CN111294341A - Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network - Google Patents

Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network Download PDF

Info

Publication number
CN111294341A
CN111294341A CN202010053614.1A CN202010053614A CN111294341A CN 111294341 A CN111294341 A CN 111294341A CN 202010053614 A CN202010053614 A CN 202010053614A CN 111294341 A CN111294341 A CN 111294341A
Authority
CN
China
Prior art keywords
vehicle
data
neural network
self
encoder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010053614.1A
Other languages
Chinese (zh)
Other versions
CN111294341B (en
Inventor
李飞
章嘉彦
李如翔
宋佳琦
周启杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Longtutem Information Technology Co ltd
Heilongjiang Northeast Digital Publishing And Media Co ltd
Original Assignee
Chengdu University of Information Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu University of Information Technology filed Critical Chengdu University of Information Technology
Priority to CN202010053614.1A priority Critical patent/CN111294341B/en
Publication of CN111294341A publication Critical patent/CN111294341A/en
Application granted granted Critical
Publication of CN111294341B publication Critical patent/CN111294341B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention belongs to the technical field of deep learning and intelligent network communication and information safety thereof, and discloses a vehicle-mounted system intrusion detection method based on an autoencoder and a recurrent neural network, which collects vehicle-related CAN bus data by connecting a USB-CAN line to an OBD-II port; the collected results are subjected to standardization operation and then are used as the input of an autoencoder, and the autoencoder is utilized to realize the autonomous learning and feature dimension reduction of the data features; and then, the output of the self-coding is used as the input of the recurrent neural network to carry out a corresponding classification learning process on the behavior of the vehicle, and a SoftMax classifier is used for finishing the judgment on whether the behavior of the vehicle is abnormal or not. According to the invention, the autonomous optimization and updating of the model parameters are realized by using a time-based back propagation algorithm, so that the high-efficiency detection of the vehicle boundary behavior is integrally promoted, and the false alarm rate of a vehicle-mounted intrusion detection system is reduced.

Description

Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network
Technical Field
The invention belongs to the technical field of deep learning, intelligent internet vehicle communication and information security thereof, and particularly relates to a vehicle-mounted system intrusion detection method based on an autoencoder and a recurrent neural network.
Background
Currently, the closest prior art: in the current society, with the continuous development of internet technologies and internet of things technologies, the internet technologies and various intelligent devices are combined into the development key points of the current network technologies. The emergence of intelligent internet vehicles is a product of the combination of these two technologies. The intelligent internet vehicle as the current core of the automobile industry has become the development direction of the automobile industry in the future. Related automobile network security is also an important measure in the current state of the art.
At present, many automobile manufacturers suffer from vulnerability threats, more and more automobile related vulnerabilities acquire CVE numbers, attack faces are involved from automobile terminals to the cloud, automobile manufacturers and suppliers are greatly affected, and exposed problems emerge endlessly, so that solutions and products for automobile safety protection are continuously provided by the information security industry.
In summary, the problems of the prior art are as follows: (1) in the prior art, a safe and reliable automobile electronic system framework is not established, the safety requirement under an open network interconnection environment cannot be met, and effective measures cannot be deployed to prevent safety risks.
(2) At present, the research on the safety of the intelligent internet vehicle information is too comprehensive, namely, the research is only directed at the internet of vehicles or is based on the aspect of cloud, and a certain part of a vehicle or a vehicle-mounted information system is rarely researched.
(3) At present, the research aiming at the intrusion detection of the intelligent network networking is to only consider and use the traditional password technology or statistical technology to prevent the external intrusion behavior of the vehicle, and the problems possibly brought under the complex condition of the topological environment of the vehicle communication are not considered, such as the abnormal problem of the vehicle parameters caused under the non-intrusion behavior.
(4) The method aims at the problem that the existing intrusion detection model, such as an intrusion detection method based on the Internet or a local area network, is poor in practicability of the existing automobile internal network. The existing detection method for some in-vehicle networks is usually based on vehicle behavior statistical modeling or intrusion detection models based on feature codes or signatures, and is difficult to predict the real-time situation of a vehicle when the vehicle encounters non-abnormal special situations, so that the models have high false alarm rate. Meanwhile, the existing large-scale methods lack analysis on the correlation and time sequence among different feature data on the automobile, feature extraction and correlation modeling of high-dimensional data are difficult to realize only by means of a simple neural network method, and the alarm rate of the method is integrally reduced.
The difficulty of solving the technical problems is as follows: the current intelligent internet vehicle environment is less mature, and relevant experimental data is lacked.
The significance of solving the technical problems is as follows: similar to the occurrence of internet intrusion detection, the complexity and uncertainty of an intelligent network vehicle-connected vehicle-mounted system are certainly not inferior to those of internet-related equipment, and various attacks which are necessary to be taken over are also certainly generated, the intrusion detection of the intelligent network vehicle-connected vehicle is the future trend of the information security of the intelligent network vehicle-connected vehicle, and the intelligent network vehicle-connected vehicle-mounted system plays a role in the aspect of the information security of the network vehicle-connected vehicle.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a vehicle-mounted system intrusion detection method based on an autoencoder and a recurrent neural network.
The invention is realized in this way, a vehicle-mounted system intrusion detection method based on the self-encoder and the recurrent neural network, the vehicle-mounted system intrusion detection method based on the self-encoder and the recurrent neural network includes:
firstly, collecting vehicle-related CAN bus data by connecting a USB to a CAN line to an OBD-II port;
secondly, carrying out standardization operation on the collected vehicle-related CAN bus data results to be used as the input of a self-encoder, and carrying out autonomous learning of data characteristics and characteristic dimension reduction on the input standardized operation data by using the self-encoder;
and thirdly, outputting the data of the feature self-learning and the feature dimension reduction by a self-encoder, performing corresponding classification learning on the behavior of the vehicle as the input of a recurrent neural network, and classifying whether the behavior of the vehicle is abnormal or not by using a SoftMax classifier.
Further, in the second step, the method for self-learning data features and feature dimension reduction by the self-encoder comprises:
1) input sample xi(i=1,2,3,…,n);
2) And carrying out corresponding encoding operation on each node: h is Wxi+ b, where b is a bias term parameter;
3) the current iteration time T is less than the total required iteration time T;
4) the current node number i is smaller than the total number n of nodes on each layer;
5) and performing corresponding residual error updating calculation operation on the weight:
Figure BDA0002372065090000031
corresponding to J (W, b) as a conventional autoencoder loss function, the expression is
Figure BDA0002372065090000032
Correspond to
Figure BDA0002372065090000033
For KL divergence constraint, the expression of KL divergence constraint is
Figure BDA0002372065090000034
Wherein
Figure BDA0002372065090000035
The average value of the hidden layer node output values is obtained, β is a penalty coefficient for controlling the sparse term, and rho is an expected target value;
6) and for the residual error updating calculation operation of the bias term parameters, performing corresponding updating operation by using the following equation:
Figure BDA0002372065090000036
7) and carrying out corresponding updating operation on the reconstruction matrix:
Figure BDA0002372065090000037
8) and correspondingly updating the bias item parameters:
Figure BDA0002372065090000038
9) respectively carrying out self-increment operation on the corresponding node number i and the iteration number t, and then carrying out next weight parameter updating operation;
10) and after the optimized reconstruction matrix is obtained, performing corresponding decoding operation on each node: x'i=g(WTh+b);
11) And after carrying out repeated iterative training on the automatic encoder, obtaining an optimal constraint weight matrix and a reconstruction matrix as input data of a subsequent recurrent neural network classifier.
Further, in the third step, the method for performing corresponding classification learning on the behavior of the vehicle by the recurrent neural network comprises the following steps:
and calculating a corresponding prediction sample value under a given sample under a corresponding weight matrix by utilizing forward propagation, and updating the corresponding weight by calculating a corresponding accumulated residual by utilizing differential propagation by utilizing backward propagation.
Further, the forward propagation algorithm includes:
1) input sample xi(i=1,2,3,…,n);
2) For each node xiPerforming forward propagation calculation as follows;
3) calculating the mapping value of each node:
Figure BDA0002372065090000041
4) calculating the activation function value of each node: h isi=σ(si) σ is a hyperbolic tangent activation function;
7) calculating the classification output value of each node: z is a radical ofi=Vhi+c;
7) And classifying and calculating each node: y isi=softmax(zi);
The back propagation algorithm includes:
1) inputting a sample:
Figure BDA0002372065090000042
2) calculating a corresponding residual error item for each node;
3) calculating residual values of the weights of the hidden layer unit and the output layer unit, and updating the weight values:
Figure BDA0002372065090000043
4) calculating residual values corresponding to the bias term parameters corresponding to the classification output functions, and updating the bias terms:
Figure BDA0002372065090000044
5) for the connection weight W between the output layer unit and the hidden layer unit, the connection weight U between the previous hidden layer unit and the current time hidden layer unit and the error bias term b of the sample mapping function, wherein the three parameter updates are associated with the current time t and the next time t +1, and the following three parameters are subjected to step 6), step 7) and step 8) updating;
6) and calculating and updating residual values of the connection weights W between the output layer unit and the hidden layer unit:
Figure BDA0002372065090000045
Figure BDA0002372065090000051
Figure BDA0002372065090000052
7) and calculating and updating residual values of the connection weights U of the previous hidden layer unit and the current hidden layer unit:
Figure BDA0002372065090000053
Figure BDA0002372065090000054
8) calculation and update of the error bias term b for the sample mapping function:
Figure BDA0002372065090000055
Figure BDA0002372065090000056
further, samples (x) of each input RNN model are trained accordinglyi,yi) The loss was evaluated using the following objective function:
Figure BDA0002372065090000057
where L can evaluate the true value tag yiAnd predictive value tags
Figure BDA0002372065090000058
The deviation distance between the two, the function used to estimate the loss being a cross entropy function
Figure BDA0002372065090000059
Further, the intrusion detection method for the vehicle-mounted system based on the self-encoder and the recurrent neural network further comprises the following steps:
