Intrusion Detection in Intelligent Connected Vehicles Based on Weighted Self-Information

The Internet of Vehicles (IoV) empowers intelligent and tailored services for intelligent connected vehicles (ICVs). However, with the increasing number of onboard external communication interfaces, ICVs face the challenges of malicious network intrusions. The closure of traditional vehicles had led to in-vehicle communication protocols, including the most commonly applied controller area network (CAN), and a lack of security and privacy protection mechanisms. Therefore, to protect the connected vehicles and IoV systems from being attacked, an intrusion-detection method is proposed based on the features extracted from the arbitration identifier (ID) field of CAN messages. Specifically, a sliding window is used to continuously extract a frame of streaming CAN messages first. Afterward, the weighted self-information of the CAN message ID is defined, and both the weighted self-information and the normalized value of an ID are extracted as features. Based on the extracted features, a lightweight one-class classifier, the local outlier factor (LOF), is used to identify the outliers and detect malicious network intrusion attacks. Simulation experiments were conducted based on the public CAN dataset provided by the HCR Lab. The proposed method, using four different one-class classifiers, was analyzed, and it is also benchmarked with three information entropy-based intrusion-detection methods in the literature. The experimental results indicate that, compared to the benchmarks, the proposed method dramatically improves the detection accuracy for injection attacks, namely denial-of-service (DoS) and spoofing, especially when the number of injected messages is low.

Automated summary

The Internet of Vehicles (IoV) enables intelligent services for intelligent connected vehicles (ICVs), but the increasing number of communication interfaces in ICVs poses challenges of network intrusions. The lack of security and privacy protection in in-vehicle communication protocols like CAN has made it necessary to propose an intrusion-detection method based on features extracted from the arbitration identifier (ID) field of CAN messages. The method extracts a frame of streaming CAN messages using a sliding window, defines the weighted self-information of the CAN message ID, and uses a lightweight one-class classifier (LOF) to detect malicious network intrusion attacks.