Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

A robust multi-stage intrusion detection system for in-vehicle network security using hierarchical federated learning

Althunayyan, Muzun, Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945 and Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646 2024. A robust multi-stage intrusion detection system for in-vehicle network security using hierarchical federated learning. Vehicular Communications 49 , 100837. 10.1016/j.vehcom.2024.100837

[thumbnail of 1-s2.0-S2214209624001128-main.pdf]
Preview
PDF - Published Version
Available under License Creative Commons Attribution.

Download (2MB) | Preview
License URL: http://creativecommons.org/licenses/by/4.0/
License Start date: 27 August 2024

Abstract

As connected and autonomous vehicles proliferate, the Controller Area Network (CAN) bus has become the predominant communication standard for in-vehicle networks due to its speed and efficiency. However, the CAN bus lacks basic security measures such as authentication and encryption, making it highly vulnerable to cyberattacks. To ensure in-vehicle security, intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks while remaining lightweight for practical deployment. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. These approaches overlook other exploitable features, making it challenging to adapt to new unseen attack variants and compromising security. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations. The proposed IDS employs a multi-stage approach: an artificial neural network (ANN) in the first stage to detect seen attacks, and a Long Short-Term Memory (LSTM) autoencoder in the second stage to detect new, unseen attacks. To understand and analyze diverse driving behaviors, update the model with the latest attack patterns, and preserve data privacy, we propose a theoretical framework to deploy our IDS in a hierarchical federated learning (H-FL) environment. Experimental results demonstrate that our IDS achieves an F1-score exceeding 0.99 for seen attacks and exceeding 0.95 for novel attacks, with a detection rate of 99.99%. Additionally, the false alarm rate (FAR) is exceptionally low at 0.016%, minimizing false alarms. Despite using DL algorithms known for their effectiveness in identifying sophisticated and zero-day attacks, the IDS remains lightweight, ensuring its feasibility for real-world deployment. This makes our model robust against seen and unseen attacks.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Additional Information: License information from Publisher: LICENSE 1: URL: http://creativecommons.org/licenses/by/4.0/, Start Date: 2024-08-27
Publisher: Elsevier
ISSN: 2214-2096
Date of First Compliant Deposit: 25 September 2024
Date of Acceptance: 26 August 2024
Last Modified: 25 Sep 2024 10:34
URI: https://orca.cardiff.ac.uk/id/eprint/171716

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics