform [2]. The DSRC based WAVE architecture supports two different protocol stacks namely, the WAVE Share Message Protocol (WSMP) and the traditional IPv6 protocol. Time sensitive and high priority communication are achieved using the WSMP, while the less demanding communication involving the UDP/TCP/IP data frames are achieved using the IPv6 protocol. As shown in Fig. 1, the DSRC spectrum band is divided into seven channels of 10 MHz each [3]. Channel 178 is the Control Channel (CCH), which is used for transmission of emergency messages. The other six channels numbered 172, 174, 176, 180, 182 and 184 are Service Channels (SCHs), which are used for both safety and non-safety applications. If the CCH channel is active, all vehicles are bound to stop their communication during CCH time frame to receive and transmit emergency messages on CCH channel.

VANETs use emergency broadcast messages for disseminating information about adverse road conditions and traffic accidents, which require communication between the member vehicles through open wireless medium. The attacker can exploit this broadcast nature of VANET to carry out various type of attacks like eavesdropping, interference, jamming, masquerading, packet replay, Denial of Service (DoS), impersonation, identity disclosure etc. [[4], [5], [6]]. Preventive security measures like digital signature, authentication and encryption are usually employed as the first line of defense to prevent and detect such attacks in VANETs. However, these preventive measures have several limitations. The attacker can easily circumvent them by modifying the attack signatures to avoid detection. Moreover, an insider attacker with valid cryptographic keys used for secure communication can render the preventive security measures obsolete. Additionally, they use handshake based authentication mechanisms, which incur high communication overhead. All these factors make preventive security measures inadequate for providing a comprehensive protection against various type of attacks in VANETs.

To address the drawbacks associated with the preventive security measures, an alternative security mechanism in the form of Intrusion Detection Systems (IDSs) have been proposed in the literature [[7], [8], [9], [10], [11]]. They complement the preventive security measures and act as a second line of defense against various type of attacks. IDSs have widely been deployed in wired networks with great results. However, unlike the wired networks with fixed infrastructure and static topology, VANETs are highly dynamic with intermittent network connectivity and constrained wireless bandwidth radio spectrum. All these issues make the task of formulating an efficient intrusion detection framework for VANET difficult and challenging. Therefore, any intrusion detection framework proposed for VANET must take the following key issues into consideration:

$•$
Bandwidth constraints and IDS traffic volume: VANETs operate in a narrow bandwidth wireless radio spectrum. The entire bandwidth spectrum of the DSRC band (5.850–5.925 GHz) used for vehicular communication in VANET is only 75 MHz with a maximum theoretical throughput of 27 Mbps and a maximum transmission distance of 1000 m. Therefore, intrusion detection frameworks that introduce significant volume of IDS traffic and require pre stored information about the participating vehicles are not suitable for VANETs.
$•$
Dynamic network topology: Network topologies in VANETs vary depending on the traffic density and vehicular mobility. This can cause high delays in dissemination of messages due to broadcast storm at high vehicular densities and disconnected network problems at low vehicular densities. Therefore, any intrusion detection framework proposed for VANET must adopt a suitable clustering algorithm for producing stable vehicular clusters to maintain the network’s stability.
$•$
Communication overhead and scalability: The association of a vehicle with other vehicles and RSUs in VANET is usually short lived and intermittent. Therefore IDS frameworks that require high communication overhead are not suitable for VANETs. In addition, VANETs consist of a network of hundreds of vehicles and are designed for supporting real time safety related applications, which require them to be up and running all the time. Therefore, IDS frameworks designed for VANETs must be scalable to vehicular networks with high vehicular densities.

A good trade-off must be maintained between gathering enough information for effectively detecting network intrusions and preventing the overburdening of IDS’s logging component with high volume of IDS traffic in VANET. To achieve this trade-off, a novel clustering algorithm, a distributed Cluster Head (CH) election algorithm and a game theory based multi layered intrusion detection framework for VANET are proposed in this paper. In summary, the main contribution of this paper are as follows:

$•$
We propose a distributed clustering algorithm that uses various vehicular information like velocities, reputation values, real time coordinates and direction of movement to generate stable vehicular clusters. Stable clusters enhance the robustness of the intrusion detection framework by providing vehicles enough time frame to exchange their data and thereby enabling them to make informed decisions.
$•$
We propose a novel Cluster Head (CH) election algorithm that uses an incentive structure based on the Vickrey–Clarke–Groves (VCG) mechanism to motivate vehicles to actively participate in the CH election process by offering them payment in the form of reputation gain for taking up the role of the CH. Data packets of the reputed vehicles are given higher priority during data traffic routing.
$•$
We propose a multi layered game theory based intrusion detection framework for VANET that uses a set of specification rules and a lightweight neural network based classifier module to detect various type of attacks in VANET.
$•$
We model the interaction between the IDS and the malicious vehicle as a two player non-cooperative game, and adopt probabilistic monitoring strategies based on the NE of the game. Such game theoretic modeling minimizes the volume of IDS traffic in bandwidth constrained vehicular networks, without compromising the overall performance of the intrusion detection framework.

