Symmetry (Jul 2022)

Illegal Intrusion Detection for In-Vehicle CAN Bus Based on Immunology Principle

  • Xiaowei Li,
  • Feng Liu,
  • Defei Li,
  • Tianchi Hu,
  • Mu Han

DOI
https://doi.org/10.3390/sym14081532
Journal volume & issue
Vol. 14, no. 8
p. 1532

Abstract

Read online

The controller area network (CAN) bus has become one of the most commonly used protocols in automotive networks. Some potential attackers inject malicious data packets into the CAN bus through external interfaces for implementing illegal operations (intrusion). Anomaly detection is a technique for network intrusion detection which can detect malicious data packs by comparing the normal data packets with incoming data packets obtained from the network traffic. The data of a normal network is in a symmetric and stable state, which will become asymmetric when compromised. Considering the in-vehicle network, the CAN bus is symmetrically similar to the immune system in terms of internal network structure and external invasion threats. In this work, we use an intrusion detection method based on the dendritic cell algorithm (DCA). However, existing studies suggest the use of optimization methods to improve the accuracy of classification algorithms, and the current optimization of the parameters of the detection method mostly relies on the manual tuning of the parameters, which is a large workload. In view of the above challenges, this paper proposes a new detection algorithm based on the particle swarm optimization algorithm (PSO) and gravitational search algorithm (GSA) to improve the dendritic cell algorithm (PSO-GSA-DCA). PSO-GSA-DCA achieves adaptive parameter tuning and improves detection accuracy by mixing optimization algorithms and using them to optimize the dendritic cell algorithm classifier. Additionally, DCA-based CAN message attribute matching rules (measured by information gain and standard deviation of CAN data) are proposed for matching the three input signals (PAMP, DS, SS) of the DCA. The experimental results show that our proposed scheme has a significant improvement in accuracy, which can reach 91.64%, and lower time loss compared with other correlation anomaly detection schemes. Our proposed method also enables adaptive tuning, which solves the problem that most models now rely on manual tuning.

Keywords