collecting corresponding data log files generated by a vehicle under a normal driving condition, carrying out corresponding preprocessing operation, connecting a USB-CAN (Universal Serial bus) to an OBD-II (on-Board-II) port of the vehicle, connecting a USB end to a computer, and collecting a data set normally related to the vehicle by utilizing vehicle spy software;
collecting an attack data set of a related vehicle, carrying out corresponding preprocessing operation, connecting the attack data set to an OBD-II port of the vehicle by using a USB-CAN (Universal Serial bus-to-CAN) line, connecting a USB end to a computer end, and collecting the corresponding attack data set by using vehicle spy software; according to the CAN bus message broadcasting type principle, the flooding attack on the automobile data set is realized;
step three, setting a parameter model, mapping 16-dimensional normalized and normalized feature data to 48-dimensional data features by utilizing a one-hot coding technology, and correspondingly setting the input and output of the recurrent neural network as 48 nodes and 2 nodes respectively; simultaneously, before a parameter model is trained, the number of hidden nodes in the neural network is respectively set to be four categories of 40, 60, 80 and 100; the learning rates are respectively set to be 0.01, 0.05 and 0.1, and the model is respectively trained correspondingly, and the optimization process of the overall neural network model parameters is realized according to a forward propagation algorithm and a time-based back propagation algorithm.
Further, the data set collected in the step one comprises an ID field value, a time stamp, a data length bit, data field content and corresponding vehicle information description content of the message; the MAX-MIN method is utilized to complete corresponding standardization and normalization processing on the data, and the processed data is divided correspondingly: carrying out model training on 80% of data in the total sample, and using 20% of data for effect verification of the model;
step two, the method for realizing the flooding attack on the automobile data set according to the CAN bus message broadcasting type principle comprises the following steps: the ID values in the related CAN message frames are modified by utilizing the vehicle spy software, so that the ID values of the ID values in the CAN frames to be sent in all the message frames are minimum, other related circuit control unit nodes on the bus cannot obtain bus resources, and normal communication between ECU nodes is further limited and destroyed; after the corresponding data are collected, the standardization and normalization processing of the data are completed by utilizing an MAX-MIN method; 80% of the data is used for testing the set, and 20% of the data is used for verifying the effect of the model;
in the third step, the hidden node is 80, and the learning rate is 0.1.
Another object of the present invention is to provide an on-board system based on an autoencoder and a recurrent neural network, comprising:
the OBD-II port collects vehicle related CAN bus data by using a USB-CAN line;
the self-encoder is connected with the OBD-II port, and is used for performing standardized operation on the collected CAN bus data result related to the vehicle to serve as input, and performing autonomous learning and feature dimension reduction on the input standardized operation data;
the neural network classifier is connected with the self-encoder, outputs the data of the autonomous learning of the characteristics and the dimension reduction of the characteristics from the self-encoder, and performs corresponding classification learning on the behavior of the vehicle as the input of the recurrent neural network;
and the SoftMax classifier is connected with the neural network classifier and is used for classifying whether the vehicle behavior is abnormal or not.
Another object of the present invention is to provide a computer-readable storage medium storing instructions which, when executed on a computer, cause the computer to execute the method for detecting intrusion in a vehicle system based on an autoencoder and a recurrent neural network.
Another object of the present invention is to provide a motor vehicle for implementing the method for detecting intrusion of vehicular system based on self-encoder and recurrent neural network.
In summary, the advantages and positive effects of the invention are: the invention collects the CAN bus data related to the vehicle by connecting the USB to the CAN line to the OBD-II port. And the collected results are subjected to standardization operation and then serve as the input of an autoencoder, and the autoencoder is utilized to realize the autonomous learning and feature dimension reduction of the data features. And then, the output of the self-coding is used as the input of the recurrent neural network to carry out a corresponding classification learning process on the behavior of the vehicle, and a SoftMax classifier is used for finishing the judgment on whether the behavior of the vehicle is abnormal or not. Thereafter, autonomous optimization and updating of the model parameters is achieved using a time-based back propagation algorithm. Therefore, the high-efficiency detection of the vehicle boundary behaviors is integrally promoted, and the false alarm rate of the vehicle-mounted intrusion detection system is reduced.
The invention CAN be deployed on a corresponding automobile intrusion detection system by using a trained model, so that the automobile CAN realize the real-time detection of the safe driving state of the automobile by acquiring related CAN bus data and completing the high-dimensional characteristic extraction and recombination of the data by using a self-encoder in the driving process, obtain the corresponding real-time judgment output, and report the real-time judgment output to a background emergency response system to take emergency response measures to ensure the safe driving of the automobile when the existence of an attack behavior is detected.
Drawings
Fig. 1 is a flowchart of an intrusion detection method for a vehicle-mounted system based on an autoencoder and a recurrent neural network according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a vehicle-mounted system based on an auto-encoder and a recurrent neural network according to an embodiment of the present invention.
Fig. 3 is a model diagram of an automatic encoder according to an embodiment of the present invention.
Fig. 4 is a diagram of a folded recurrent neural network structure provided by an embodiment of the present invention.
FIG. 5 is a diagram of an unfolded RNN as a complete RNN according to an embodiment of the present invention.
FIG. 6 is a diagram of a smart car used in the experimental process of the present invention.
FIG. 7 is a schematic diagram of a portion of the data collected using the vessel Spy.
FIG. 8 is a CSV format data sample diagram of the collected data log.
FIG. 9 shows a confusion matrix map corresponding to the detection result.
Figure 10 is a graph of the ROC operating characteristics for the proposed IDS model compared to IDS models of other schemes.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the prior art, a safe and reliable automobile electronic system framework is not established, the safety requirement under an open network interconnection environment cannot be met, and effective measures cannot be deployed to prevent safety risks. At present, the research on the safety of the intelligent internet vehicle information is too comprehensive, namely, the research is only directed at the internet of vehicles or is based on the aspect of cloud, and a certain part of a vehicle or a vehicle-mounted information system is rarely researched. At present, the research aiming at the intelligent network vehicle intrusion detection only considers and uses the traditional password technology or statistical technology to prevent the vehicle external intrusion behavior, and does not consider the problems possibly brought under the complex condition of the vehicle communication topological environment, such as the abnormal problem of vehicle parameters caused under the non-intrusion behavior.
Aiming at the problems in the prior art, the invention provides a vehicle-mounted system intrusion detection method based on an autoencoder and a recurrent neural network, and the invention is described in detail below with reference to the accompanying drawings.
According to the intrusion detection method of the vehicle-mounted information system based on the combination of the self-encoder and the recurrent neural network, the vehicle-related data are encoded into data vectors by combining the real-time dynamic data of the vehicle interior network and aiming at the relevant characteristics on the bus data in the vehicle, and the self-encoder is utilized to realize the feature extraction, learning and recoding operation among the high-dimensional data vectors so as to output the high-dimensional structural features among the relevant data. By introducing the recurrent neural network, the relationship between the vehicle behavior and the time is further considered, and a corresponding appropriate processing structure suitable for the vehicle-mounted information system environment is established, so that the detection rate of the vehicle boundary behavior is improved on the whole.
As shown in fig. 1, the intrusion detection method for a vehicle information system based on the combination of an autoencoder and a recurrent neural network provided in the embodiment of the present invention specifically includes:
s101, collecting corresponding data log files generated by the vehicle under normal driving conditions, and performing corresponding preprocessing operation.
S102, collecting an attack data set of the relevant vehicle, and carrying out corresponding preprocessing operation.
S103, setting the parameter model.
Step S101 includes: by connecting the USB to CAN line to the OBD-II port of the vehicle and connecting the USB port to the computer, the data set normally associated with the vehicle is collected by using the vehicle spy software. The collected data set contains the ID field value of the message, the timestamp, the data length bits, the data field content, and the corresponding vehicle information description content. The MAX-MIN method is utilized to complete corresponding standardization and normalization processing on the data, and the processed data is divided correspondingly: 80% of the data in the total sample are subjected to model training, and 20% of the data are used for effect verification of the model.