The rest of the paper has been organized in following way. Section 2 discusses related works on VANET intrusion detection frameworks and their drawbacks. Section 3 provides a detailed description of the proposed game theory based multi layered intrusion detection framework. Section 4 provides the experimental results and comparison analysis of the proposed framework with various other intrusion detection frameworks. Conclusion and future works are provided in Section 5.

Section snippets

Related works

The work proposed in this paper primarily focuses on detection of insider attacks like blackhole attack, wormhole attack, selective forwarding etc., in VANETs. Therefore, we begin the related work section with description of various misbehaving detection mechanisms proposed in the literature for identifying insider attacks in various wireless networks like, Wireless Sensor Network (WSN), Mobile Ad-hoc Network (MANET) and VANET. We then state the drawbacks associated with these detection

Multi layered game theory based hybrid intrusion detection framework

In this section, we first present an overview of the proposed intrusion detection framework for VANET and state various assumptions made by the framework. We then describe various type of attacks in VANETs followed by a detailed description of the proposed multi-layered game theory based intrusion detection framework for VANET.

The overall architecture of the proposed intrusion detection framework is shown in Fig. 2. In the proposed framework, the vehicles communicate with their respective

Experimental results

We have classified the experimental result section into two sub-sections namely, the simulated vehicular network traffic and the real time vehicular network traffic. The experimental setup and the results obtained on the simulated and the real time vehicular network traffic are provided in the sub-sequent subsections.

Following parameters were used to analyze the performance of different IDS frameworks: (1) Detection rate (2) False alarm rate (3) IDS traffic volume and (4) Average cluster

Conclusion and future work

In this paper, a novel clustering algorithm, a CH election algorithm and a game theory based IDS framework for VANETs have been proposed. The proposed clustering algorithm ensures the stability of the IDS framework by generating stable vehicular clusters with enhanced connectivity among member vehicles. CH and agent nodes election algorithms are then executed to elect the CH and a set of agent nodes for each cluster. The proposed IDS framework uses the agent nodes, the CHs and the RSUs

Basant Subba is a Ph.D. research scholar at the Indian Institute of Technology, Guwahati. He received his bachelors in Engineering (BE) degree from Visvesvaraya Technological University, Belgaum, India in 2009 and Masters degree (M.Tech.) from National Institute of Technology, Durgapur, India in 2012. His research interests are designing game theory based intrusion detection frameworks for wired networks, Mobile Ad-hoc Networks (MANETs), Vehicular Ad-hoc Networks (VANETs) and Wireless Sensor

References (38)

MejriM.N. et al.
Survey on VANET security challenges and possible cryptographic solutions
Veh. Commun.
(2014)
SedjelmaciH. et al.
An accurate and efficient collaborative intrusion detection framework to secure vehicular networks
Comput. Electr. Eng.
(2015)
HudaS. et al.
Hybrids of support vector machine wrapper and filter based framework for malware detection
Future Gener. Comput. Syst.
(2016)
KhanF.A. et al.
A detection and prevention system against collaborative attacks in mobile ad hoc networks
Future Gener. Comput. Syst.
(2017)
GuoQ. et al.
MP-MID: Multi-Protocol Oriented Middleware-level Intrusion Detection method for wireless sensor networks
Future Gener. Comput. Syst.
(2017)
XieY. et al.
Unifying intrusion detection and forensic analysis via provenance awareness
Future Gener. Comput. Syst.
(2016)
KumarN. et al.
Collaborative trust aware intelligent intrusion detection in VANETs
Comput. Electr. Eng.
(2014)
SubbaB. et al.
Intrusion detection in mobile ad-hoc networks: Bayesian game formulation
Eng. Sci. Technol. Internat. J.
(2016)
DaeinabiA. et al.
VWCA: An efficient clustering algorithm in vehicular ad hoc networks
J. Netw. Comput. Appl.
(2011)
ToorY. et al.
Vehicle ad hoc networks: Applications and related technical issues
IEEE Commun. Surv. Tutor.
(2008)

D. Jiang, L. Delgrossi, Ieee 802.11p: Towards an international standard for wireless access in vehicular environments,...

RayaM. et al.

Eviction of Misbehaving and Faulty Nodes in Vehicular Networks

IEEE J. Sel. Areas Commun.

(2007)

GillaniS. et al.

