基于聚类混合采样与PSO-Stacking的车载CAN入侵检测方法

doi:10.19678/j.issn.1000-3428.0064949

摘要/Abstract

摘要： 随着信息技术的快速发展以及智能网联汽车的日渐普及，由网络入侵引起的车联网安全事件正在逐年增加。针对车联网中车载控制器局域网络（CAN）存在的网络攻击问题，提出一种改进的车载CAN入侵检测方法。考虑到车载CAN中数据流量较大且各类别数据比例失衡，提出一种聚类混合采样方法来平衡数据，对于流量较大的数据，在聚类后进行欠采样以去除冗余，对于流量较小的数据，使用SMOTE方法合成数据。合并上述两部分数据并使用Tomek Links算法进行数据清洗。使用基于Gini系数的GBDT特征选择方法计算特征重要性，删除重要程度较低的特征以实现数据降维。在此基础上，使用粒子群优化算法对Stacking模型中的基学习器和元分类器进行调优，使用优化后的基学习器和元分类器构建Stacking模型并完成入侵检测。实验结果表明，该方法在主流车载CAN入侵数据集上的检测准确率为98.18%，优于常见的ANN、KNN、SVM、MTHIDS及MGA-DTC模型，且对DoS、Fuzzy等类别样本的检测精确度较高，漏报率较低，体现出较好的先进性和实用性。

关键词: 车联网安全, 聚类混合采样, 粒子群优化算法, Stacking模型, 车载CAN入侵检测, Gini系数

Abstract: With the rapid development of information technology and the increasing popularity of intelligent networked vehicles, Internet of Vehicles(IoV) security incidents caused by network intrusion are increasing yearly.An improved intrusion detection method is proposed to solve the network attack problem of the Controller Area Network(CAN) in the IoV.A significant difference exists between different data types owing to a large amount of data flow in-vehicle CANs.First, a cluster mixed sampling method is developed to balance the data.For a large amount of data, under-sampling is performed after clustering, and redundancy is eliminated.For a small amount of data, the SMOTE method is used to synthesize the data, the above two data are combined, and the Tomek Links algorithm is used for data cleaning.A Gradient Boosting Decision Tree(GBDT) feature selection algorithm based on the Gini coefficient is used to calculate the importance of the features, and the features with low importance were deleted to complete data dimension reduction. Particle Swarm Optimization(PSO) is used to tune the base learner and meta-classifier in the Stacking model.The optimized base learner and meta-classifier are used to build the Stacking model to complete intrusion detection.The experimental results show that the proposed method has a detection accuracy of 98.18% on the popular in-vehicle CAN intrusion dataset, which is better than ANN, KNN, SVM, MTHIDS, and MGA-DTC models.The proposed approach has high accuracy and a low false negative rate for DoS, Fuzzy and other types of samples, with good advancement and practicability.

Key words: Internet of Vehicles(IoV) security, cluster mixed sampling, Particle Swarm Optimization(PSO) algorithm, Stacking model, in-vehicle CAN intrusion detection, Gini coefficient

中图分类号:

TP393

孙扬威, 戚湧. 基于聚类混合采样与PSO-Stacking的车载CAN入侵检测方法[J]. 计算机工程, 2023, 49(1): 138-145.

SUN Yangwei, QI Yong. Intrusion Detection Method for In-Vehicle CAN Based on Cluster Mixed Sampling and PSO-Stacking[J]. Computer Engineering, 2023, 49(1): 138-145.

