Distributed collaborative intrusion detection system for vehicular Ad Hoc networks based on invariant

The characteristics of high mobility and rapid topology change of the Vehicle Ad Hoc Network (VANET) makes it vulnerable to various malicious attacks. The adversary utilizes the instability of the communication link induced by the frequent changes of topology structure to undermine the reliability and timeliness of vehicular communication, which raises serious security threats. In this paper, a distributed collaborative intrusion detection system based on invariant called DCDIV is proposed to identify betray attacks in VANET. Firstly, the paper designs a distributed collaborative detection framework to implement the storage and calculation of big data and the rapid tracking and collection of information. Secondly, considering the strict delay limitation and the high reliability requirement of information transmission between vehicles, a reputation-based cooperative communication method is exploited to establish a stable and reliable communication link, where a novel cluster head vehicle selection method based on global reputation state, traffic density, and link life is presented. Following this, the paper uses the dynamic behavior analysis technology to mine the invariant, which contributes to determine the normal driving characteristics of vehicles, so as to detect malicious behaviors. Finally, this paper utilizes the Stochastic Petri Net to describe the state of the system and its dynamic transfer, and then defines the security state of the system. The simulation results demonstrate that the DCDIV has higher detection rate, lower false alarm rate, and faster attack detection rate compared with existing methods, and ensures system security during the detection process.