A Survey on Security in Vehicular Ad Hoc Networks

(2013)

P. Papadimitratos, V. Gligor, J.-P. Hubaux, Securing vehicular communications - assumptions,requirements, and...

Y. Cho, G. Qu, Y. Wu, Insider threats against trust mechanism with watchdog and defending approaches in wireless sensor...

F. Liu, X. Cheng, D. Chen, Insider attacker detection in wireless sensor networks, in: IEEE INFOCOM - 26th IEEE...

H. Ehsan, F.A. Khan, Malicious AODV: Implementation and analysis of routing attacks in MANETs. In: IEEE 11th...

K.R. Abirami, M.G. Sumithra, J. Rajasekaran, An enhanced intrusion detection system for routing attacks in MANET, in:...

S. Dietzel, J. Gürtler, R. van der Heijden, F. Kargl, Redundancy-based statistical analysis for insider attack...

Cited by (73)

A review of security attacks and intrusion detection in the vehicular networks
2024, Journal of King Saud University - Computer and Information Sciences
With the proliferation of Vehicular Ad Hoc Networks (VANETs), ensuring the security and integrity of communication within these networks has become a paramount concern. This paper elaborates on the architecture, characteristics, security services, and various threats in the VANET. Moreover, this paper presents a comprehensive review of Intrusion Detection Systems (IDS) designed for VANETs, aiming to thoroughly understand the challenges, existing solutions, and future directions in this dynamic field. A discussion of the current practices on the evaluation techniques, tools, and datasets is shown. The paper emphasises the need for adaptive and resource-efficient IDS mechanisms, real-world validation, and a deeper exploration of the practical impact of security threats on specific vehicular functionalities. This review serves as a foundation for future research directions to enhance the security of VANETs, contributing to the evolution of intelligent transportation systems.
Detection of intrusions in clustered vehicle networks using invasive weed optimization using a deep wavelet neural networks
2023, Measurement: Sensors
A VANET is a kind of IMS, or intelligent transportation system, that connects moving vehicles. Guaranteeing timely and accurate information sharing between vehicles and infrastructure helps make roads safer and more efficient. Wireless connections are used for data transmission in VANET, making security a critical design challenge. At the same time, the energy constrained ability of the vehicles in VANET creates energy efficiency as a challenging problem. In this aspect, this study presents an effective invasive weed optimization algorithm based energy efficient clustering with deep wavelet neural network based intrusion detection (IWOEEC-DWNN) technique for VANET. The clustered VANET is the target of the IWOEEC-DWNN approach, which seeks to detect any intrusions that may occur. In addition, the IWOEEC-DWNN method builds clusters through an IWO-based cluster technique's optimum cluster head (CH) selection and cluster design. In addition, the DWNN model is employed as a classification model to determine the occurrence of intrusions in the VANET. The design of IWOEEC-DWNN technique considerably helps to accomplish security and energy efficiency. Extensive computations were performed to test the efficacy of the IWOEEC-DWNN method, and the findings showed that it was superior to competing methods on a number of different metrics.
An authentication approach in SDN-VANET architecture with Rider-Sea Lion optimized neural network for intrusion detection
2023, Internet of Things (Netherlands)
Vehicular Ad-hoc Network (VANET) offers expedient services in intellectual transportation models but is susceptible to several attacks. The Intrusion detection systems (IDSs) help to prevent security risks by discovering irregular network behaviours under local sub-networks inspite of complete VANET. An optimization-driven model is devised for detecting intrusion in SDN-VANET. The network comprises several entities, like the On-Board Unit (OBU), SDN, Road-Side Unit (RSU), and Authentication Server. The proposed approach involves five phases, namely registration, key generation, data encoding, authentication, and decoding. The authentication of OBU is done with the data packets. The detection of intrusion is performed using the optimized model. The selection of features is done from log files considering the Renyi entropy. The detection of intrusion is done using the Rider-based neural network (RideNN), trained with designed Rider-based Sea Lion Optimization (RBSLO), and is produced by blending the Rider optimization algorithm (ROA) and Sea Lion Optimization (SLnO). The proposed RBSLO-based RideNN offered to improve the achievement with the elevated precision of 92.5%, the recall of 95.4%, the F-measures of 94%, and the smallest computation time of 135.654 s.
A survey on misbehavior detection for connected and autonomous vehicles
2023, Vehicular Communications
Connected and autonomous vehicles have recently emerged as promising technological solutions to optimize traffic congestion, prevent accidents, and enhance driving safety and efficiency. Since such vehicles are equipped with various embedded components connected through different communication technologies, their security has become a vital concern. Therefore, Misbehavior Detection plays a major role in enabling vehicles to quickly identify the security risks and adopt effective immediate countermeasures. In this paper, we present an in-depth study of misbehavior detection in connected and autonomous vehicles. We first develop a new definition of misbehavior based on a comprehensive analysis of the existing work related to both intentional (criminal) and unintentional misbehavior. The new definition lays a foundation to accommodate, characterize, and understand novel misbehaviors. We then extensively investigate the state-of-the-art solutions and provide a detailed taxonomy for a large family of machine learning algorithms used for misbehavior detection in the literature. We carefully review the available tools and datasets for misbehavior detection. Finally, we present open research directions and challenges.
Federated Learning-based Misbehaviour detection on an emergency message dissemination scenario for the 6G-enabled Internet of Vehicles
2023, Ad Hoc Networks
With the 6G-enabled Internet of Vehicles (IoV), the Intelligent Transportation System (ITS) uses new communication technologies and smart data analysis to make transportation systems more innovative and effective. After the emergence of 6G, focusing on emergency message dissemination scenarios in IoVs, software-defined vehicular fog computing (SDVF) networks can be instrumental in enhancing vehicle-to-everything communication for sharing the road, traffic, and accident information with low latency. Nevertheless, the emergency messages are susceptible to intrusion attacks, especially Sybil attacks that could produce numerous bogus clients or collaborate with compromised devices. Thus, we propose the Federated Learning Entrusted Misbehaviour Detection System (FLEMDS) with vehicle selection to support the 6G-enabled vehicles in combating Sybil attackers. As a result, Sybil attack detection is carried out locally in the vehicles employing the federated learning on-vehicle AI technique. The FLEMDS employs a three-level model weight aggregation process at three locations to improve detection accuracy. To minimize the learning and detection latency, federated learning and software-defined vehicular fog computing are combined in the FLEMDS. We employ a fuzzy logic-based FL-vehicle selection (FLBFLVS) technique in the Road-Side Units (RSUs) and Base Stations (BSs) to choose suitable FL-vehicles as clients for the participation of local training in the FL process. The experimental results substantiate that the FLEMDS with FLBFLVS capitulates with a higher detection accuracy of 87% for a minimal number of global aggregations. Furthermore, FLEMDS with FLBFLVS is compared with the state-of-the-art FL-based frameworks. The outcomes show that the proposed schemes yield a faster convergence rate as well as a decrease in the time consumption of computation and communication.
Artificial Intelligence techniques to mitigate cyber-attacks within vehicular networks: Survey
2022, Computers and Electrical Engineering
Rapid advancements in communication technology have made vehicular networks a reality with numerous applications. However, vehicular network security is still an open research problem. Artificial intelligence (AI) techniques have emerged to address these issues. AI and its variants are becoming more popular for detecting attacks and dealing with many types of security issues in vehicular networks. This paper presents a comprehensive survey of AI-based techniques for security issues in vehicular networks. We first give a background on vehicular networks and their vulnerabilities. In addition, assess AI fundamentals with their impact on vehicular security. Furthermore, we classify and compare the AI-based solutions related to security for vehicular networks by proposing a new taxonomy. Finally, we present an analysis of the works included in this survey.