Step S102 includes: the USB-CAN line is connected to an OBD-II port of the automobile, the USB end is connected to a computer end, and corresponding attack data sets are collected by utilizing the vehicle spy software. According to the CAN bus message broadcast type principle, the flooding attack to the automobile data set is realized: by modifying the ID values in the related CAN message frames by utilizing the vehicle spy software, the ID values of all the message frames of the ID values in the CAN frames to be sent are minimum, so that other related circuit control unit nodes on the bus CAN not obtain bus resources, and normal communication between ECU nodes is further limited and destroyed. After the corresponding data is collected, the MAX-MIN method is also used to perform normalization and normalization of the data. And again 80% of the data was used for the test set and 20% for the validation of the model.
Step S103 includes: the applied recurrent neural network structure is shown in fig. 4, and 16-dimensional normalized feature data is first mapped to 48-dimensional data features by using a one-hot encoding technique. The input and output of the recurrent neural network are then set to 48 nodes and 2 nodes, respectively. Meanwhile, before the parameter model is trained, the number of hidden nodes in the neural network is respectively set to be four categories of 40, 60, 80 and 100; the learning rates are respectively set to three categories of 0.01, 0.05 and 0.1 to respectively carry out corresponding training processes on the model, and the optimization process of the overall neural network model parameters is respectively realized according to a forward propagation algorithm and a time-based backward propagation algorithm, and in the process, the training process of the overall framework is realized by using keras.
After the data with better high-dimensional characteristics are correspondingly trained by setting different types of parameters, the fact that the optimal detection rate is obtained on a test set and a training set by the proposed neural network classification is found when the overall parameter setting is carried out, and when hidden layer nodes are set to be 80 and the learning rate is set to be 0.1.
Therefore, the trained model CAN be deployed on a corresponding automobile intrusion detection system, so that the automobile CAN realize the real-time detection of the safe driving state of the automobile by acquiring related CAN bus data and completing the high-dimensional feature extraction and recombination of the data by using a self-encoder in the driving process, the corresponding real-time judgment output is obtained, and when the existence of an attack behavior is detected, the data is reported to a background emergency response system to take emergency response measures so as to ensure the safe driving of the automobile.
As shown in fig. 2, the vehicle-mounted system based on the self-encoder and the recurrent neural network provided by the embodiment of the invention collects the CAN bus data related to the vehicle by using the related OBD-II port, and implements the normalization operation on the data by using the normalization and normalization operations. And completing the recoding and feature learning operations of the boundary behavior data by using a self-encoder. Inputting the recoded data serving as input data into a recurrent neural network classifier, learning the time sequence characteristics of the data by using the recurrent neural network, and realizing and finishing classification of the vehicle behaviors by means of a SoftMax classifier. The automatic encoder is a deep learning network structure used for learning effective coding of data, and mainly aims to learn high-dimensional complex data and extract a proper coding expression mode to realize dimension reduction processing and relevant feature learning of the high-dimensional data.
In an embodiment of the present invention, a vehicle-mounted system based on an autoencoder and a recurrent neural network specifically includes:
and the OBD-II port collects the relevant CAN bus data of the vehicle by using a USB-CAN line.
And the self-encoder is connected with the OBD-II port, performs standardized operation on the collected CAN bus data result related to the vehicle and then serves as input, and performs autonomous learning of data characteristics and characteristic dimension reduction on the input standardized operation data.
And the neural network classifier is connected with the self-encoder, outputs the data of the autonomous learning of the characteristics and the dimension reduction of the characteristics from the encoder, and performs corresponding classification learning on the behavior of the vehicle as the input of the recurrent neural network.
And the SoftMax classifier is connected with the neural network classifier and is used for classifying whether the vehicle behavior is abnormal or not.
As shown in fig. 3, which is a model diagram of an automatic encoder, it can be seen that the network structure is composed of two parts: one data encoder represented by the function h ═ f (Wx + b), and the other part by the function x ═ g (W ═ g)Th + b) completes the decoder generating the reconstruction of the data. An automatic encoder consisting of these two-part functions optimizes the constrained weight matrix W and the reconstructed weight matrix W by using corresponding unsupervised learning algorithmsTThereby further enabling to minimize the error between the model input and output, i.e. to achieve x(i)=x'(i). In the invention, the effective extraction of the data features is realized by utilizing an automatic encoder, so that the effective extraction of the features is realized by adding the constraint of an L1 regular term to a basic loss function to obtain a sparse self-encoder. The specific algorithm steps are shown in detail in the detection method.
In the embodiment of the invention, after the data is recoded by the self-encoder, the output data of the corresponding encoder is used as the input data of the neural network classifier to input, so that proper parameters are searched to distinguish the normal behavior and the boundary behavior of the vehicle. The recurrent neural network is generally composed of an input unit and an output unit, and the essence of the model is a unidirectional circulation process from the input unit to a hidden layer unit after a user inputs related time series stream data.
In the hidden layer unit, the unit stores the data state information of the previous time, so that after the current information data stream enters the corresponding hidden layer unit, the hidden layer unit can obtain the behavior state which is possibly generated in the next state by utilizing the mixed calculation operation of the current data stream and the previously stored data stream. Hidden layer elements in a recurrent neural network are then typically treated as memory in the overall network structure. For storing state data of previous partial behaviors and enabling calculation of state data of next behavior. The structure of the corresponding recurrent neural network is shown in fig. 4 below.
As can be seen from fig. 4, the recurrent neural network is different from the conventional convolutional neural network in that it introduces a ring structure to help memorize the related information before and apply it to the current output calculation. The sequence result calculated by the corresponding hidden layer unit in the current layer is related to the output result of the hidden layer unit in the previous layer, and the neurons among the hidden layer units have a certain information exchange process. The corresponding characteristics are learned by standardizing the data and completing the recoding operation by utilizing an automatic encoder designed by the previous subsection. And then, training the proposed RNN model by utilizing the recoded data, classifying behaviors by utilizing a SoftMax classifier, and performing corresponding evaluation operation on the precision of the model by utilizing a corresponding test data set after the training is finished.
The present invention is further described below with reference to an intelligent network-linked vehicle intrusion detection method based on an autoencoder and a recurrent neural network.
Examples
The intelligent network vehicle intrusion detection method based on the self-encoder and the recurrent neural network comprises the following steps:
in a first step, vehicle related CAN bus data is collected by connecting to an OBD-II port using a USB to CAN line.
And secondly, carrying out standardization operation on the collected vehicle-related CAN bus data results to be used as the input of a self-encoder, and carrying out autonomous learning and feature dimension reduction on the input standardized operation data by using the self-encoder.
And thirdly, outputting the data of the feature self-learning and the feature dimension reduction by a self-encoder, performing corresponding classification learning on the behavior of the vehicle as the input of a recurrent neural network, and classifying whether the behavior of the vehicle is abnormal or not by using a SoftMax classifier.
In a second step, the self-encoder recoding stage: in order to prevent the hidden layer nodes from being more than the output nodes to cause the reduction of the learning capacity of the sample features, the suppression operation is carried out on most of the output of the hidden layer neurons by adding the L1 regular term constraint, so that the sample feature learning has better capacity. The training process for the whole-body self-encoder is shown as the following algorithm:
1) input sample xi(i=1,2,3,…,n)。
2) And carrying out corresponding encoding operation on each node: h is Wxi+ b, where b is a bias term parameter.
3) As long as the current iteration number T is less than the total required iteration number T.
4) As long as the current node number i is less than the total number of nodes n per layer.
5) And performing corresponding residual error updating calculation operation on the weight:
Figure BDA0002372065090000131
the correspondence J (W, b) is a conventional self-encoder loss function expressed as
Figure BDA0002372065090000132
Correspond to
Figure BDA0002372065090000133
For KL divergence constraint, the expression of KL divergence constraint is
Figure BDA0002372065090000134
Wherein
Figure BDA0002372065090000135
The average value of the hidden node output values is β, the penalty coefficient for controlling the sparse term is p, and the expected target value is p.
6) And for the residual error updating calculation operation of the bias term parameter, performing corresponding updating operation by using the equation:
Figure BDA0002372065090000136
7) and carrying out corresponding updating operation on the reconstruction matrix:
Figure BDA0002372065090000137
8) and correspondingly updating the bias item parameters:
Figure BDA0002372065090000138
9) and respectively carrying out self-increment operation on the corresponding node number i and the iteration number t, and then carrying out next weight parameter updating operation.
10) After the optimized reconstruction matrix is obtained, corresponding decoding operation needs to be performed on each node: x'i=g(WTh+b)。
After the algorithm is used for carrying out iterative training on the automatic encoder for multiple times, an optimal constraint weight matrix and a reconstruction matrix can be obtained, loss error values between data obtained after dimensionality reduction and original data can be reduced to the minimum by using the two matrices, low-dimensional expression of high-dimensional data characteristics can be obtained at the same time, and the data is used as input data of a subsequent recurrent neural network classifier.
In the third step, the learning stage of the neural network classifier:
as can also be seen from fig. 2, the process for RNN training is divided into two corresponding phases: forward propagation training and backward propagation training. The forward propagation is responsible for calculating the corresponding prediction sample value at a given sample under the corresponding weight matrix, while the backward propagation performs an update operation on the corresponding weight by calculating the corresponding accumulated residual using differentiation.
FIG. 5 is a complete unfolded Recurrent neural networks structure. Such a standard recovery network structure for FIG. 5 is formalized into a basic composition of three elements corresponding to: (1) given a series of training samples xi(wherein i ═ 1, 2, …, n); (2) giving the corresponding layer hidden layer state unit sequence hi(wherein i ═ 1, 2, …, n); (3) and a series of predicted output values y obtained in response to the abovei(where i ═ 1, 2, …, n). Wherein the other relevant parameters participating in the calculation in the structure are as follows: u is the connection weight between the hidden layer unit at the previous moment and the hidden layer unit at the current moment, V is the relation circle between the hidden layer unit at the corresponding layer and the output layer unit, and W is the connection weight between the input unit and the hidden layer unit at the corresponding layer. The RNN shown in fig. 5 adopts a corresponding forward propagation algorithm and a time-based backward propagation algorithm to complete a corresponding training process, and the specific operation process is as described below.
Samples (x) trained accordingly for each input RNN modeli,yi) The loss was evaluated using the following objective function:
Figure BDA0002372065090000141
where L can evaluate the true value tag yiAnd predictive value tags
Figure BDA0002372065090000142
The function used in the present invention to estimate the loss is a cross entropy function
Figure BDA0002372065090000143
The I forward propagation algorithm comprises the following steps:
1) input sample xi(i=1,2,3,…,n)。
2) For each node xiThe forward propagation calculation is performed as follows.
3) Calculating the mapping value of each node:
Figure BDA0002372065090000144
4) calculating the activation function value of each node: h isi=σ(si) And σ is a hyperbolic tangent activation function.
8) Calculating the classification output value of each node: z is a radical ofi=Vhi+c。
6) And classifying and calculating each node: y isi=softmax(zi)。
The II back propagation algorithm comprises the following steps:
1) inputting a sample:
Figure BDA0002372065090000145
2) for each node. The corresponding residual terms are calculated.
3) Calculating residual values of the weights of the hidden layer unit and the output layer unit, and updating the weight values:
Figure BDA0002372065090000146
4) calculating residual values corresponding to the bias term parameters corresponding to the classification output functions, and updating the bias terms:
Figure BDA0002372065090000147
5) for the connection weight W between the output layer unit and the hidden layer unit, the connection weight U between the previous hidden layer unit and the current hidden layer unit, and the error bias term b of the sample mapping function, since these three parameter updates are associated with the current time t and the next time t +1, the following three parameters need to be updated as follows.
6) And calculating and updating residual values of the connection weights W between the output layer unit and the hidden layer unit:
Figure BDA0002372065090000151
Figure BDA0002372065090000152
7) and calculating and updating residual values of the connection weights U of the previous hidden layer unit and the current hidden layer unit:
Figure BDA0002372065090000153
Figure BDA0002372065090000154
8) calculation and update of the error bias term b for the sample mapping function:
Figure BDA0002372065090000155
Figure BDA0002372065090000156
the invention is further described below in connection with specific experiments.
In order to verify that the model provided by the invention can realize efficient detection of vehicle behaviors, the invention cooperates with a certain automobile information security laboratory in China to perform corresponding experiments on intelligent automobiles of corresponding real categories, and fig. 6 shows the intelligent automobile used in the experimental process. Since the vehicles in the experiments relate to vehicles of the type not disclosed by the vehicle company, the description of the relevant vehicle parameters is kept secret here. In the experiment, the data are acquired by directly accessing the USB to CAN line to an OBD-I port; meanwhile, the invention utilizes the computer to simulate the attacker in the experimental process to realize corresponding replay attack and counterfeit attack; approximately 200,000 pieces of data relating to vehicle traffic were collected. In addition, the invention utilizes the relevant software, namely, the Vehicle Spy to generate a corresponding data log file for the data collected on the CAN bus. The data collected by the present invention is shown in partial sample in fig. 7 and 8. It can be seen from the figure that the collected data consists of time stamps, data fields, data lengths, arbitration fields, description fields, and vehicle network status information. The arbitration domain and other partial parameters relate to cooperation secret data between the experiment center and the automobile manufacturer, so that the partial regions in the graph are subjected to mosaic processing.
As CAN be seen from the present invention in fig. 7, the data transmitted on the CAN bus is basically the packet format of the underlying CAN frame, and one or more data contents CAN be transmitted for packets with different types of IDs. And the variation range of the data contents is from 0x00 to 0 xFF. For CSV files derived from vessel Spy, the invention completes processing operation on the CSV files by using sklern packets in python, realizes normalization and standardization processing on data by using an MAX-MIN method, and completes coding operation on the data by adopting a one-hot coding mode. Meanwhile, according to a training strategy for a neural network model in a plurality of methods, the training of the model is realized by using 80% of data, and the evaluation of the effectiveness of the model is completed by using 20% of data.
The invention aims to improve the learning of the behavior characteristics of the boundary of the automobile by respectively utilizing the self-encoder and the recurrent neural network, so that the detection efficiency is improved on the whole; meanwhile, the convergence speed of the whole network is improved by utilizing a time-based back propagation algorithm. Therefore, the IDS model based on the RNN is evaluated by adopting accuracy, and the overall performance of the proposed model is evaluated by introducing two indexes, namely an alarm rate and a false alarm rate. The corresponding accuracy, alarm rate and false alarm rate are calculated by using equations (1) to (3), respectively. Where True Positive (tp) is the number of records identified as anomalous that are correctly identified, False Positive (FP) is the number of records identified as anomalous that are marked as normal, True Negative (TN) is the number of records identified as normal that are marked as normal, and False Negative (FN) is the number of records identified as normal that are marked as anomalous.
Figure BDA0002372065090000171
Figure BDA0002372065090000172
Figure BDA0002372065090000173
In the experiment, when the hidden nodes are set to be 80 nodes and the learning rate is set to be 0.1, the model obtains higher accuracy rate on both a test set and a training set. Fig. 9 shows the detection result of the confusion matrix of the intrusion detection model for the test data set under the condition of the optimal parameters. The experimental result shows that the model has 91.22% accuracy under the condition of the parameter configuration. Similarly, the IDS models proposed by the present invention are compared with IDS models proposed by different schemes in terms of detection efficiency, and the experimental result is shown in fig. 10, and it can be seen from fig. 10 that the proposed scheme can reach approximately 92% in terms of TPR index. It can also be seen from the blue curve that the model proposed herein also has higher detection efficiency than previous IDS based on machine learning or statistical models. Although the method proposed herein takes much time to train the model, the present invention may attempt to use the GPU or perform a corresponding training process on the model in an off-line manner. Therefore, the accuracy of detection efficiency can be obviously improved by utilizing the advantages in deep learning in the feature extraction and model classification of the data set.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The vehicle-mounted system intrusion detection method based on the self-encoder and the recurrent neural network is characterized by comprising the following steps of:
firstly, collecting vehicle-related CAN bus data by connecting a USB to a CAN line to an OBD-II port;
secondly, carrying out standardization operation on the collected vehicle-related CAN bus data results to be used as the input of a self-encoder, and carrying out autonomous learning of data characteristics and characteristic dimension reduction on the input standardized operation data by using the self-encoder;
and thirdly, outputting the data of the feature self-learning and the feature dimension reduction by a self-encoder, performing corresponding classification learning on the behavior of the vehicle as the input of a recurrent neural network, and classifying whether the behavior of the vehicle is abnormal or not by using a SoftMax classifier.
2. The method for detecting the intrusion of the vehicular system based on the self-encoder and the recurrent neural network as claimed in claim 1, wherein in the second step, the method for self-learning the data characteristics and reducing the dimension of the characteristics by the self-encoder comprises:
1) input sample xi(i=1,2,3,…,n);
2) And carrying out corresponding encoding operation on each node: h is Wxi+ b, where b is a bias term parameter;
3) the current iteration time T is less than the total required iteration time T;
4) the current node number i is smaller than the total number n of nodes on each layer;
5) and performing corresponding residual error updating calculation operation on the weight:
Figure FDA0002372065080000011
corresponding to J (W, b) as a conventional autoencoder loss function, the expression is
Figure FDA0002372065080000012
Correspond to
Figure FDA0002372065080000013
For KL divergence constraint, the expression of KL divergence constraint is
Figure FDA0002372065080000014
Wherein
Figure FDA0002372065080000015
The average value of the hidden layer node output values is obtained, β is a penalty coefficient for controlling the sparse term, and rho is an expected target value;
6) and for the residual error updating calculation operation of the bias term parameters, performing corresponding updating operation by using the following equation:
Figure FDA0002372065080000016
7) corresponding to the reconstruction matrixUpdating operation:
Figure FDA0002372065080000017
8) and correspondingly updating the bias item parameters:
Figure FDA0002372065080000021
9) respectively carrying out self-increment operation on the corresponding node number i and the iteration number t, and then carrying out next weight parameter updating operation;
10) and after the optimized reconstruction matrix is obtained, performing corresponding decoding operation on each node: x'i=g(WTh+b);
11) And after carrying out repeated iterative training on the automatic encoder, obtaining an optimal constraint weight matrix and a reconstruction matrix as input data of a subsequent recurrent neural network classifier.
3. The method for detecting the intrusion of the vehicular system based on the self-encoder and the recurrent neural network as claimed in claim 1, wherein in the third step, the recurrent neural network performs the corresponding classification learning method on the behavior of the vehicle, which comprises:
and calculating a corresponding prediction sample value under a given sample under a corresponding weight matrix by utilizing forward propagation, and updating the corresponding weight by calculating a corresponding accumulated residual by utilizing differential propagation by utilizing backward propagation.
4. The method of claim 3, wherein the forward propagation algorithm comprises:
1) input sample xi(i=1,2,3,…,n);
2) For each node xiPerforming forward propagation calculation as follows;
3) calculating the mapping value of each node:
Figure FDA0002372065080000024
4) calculating the activation function value of each node: h isi=σ(si) σ is a hyperbolic tangent activation function;
6) calculating the classification output value of each node: z is a radical ofi=Vhi+c;
7) And classifying and calculating each node: y isi=softmax(zi);
The back propagation algorithm includes:
1) inputting a sample:
Figure FDA0002372065080000022
2) calculating a corresponding residual error item for each node;
3) calculating residual values of the weights of the hidden layer unit and the output layer unit, and updating the weight values:
Figure FDA0002372065080000023
4) calculating residual values corresponding to the bias term parameters corresponding to the classification output functions, and updating the bias terms:
Figure FDA0002372065080000031
5) for the connection weight W between the output layer unit and the hidden layer unit, the connection weight U between the previous hidden layer unit and the current time hidden layer unit and the error bias term b of the sample mapping function, wherein the three parameter updates are associated with the current time t and the next time t +1, and the following three parameters are subjected to step 6), step 7) and step 8) updating;
6) and calculating and updating residual values of the connection weights W between the output layer unit and the hidden layer unit:
Figure FDA0002372065080000032
Figure FDA0002372065080000033
7) and calculating and updating residual values of the connection weights U of the previous hidden layer unit and the current hidden layer unit:
Figure FDA0002372065080000034
Figure FDA0002372065080000035
8) calculation and update of the error bias term b for the sample mapping function:
Figure FDA0002372065080000036
Figure FDA0002372065080000037
5. the method of claim 4, wherein the samples (x) of each input RNN model are trained correspondinglyi,yi) The loss was evaluated using the following objective function:
Figure FDA0002372065080000041
where L can evaluate the true value tag yiAnd predictive value tags
Figure FDA0002372065080000042
The deviation distance between the two, the function used to estimate the loss being a cross entropy function
Figure FDA0002372065080000043
6. The method for detecting vehicle-mounted system intrusion based on the self-encoder and the recurrent neural network as claimed in claim 1, wherein the method for detecting vehicle-mounted system intrusion based on the self-encoder and the recurrent neural network further comprises:
collecting corresponding data log files generated by a vehicle under a normal driving condition, carrying out corresponding preprocessing operation, connecting a USB-CAN (Universal Serial bus) to an OBD-II (on-Board-II) port of the vehicle, connecting a USB end to a computer, and collecting a data set normally related to the vehicle by utilizing vehicle spy software;
collecting an attack data set of a related vehicle, carrying out corresponding preprocessing operation, connecting the attack data set to an OBD-II port of the vehicle by using a USB-CAN (Universal Serial bus-to-CAN) line, connecting a USB end to a computer end, and collecting the corresponding attack data set by using vehicle spy software; according to the CAN bus message broadcasting type principle, the flooding attack on the automobile data set is realized;
step three, setting a parameter model, mapping 16-dimensional normalized and normalized feature data to 48-dimensional data features by utilizing a one-hot coding technology, and correspondingly setting the input and output of the recurrent neural network as 48 nodes and 2 nodes respectively; simultaneously, before a parameter model is trained, the number of hidden nodes in the neural network is respectively set to be four categories of 40, 60, 80 and 100; the learning rates are respectively set to be 0.01, 0.05 and 0.1, and the model is respectively trained correspondingly, and the optimization process of the overall neural network model parameters is realized according to a forward propagation algorithm and a time-based back propagation algorithm.
7. The self-encoder and recurrent neural network-based intrusion detection method for vehicle systems according to claim 6, wherein the data set collected in step one comprises ID field value, time stamp, data length bit, data field content and corresponding vehicle information description content of the message; the MAX-MIN method is utilized to complete corresponding standardization and normalization processing on the data, and the processed data is divided correspondingly: carrying out model training on 80% of data in the total sample, and using 20% of data for effect verification of the model;
step two, the method for realizing the flooding attack on the automobile data set according to the CAN bus message broadcasting type principle comprises the following steps: the ID values in the related CAN message frames are modified by utilizing the vehicle spy software, so that the ID values of the ID values in the CAN frames to be sent in all the message frames are minimum, other related circuit control unit nodes on the bus cannot obtain bus resources, and normal communication between ECU nodes is further limited and destroyed; after the corresponding data are collected, the standardization and normalization processing of the data are completed by utilizing an MAX-MIN method; 80% of the data is used for testing the set, and 20% of the data is used for verifying the effect of the model;
in the third step, the hidden node is 80, and the learning rate is 0.1.
8. An on-vehicle system based on the self-encoder and the recurrent neural network, which implements the intrusion detection method of the on-vehicle system based on the self-encoder and the recurrent neural network of claims 1 to 7, wherein the on-vehicle system based on the self-encoder and the recurrent neural network comprises:
the OBD-II port collects vehicle related CAN bus data by using a USB-CAN line;
the self-encoder is connected with the OBD-II port, and is used for performing standardized operation on the collected CAN bus data result related to the vehicle to serve as input, and performing autonomous learning and feature dimension reduction on the input standardized operation data;
the neural network classifier is connected with the self-encoder, outputs the data of the autonomous learning of the characteristics and the dimension reduction of the characteristics from the self-encoder, and performs corresponding classification learning on the behavior of the vehicle as the input of the recurrent neural network;
and the SoftMax classifier is connected with the neural network classifier and is used for classifying whether the vehicle behavior is abnormal or not.
9. A computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method for intrusion detection for a vehicle system based on an autoencoder and a recurrent neural network according to any one of claims 1 to 7.
10. A motor vehicle for carrying out the on-board system intrusion detection method based on self-encoders and recurrent neural networks according to any one of claims 1 to 7.
CN202010053614.1A 2020-01-17 2020-01-17 Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network Active CN111294341B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010053614.1A CN111294341B (en) 2020-01-17 2020-01-17 Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010053614.1A CN111294341B (en) 2020-01-17 2020-01-17 Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network

