4.6 Article

Intrusion Detection Method Using Bi-Directional GPT for in-Vehicle Controller Area Networks

IEEE ACCESS (2021)

Get Full Text
Add to Collection

Journal

IEEE ACCESS
Volume 9, Issue -, Pages 124931-124944

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2021.3110524

Keywords

Protocols; Intrusion detection; Security; Performance evaluation; Bidirectional control; Object recognition; Licenses; Intrusion detection; generative pretrained transformer; GPT; controller area network; CAN; CAN ID; in-vehicle network; negative log-likelihood; NLL; spoofing attack

Categories

Computer Science, Information Systems Engineering, Electrical & Electronic Telecommunications

Funding

  1. Autocrypt Company Ltd., Republic of Korea
  2. Ministry of Science and ICT (MSIT), Republic of Korea, through the Information Technology Research Center (ITRC) Support Program [IITP-2021-2018-0-01433]
  3. Korea Institute of Planning and Evaluation for Technology in Food, Agriculture and Forestry (IPET) through the Smart Farm Innovation Technology Development Program - Ministry of Agriculture, Food and Rural Affairs (MAFRA) [421040-04]

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

The CAN bus protocol is vulnerable to attacks due to lack of security consideration in its design. By learning and detecting the pattern of CAN ID sequences in normal vehicle operation, potential attacks can be identified.
The controller area network (CAN) bus protocol is exposed to threats from various attacks because it is designed without consideration of security. In a normal vehicle operation situation, controllers connected to a CAN bus transmit periodic and nonperiodic signals. Thus, if a CAN identifier (ID) sequence is configured by collecting the identifiers of CAN signals in their order of occurrence, it will have a certain pattern. However, if only a very small number of attack IDs are included in a CAN ID sequence, it will be difficult to detect the corresponding pattern change. Thus, a detection method that is different from the conventional one is required to detect such attacks. Since a CAN ID sequence can be regarded as a sentence consisting of words in the form of CAN IDs, a generative pretrained transformer (GPT) model can learn the pattern of a normal CAN ID sequence. Therefore, such a model is expected to be able to detect CAN ID sequences that contain a very small number of attack IDs better than the existing long short-term memory (LSTM)-based method. In this paper, we propose an intrusion detection model that combines two GPT networks in a bi-directional manner to allow both past and future CAN IDs (relative to the time of detection) to be used. The proposed model is trained to minimize the negative log-likelihood (NLL) value of the bi-directional GPT network for a normal sequence. When the NLL value for a CAN ID sequence is larger than a prespecified threshold, it is deemed an intrusion. The proposed model outperforms a single uni-directional GPT model with the same degree of complexity as other existing LSTM-based models because the bi-directional structure of the proposed model maintains the estimation performance for most CAN IDs, regardless of their positions in the sequence.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.