摘要
随着车联网中车载装备智能化程度的飞速发展,其与互联网对接的程度日益加深,而车载CAN总线受到的网络攻击数量更多、攻击方式更复杂、攻击特征更隐蔽。目前车联网入侵检测才刚起步,基于防火墙或规则库等传统检测模型无法获取隐藏的深层攻击特征,基于深度学习的智能检测模型又因训练参数多、攻击数据不均衡等呈现过/欠拟合以及训练复杂等问题。针对以上问题,文中以车载CAN总线为对象,提出了一种基于SMOTE-SDSAE-SVM的CAN总线入侵检测方法(简称3S),尝试结合深度学习和机器学习理论,从而同时提取网络攻击的深度特征和保证模型训练的高效性,并解决网络攻击类别不平衡、CAN报文含噪声等问题。首先,为了解决网络攻击类别不平衡问题,利用SMOTE技术对不平衡类别的攻击数据进行近邻采样,从而生成更多同类别近似样本;其次,结合稀疏自编码和去噪自编码,以消除噪声数据的影响同时增加特征提取的时效性,并通过堆叠多层稀疏去噪自编码最终实现CAN报文的深度特征提取;最后,利用SVM对提取的深度特征进行精确分类,实现对CAN报文的异常检测,从而发现网络攻击。通过在沃尔沃CAN数据集和CAR-HACKING数据集上的大量实验,有效证明了本文3S算法较其他算法而言拥有更好的入侵检测准确率和更低的漏报率/误报率。
With the rapid development of in-vehicle equipment intelligence on the Internet of Vehicles,due to its increasingly deepened connection with the Internet,the number of network attacks on the vehicle CAN bus has been increased,the attack methods have become more complex and the attack characteristics have become more concealed.At present,the intrusion detection of the Internet of Vehicles has just started.Traditional detection models based on firewall or rule bases are unable to obtain the hidden deep features of network attacks,but the intelligent detection models based on deep learning present problems such as“over-fitting”or“under-fitting”due to too many training parameters and unbalanced training datasets.To solve the above problems,an SMOTE-SDSAE-SVM based intrusion detection algorithm for CAN bus of vehicles is proposed in this paper,which is simply called 3 S.This algorithm tries to combine deep learning and machine learning techniques to extract deep features of network attacks and ensure the efficiency of model training.The main contributions are as follows.Firstly,to balance the training samples of different categories,SMOTE method is used to generate more similar samples through the nearest neighbor sampling strategy.Secondly,sparse autoencoder and denoising autoencoder are combined to increase the speed of feature extraction and eliminate noise effects.And the deep feature of the CAN message is eventually extracted by stacking multi-layer sparse denoising autoencoder.Finally,SVM is used to accurately classify the extracted deep features of CAN messages,thereby discovering network attacks.According to the extensive experiments on the Volvo CAN dataset and the CAR-HACKING dataset,the proposed 3 S algorithm is proved to have better accuracy and lower false alarm rate than other algorithms.
作者
周志豪
陈磊
伍翔
丘东亮
梁广升
曾凡巧
ZHOU Zhi-hao;CHEN Lei;WU Xiang;QIU Dong-liang;LIANG Guang-sheng;ZENG Fan-qiao(School of Information and Electrical Engineering,Hunan University of Science and Technology,Xiangtan,Hunan 411201,China)
出处
《计算机科学》
CSCD
北大核心
2022年第S01期562-570,801,共10页
Computer Science
基金
国家自然科学基金(62103143)
湖南省自然科学基金(2020JJ5199)
国家重点研发计划(2019YFE0105300/2019YFE0118700)。
