面向总线网络攻击的快速响应熵分析与入侵检测系统

Quick Response Entropy Analysis and Intrusion Detection System for Bus Network Attacks

为了解决传统的基于信息熵的车载总线网络入侵检测系统所存在的响应时间长、检测精度不足的弊端,提出了基于重叠滑动窗口优化与Renyi熵分析的快速响应入侵检测方法.首先,基于采集的总线报文数据集利用模拟退火优化算法对入侵检测系统进行离线训练,得到最优的系统配置参数;然后,依据报文ID序列构建总线网络通信数据的Renyi熵曲线,并进行实时分析,在线监测总线报文数据的异常情况;最后,利用实车ECU和攻击数据集开展硬件试验验证所提方案的有效性.测试结果表明,与传统的基于Shannon熵的入侵检测系统相比,所提方案能够有效地识别典型的车载总线网络攻击类型,同时提高非法入侵的检测精度,所提方法能够将检测响应时间缩短为传统熵检测方法的52%.

To improve the response time and detection accuracy of traditional information intrusion detection system with information entropy in vehicle bus network,a new intrusion detection scheme with fast response was proposed based on overlapping sliding window optimization and Renyi entropy analysis.Firstly,based on the message dataset collected from bus network,the intrusion detection system was trained offline with simulated annealing optimization algorithm to obtain the optimal system configuration parameters.Then,based on the message ID sequence of bus network communication data,a Renyi entropy curve was constructed and analyzed in real time to monitor the abnormalities of the bus message data online.Finally,using real vehicle ECUs(electronic control units)and attack data sets,the hardware experiments were conducted to verify the effectiveness of the proposed scheme.The experimental results show that,compared with the traditional intrusion detection system based on Shannon entropy,the proposed scheme can effectively identify typical attack types to vehicle bus network and improve the detection accuracy of illegal intrusion,shortening the detection response time up to 52%.