Publications (2)

Publication Number Publication Date
CN111294341A true CN111294341A (en) 2020-06-16
CN111294341B CN111294341B (en) 2021-12-28

Family

ID=71018949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010053614.1A Active CN111294341B (en) 2020-01-17 2020-01-17 Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network

Country Status (1)

Country Link
CN (1) CN111294341B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111770069A (en) * 2020-06-17 2020-10-13 北京航空航天大学 Vehicle-mounted network simulation data set generation method based on intrusion attack
CN111800421A (en) * 2020-07-06 2020-10-20 东北大学 Vehicle networking intrusion detection system based on hidden Markov model
CN111931252A (en) * 2020-07-28 2020-11-13 重庆邮电大学 Vehicle-mounted CAN intrusion detection method based on sliding window and CENN
CN112887302A (en) * 2021-01-22 2021-06-01 中汽创智科技有限公司 Automobile controller local area network bus intrusion detection method and system
CN113162902A (en) * 2021-02-02 2021-07-23 江苏大学 Low-delay and safe vehicle-mounted intrusion detection method based on deep learning
CN113179250A (en) * 2021-03-26 2021-07-27 北京六方云信息技术有限公司 Web unknown threat detection method and system
CN113255750A (en) * 2021-05-17 2021-08-13 安徽大学 VCC vehicle attack detection method based on deep learning
CN113449837A (en) * 2020-11-12 2021-09-28 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113780382A (en) * 2021-08-29 2021-12-10 桂林电子科技大学 AE and PMU-based high-efficiency network security situation assessment method
CN113961354A (en) * 2021-10-29 2022-01-21 重庆长安汽车股份有限公司 Machine-based stuck identification method and system based on weak supervision learning vehicle
CN114422623A (en) * 2022-01-17 2022-04-29 山西省信息通信网络技术保障中心 Method and device for identifying abnormal traffic of Internet of vehicles based on instruction sequence
CN116132078A (en) * 2022-05-07 2023-05-16 河北工业大学 Vehicle CAN communication intrusion detection method based on graph neural evolution