http://www.ecice06.com/CN/Y2023/V49/I1/138

图/表 7

20230701175723

20230701175726

20230701175729

20230701175732

20230701175737

20230701175742

20230701175745

参考文献

[1] 钱志鸿, 王义君.物联网技术与应用研究[J].电子学报, 2012, 40(5):1023-1029. QIAN Z H, WANG Y J.IoT technology and application[J].Acta Electronica Sinica, 2012, 40(5):1023-1029.(in Chinese)
[2] LIANG H Y, JAGIELSKI M, ZHENG B W, et al.Network and system level security in connected vehicle applications[C]//Proceedings of IEEE/ACM International Conference on Computer-Aided Design.Washington D.C., USA:IEEE Press, 2018:1-7.
[3] 王建, 李玉洲, 张宁, 等.一种车联网安全态势感知模型[J].汽车实用技术, 2021, 46(9):20-24. WANG J, LI Y Z, ZHANG N, et al.A security situation awareness system of Internet of vehicles[J].Automobile Applied Technology, 2021, 46(9):20-24.(in Chinese)
[4] BOZDAL M, SAMIE M, ASLAM S, et al.Evaluation of CAN bus security challenges[J].Sensors(Basel, Switzerland), 2020, 20(8):E2364.
[5] GHALEB F A, ZAINAL A, RASSAM M A, et al.An effective misbehavior detection model using artificial neural network for vehicular ad hoc network applications[C]//Proceedings of IEEE Conference on Application, Information and Network Security.Washington D.C., USA:IEEE Press, 2017:13-18.
[6] ALSHAMMARI A, ZOHDY M A, DEBNATH D, et al.Classification approach for intrusion detection in vehicle systems[J].Wireless Engineering and Technology, 2018, 9(4):79-94.
[7] YANG L, MOUBAYED A, SHAMI A.MTH-IDS:a multitiered hybrid intrusion detection system for Internet of vehicles[J].IEEE Internet of Things Journal, 2022, 9(1):616-632.
[8] AKSU D, AYDIN M A.MGA-IDS:optimal feature subset selection for anomaly detection framework on in-vehicle networks-CAN bus based on genetic algorithm and intrusion detection approach[J].Computers & Security, 2022, 118:102717.
[9] KHAN Z, CHOWDHURY M, ISLAM M, et al.Long short-term memory neural network-based attack detection model for in-vehicle network security[J].IEEE Sensors Letters, 2020, 4(6):1-4.
[10] INJADAT M, MOUBAYED A, NASSIF A B, et al.Machine learning towards intelligent systems:applications, challenges, and opportunities[J].Artificial Intelligence Review, 2021, 54(5):3299-3348.
[11] FRIEDMAN J H.Greedy function approximation:a gradient boosting machine[J].The Annals of Statistics, 2001, 29(5):1189-1232.
[12] KENNEDY J, EBERHART R.Particle swarm optimization[C]//Proceedings of International Conference on Neural Networks.Washington D.C., USA:IEEE Press, 1995:1942-1948.
[13] SIKORA R, AL-LAYMOUN O.A modified Stacking ensemble machine learning algorithm using genetic algorithms[EB/OL].[2022-05-05].https://core.ac.uk/reader/55335420.
[14] 王千, 王成, 冯振元, 等.K-means聚类算法研究综述[J].电子设计工程, 2012, 20(7):21-24. WANG Q, WANG C, FENG Z Y, et al.Review of K-means clustering algorithm[J].Electronic Design Engineering, 2012, 20(7):21-24.(in Chinese)
[15] CHAWLA N V, BOWYER K W, HALL L O, et al.SMOTE:synthetic minority over-sampling technique[J].Journal of Artificial Intelligence Research, 2002, 16:321-357.
[16] TOMEK I.An experiment with the edited nearest-neighbor rule[J].IEEE Transactions on Systems, Man, and Cybernetics, 1976, 6(6):448-452.
[17] 夏学文, 刘经南, 高柯夫, 等.具备反向学习和局部学习能力的粒子群算法[J].计算机学报, 2015, 38(7):1397-1407. XIA X W, LIU J N, GAO K F, et al.Particle swarm optimization algorithm with reverse-learning and local-learning behavior[J].Chinese Journal of Computers, 2015, 38(7):1397-1407.(in Chinese)
[18] 李龙杰, 于洋, 白伸伸, 等.基于二次训练技术的入侵检测方法研究[J].北京理工大学学报, 2017, 37(12):1246-1252. LI L J, YU Y, BAI S S, et al.Intrusion detection model based on double training technique[J].Transactions of Beijing Institute of Technology, 2017, 37(12):1246-1252.(in Chinese)
[19] SHOTTON J, JOHNSON M, CIPOLLA R.Semantic texton forests for image categorization and segmentation[C]//Proceedings of 2008 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C., USA:IEEE Press, 2008:1-8.
[20] CHEN T Q, GUESTRIN C.XGBoost:a scalable tree boosting system[C]//Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.New York, USA:ACM Press, 2016:785-794.
[21] JIN D, LU Y, QIN J, et al.SwiftIDS:real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism[J].Computers & Security, 2020, 97:101984.
[22] PROKHORENKOVA L, GUSEV G, VOROBEV A, et al.CatBoost:unbiased boosting with categorical features[EB/OL].[2022-05-05].https://arxiv.org/abs/1706.09516.
[23] 刘辉.基于主成分分析和多层感知机神经网络的入侵检测方法研究[J].软件工程, 2020, 23(7):10-12, 9. LIU H.Research on intrusion detection based on principal component analysis and multilayer perceptron neural network[J].Software Engineering, 2020, 23(7):10-12, 9.(in Chinese)
[24] AL-JARRAH O Y, MAPLE C, DIANATI M, et al.Intrusion detection systems for intra-vehicle networks:a review[J].IEEE Access, 2019, 7:21266-21289.
[25] LEE H, JEONG S H, KIM H K.OTIDS:a novel intrusion detection system for in-vehicle network by using remote frame[C]//Proceedings of the 15th Annual Conference on Privacy, Security and Trust.Washington D.C., USA:IEEE Press, 2017:57-67.

选择文件类型/文献管理软件名称

选择包含的内容