MTH-IDS: A Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles (2105.13289v1)

Abstract: Modern vehicles, including connected vehicles and autonomous vehicles, nowadays involve many electronic control units connected through intra-vehicle networks to implement various functionalities and perform actions. Modern vehicles are also connected to external networks through vehicle-to-everything technologies, enabling their communications with other vehicles, infrastructures, and smart devices. However, the improving functionality and connectivity of modern vehicles also increase their vulnerabilities to cyber-attacks targeting both intra-vehicle and external networks due to the large attack surfaces. To secure vehicular networks, many researchers have focused on developing intrusion detection systems (IDSs) that capitalize on machine learning methods to detect malicious cyber-attacks. In this paper, the vulnerabilities of intra-vehicle and external networks are discussed, and a multi-tiered hybrid IDS that incorporates a signature-based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks. Experimental results illustrate that the proposed system can detect various types of known attacks with 99.99% accuracy on the CAN-intrusion-dataset representing the intra-vehicle network data and 99.88% accuracy on the CICIDS2017 dataset illustrating the external vehicular network data. For the zero-day attack detection, the proposed system achieves high F1-scores of 0.963 and 0.800 on the above two datasets, respectively. The average processing time of each data packet on a vehicle-level machine is less than 0.6 ms, which shows the feasibility of implementing the proposed system in real-time vehicle systems. This emphasizes the effectiveness and efficiency of the proposed IDS.

• The paper presents a multi-tiered hybrid IDS that integrates signature-based and anomaly-based methods using machine learning to detect both known and zero-day attacks.
• It employs advanced feature engineering and SMOTE for data balancing, ensuring high detection accuracy on complex vehicular network datasets.
• The system achieves up to 99.99% accuracy and robust F1-scores, offering a promising solution for enhanced cybersecurity in Internet of Vehicles environments.

Overview of MTH-IDS: A Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles

In the paper titled "MTH-IDS: A Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles," the authors present a sophisticated architecture for intrusion detection tailored to the progressive and complex network environment found within vehicular systems. As modern vehicles enhance their functionalities and expand connectivity avenues through advanced vehicle-to-everything (V2X) technologies, it becomes imperative to address the extensive vulnerabilities that these advancements introduce.

The authors propose a multi-tiered hybrid intrusion detection system (MTH-IDS) combining both signature-based and anomaly-based techniques to ensure comprehensive detection of known and unknown cyber threats. The premise is to leverage machine learning models to delineate the intricate attack surfaces found within intra-vehicle networks and external vehicular networks.

Technical Contributions

1. Hybrid IDS Architecture: The paper introduces a dual-stage IDS architecture that integrates signature-based IDS and anomaly-based IDS models. The signature-based IDS utilizes supervised learning algorithms, including tree-based methods like DT, RF, ET, and XGBoost, optimized via stacking methods to enhance multi-class attack detection. Conversely, the anomaly-based IDS employs unsupervised CL-k-means clustering augmented with Bayesian optimization to identify zero-day threats.
2. Data Optimization Techniques: Key to the system's performance is a novel feature engineering process, which incorporates IG, FCBF, and KPCA algorithms to refine dataset quality by removing noise and redundancy. Furthermore, the employment of SMOTE ensures balanced datasets, addressing class imbalance issues and enhancing the detection capabilities of minority attack cases.
3. Performance Evaluation: The system demonstrates remarkable efficacy in identifying known intrusions, achieving accuracy rates of 99.99% and 99.88% on the CAN-intrusion and CICIDS2017 datasets respectively. Notably, the system also shows promising results for detecting unknown attacks, with F1-scores of 0.963 and 0.800 on the corresponding datasets, indicating robustness in real-time scenarios.

Implications

The implications of this research are profound both in practical and theoretical domains. Practically, the proposed system could be integrated into vehicular networks, markedly reducing potential breaches and enhancing cybersecurity resilience across the automotive landscape. Theoretically, the integration of sophisticated machine learning models tailored to vehicular network structures opens new avenues for further exploration, particularly in refining zero-day threat detection techniques.

Speculations on Future Developments

Given the promising results, future developments may gravitate towards refining anomaly detection algorithms to further reduce false positives and improve detection rates of new attack types. Incorporating online learning mechanisms could allow the system to adapt dynamically to evolving threat landscapes, enhancing its robustness and applicability in rapidly advancing IoV environments.

By synthesizing various machine learning paradigms into an efficiently tiered framework, this paper provides a substantial contribution to the field of cybersecurity within vehicular networks. The meticulous approach towards optimizing data quality and machine learning model configurations presents a robust solution to the growing challenges faced by interconnected vehicular systems. As vehicular technology continues to evolve, pursuing robust intrusion detection systems such as MTH-IDS will be indispensable in safeguarding automotive networks from the sophisticated threats they will undoubtedly encounter.