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067773A (en) * 2018-09-10 2018-12-21 成都信息工程大学 A kind of vehicle-mounted CAN network inbreak detection method neural network based and system
CN109581871A (en) * 2018-12-03 2019-04-05 北京工业大学 The immune industrial control system intrusion detection method to resisting sample
CN109660522A (en) * 2018-11-29 2019-04-19 华东师范大学 The mixed intrusion detection method based on deep layer self-encoding encoder towards Integrated Electronic System
CN109728939A (en) * 2018-12-13 2019-05-07 杭州迪普科技股份有限公司 A kind of network flow detection method and device
US20190273510A1 (en) * 2018-03-01 2019-09-05 Crowdstrike, Inc. Classification of source data by neural network processing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190273510A1 (en) * 2018-03-01 2019-09-05 Crowdstrike, Inc. Classification of source data by neural network processing
CN109067773A (en) * 2018-09-10 2018-12-21 成都信息工程大学 A kind of vehicle-mounted CAN network inbreak detection method neural network based and system
CN109660522A (en) * 2018-11-29 2019-04-19 华东师范大学 The mixed intrusion detection method based on deep layer self-encoding encoder towards Integrated Electronic System
CN109581871A (en) * 2018-12-03 2019-04-05 北京工业大学 The immune industrial control system intrusion detection method to resisting sample
CN109728939A (en) * 2018-12-13 2019-05-07 杭州迪普科技股份有限公司 A kind of network flow detection method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
付磊等: "人工智能在智能网联汽车上的应用进展", 《汽车文摘》 *
张玉清等: "深度学习应用于网络空间安全的现状、趋势与展望", 《计算机研究与发展》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111770069A (en) * 2020-06-17 2020-10-13 北京航空航天大学 Vehicle-mounted network simulation data set generation method based on intrusion attack
CN111800421B (en) * 2020-07-06 2021-08-24 东北大学 Vehicle networking intrusion detection system based on hidden Markov model
CN111800421A (en) * 2020-07-06 2020-10-20 东北大学 Vehicle networking intrusion detection system based on hidden Markov model
CN111931252A (en) * 2020-07-28 2020-11-13 重庆邮电大学 Vehicle-mounted CAN intrusion detection method based on sliding window and CENN
CN111931252B (en) * 2020-07-28 2022-05-03 重庆邮电大学 Vehicle-mounted CAN intrusion detection method based on sliding window and CENN
CN113449837A (en) * 2020-11-12 2021-09-28 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113449837B (en) * 2020-11-12 2022-10-11 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN112887302A (en) * 2021-01-22 2021-06-01 中汽创智科技有限公司 Automobile controller local area network bus intrusion detection method and system
CN113162902A (en) * 2021-02-02 2021-07-23 江苏大学 Low-delay and safe vehicle-mounted intrusion detection method based on deep learning
CN113162902B (en) * 2021-02-02 2022-09-16 江苏大学 Low-delay safe vehicle-mounted intrusion detection method based on deep learning
CN113179250A (en) * 2021-03-26 2021-07-27 北京六方云信息技术有限公司 Web unknown threat detection method and system
CN113179250B (en) * 2021-03-26 2022-05-17 北京六方云信息技术有限公司 Method and system for detecting unknown web threats
CN113255750A (en) * 2021-05-17 2021-08-13 安徽大学 VCC vehicle attack detection method based on deep learning
CN113255750B (en) * 2021-05-17 2022-11-08 安徽大学 VCC vehicle attack detection method based on deep learning
CN113780382A (en) * 2021-08-29 2021-12-10 桂林电子科技大学 AE and PMU-based high-efficiency network security situation assessment method
CN113961354A (en) * 2021-10-29 2022-01-21 重庆长安汽车股份有限公司 Machine-based stuck identification method and system based on weak supervision learning vehicle
CN114422623A (en) * 2022-01-17 2022-04-29 山西省信息通信网络技术保障中心 Method and device for identifying abnormal traffic of Internet of vehicles based on instruction sequence
CN116132078A (en) * 2022-05-07 2023-05-16 河北工业大学 Vehicle CAN communication intrusion detection method based on graph neural evolution

Also Published As

Publication number Publication date
CN111294341B (en) 2021-12-28

Similar Documents

Publication Publication Date Title
CN111294341B (en) Vehicle-mounted system intrusion detection method based on self-encoder and recurrent neural network
Hanselmann et al. CANet: An unsupervised intrusion detection system for high dimensional CAN bus data
CN110691100B (en) Hierarchical network attack identification and unknown attack detection method based on deep learning
CN109067773B (en) Vehicle-mounted CAN network intrusion detection method and system based on neural network
CN111585948B (en) Intelligent network security situation prediction method based on power grid big data
CN108390869B (en) Vehicle-mounted intelligent gateway device integrating deep learning and command sequence detection method thereof
Qin et al. Application of controller area network (CAN) bus anomaly detection based on time series prediction
CN113824684B (en) Vehicle-mounted network intrusion detection method and system based on transfer learning
CN110324337B (en) Vehicle intranet intrusion detection method and system based on capsule neural network
Desta et al. ID sequence analysis for intrusion detection in the CAN bus using long short term memory networks
CN111931252B (en) Vehicle-mounted CAN intrusion detection method based on sliding window and CENN
Ezeobi et al. Reverse engineering controller area network messages using unsupervised machine learning
CN115277189A (en) Unsupervised intrusion flow detection and identification method based on generative countermeasure network
Nguyen et al. Transformer-based attention network for in-vehicle intrusion detection
CN109660522B (en) Deep self-encoder-based hybrid intrusion detection method for integrated electronic system
Wang et al. Vulnerability of deep learning model based anomaly detection in vehicle network
Abd et al. Intelligent Intrusion Detection System in Internal Communication Systems for Driverless Cars.
Zhang et al. A binarized neural network approach to accelerate in-vehicle network intrusion detection
Rumez et al. Anomaly detection for automotive diagnostic applications based on N-grams
Zhang et al. Many-objective optimization based intrusion detection for in-vehicle network security
Salek et al. A novel hybrid quantum-classical framework for an in-vehicle controller area network intrusion detection
Zhang et al. Accelerating in-vehicle network intrusion detection system using binarized neural network
Jaoudi et al. Conversion of an unsupervised anomaly detection system to spiking neural network for car hacking identification
Hu et al. A multi-attack intrusion detection model based on Mosaic coded convolutional neural network and centralized encoding
Gao et al. Attack Detection for Intelligent Vehicles via CAN-Bus: A Lightweight Image Network Approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230719

Address after: 230000 Anhui Hefei high tech Zone Innovation Industrial Park two phase J2 District C block 18 floor.

Patentee after: HEFEI LONGTUTEM INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 610225, No. 24, Section 1, Xuefu Road, Southwest Economic Development Zone, Chengdu, Sichuan

Patentee before: CHENGDU University OF INFORMATION TECHNOLOGY

Effective date of registration: 20230719

Address after: Room 301, Floor 3, No. 368 Changjiang Road, Nangang Concentration District, Harbin Economic Development Zone, Heilongjiang Province, 150000

Patentee after: Heilongjiang Northeast Digital Publishing and Media Co.,Ltd.

Address before: 230000 Anhui Hefei high tech Zone Innovation Industrial Park two phase J2 District C block 18 floor.

Patentee before: HEFEI LONGTUTEM INFORMATION TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right