View all citing articles on Scopus

Santosh Biswas received B.E. degree from NIT, Durgapur, India, in 2001. He completed his M.S. and Ph.D. from IIT Kharagpur, India, in the year of 2004 and 2008, respectively. He works as an Associate Professor at the Department of Computer Science and Engineering, IIT Guwahati. His research interests include network security, VLSI testing and discrete event systems.

Sushanta Karmakar received his B.E. and M.E. degrees from Jadavpur University, India, in 2001 and 2004, respectively. He obtained his Ph.D. from IIT Kharagpur, India, in the year 2009. He works as an Associate Professor at the Department of Computer Science and Engineering, IIT Guwahati. His research interest include Distributed algorithms, fault-tolerance, distributed algorithms for ad hoc and sensor networks.

View full text

A game theory based multi layered intrusion detection framework for VANET

Highlights

Abstract

Introduction

Section snippets

Related works

Multi layered game theory based hybrid intrusion detection framework

Experimental results

Conclusion and future work

Veh. Commun.

Comput. Electr. Eng.

Future Gener. Comput. Syst.

Future Gener. Comput. Syst.

Future Gener. Comput. Syst.

Future Gener. Comput. Syst.

Comput. Electr. Eng.

Eng. Sci. Technol. Internat. J.

J. Netw. Comput. Appl.

Vehicle ad hoc networks: Applications and related technical issues

IEEE Commun. Surv. Tutor.

Eviction of Misbehaving and Faulty Nodes in Vehicular Networks

IEEE J. Sel. Areas Commun.

A Survey on Security in Vehicular Ad Hoc Networks