摘要
为解决车联网中CAN(controller area network)总线易受攻击的问题,提出了一个混合攻击入侵检测模型DGAOIDS。该模型利用无监督的DBN(deep belief nets)学习正常CAN报文数据的基础特征,并利用一个带注意力机制的GRU(gate recurrent unit)网络学习其时序特征,用单分类支持向量机对其进行分类;引入一个对电子控制单元规则学习得到的过滤器,综合过滤器与前述模型的分类结果得出最终的检测结果。实验结果表明,对于不同攻击,基于规则的过滤器的假阳率均为0;DGAO-IDS模型不仅在公开数据集HCRL中的检测结果优于对比模型HyDL-IDS和MD-LSTM,而且该模型在混合攻击数据集MixAt中的精确度达到了91.05%,与HyDL-IDS模型和MD-LSTM模型相比分别高6.55%与7.93%。
To address the vulnerability of the CAN(controller area network)bus in Telematics,this paper proposes a hybrid attack intrusion detection model,DGAO-IDS,which uses an unsupervised DBN to learn the basic features of normal CAN message data and a GRU network with an attention mechanism to learn its temporal features,and finally classifies them using a single classification support vector machine.The final detection result is obtained by combining the filter with the classification results of the aforementioned model.Experimental results demonstrate that the proposed rule-based filters have a false positive rate of zero for different attacks.Moreover,the DGAO-IDS model outperforms the comparative models HyDL-IDS and MDLSTM on the public dataset HCRL.In addition,the model achieves an accuracy of 91.05%on the mixed-attack dataset MixAt,which is 6.55%and 7.93%higher than the HyDL-IDS model and the MD-LSTM model,respectively.
作者
毛智超
吴黎兵
马亚军
张壮壮
刘芹
马超
MAO Zhichao;WU Libing;MA Yajun;ZHANG Zhuangzhuang;LIU Qin;MA Chao(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China;Guangdong Laboratory of Artificial Intelligence and Digital Economy(SZ),Shenzhen 518123,Guangdong,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2023年第5期598-608,共11页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金(U20A20177、62272348)
湖北省重点研发计划(2021BAA025)
中国高校产学研创新基金(2021FNA04004)
广东省人工智能与数字经济实验室开放研究基金(GML-KF-22-07)。
关键词
深度信念网络
CAN总线
门控循环单元
单分类支持向量机
过滤器
deep belief nets
CAN(controller area network)bus
gate recurrent unit(GRU)
one-class support vector machine(OC-SVM)
filter
