Go to DBLP homepageIn-Vehicle Network Anomaly Detection Using Extreme Gradient Boosting Machine
Abstract: Modern vehicles have significantly increased the number of Internet of Things (IoT) devices called electronic control units (ECUs) connected by in-vehicle networks to provide enhanced features and safety. These devices communicate with the environment and have brought the notion of the Internet of vehicles. The controller area network (CAN) bus facilitates efficient ECU communications and is the standard protocol used by every vehicle, but it is susceptible to remote attacks. Consequently, it is desirable to monitor the CAN bus for malicious activities, such as data injection attacks, that can compromise the vehicular operations. We present an anomaly detection technique that uses an extreme gradient boosting machine (GBM) learning algorithm to categorize unexpected occurrences in the CAN data payload. We further combine GBM with a ten-fold cross-validation method to improve prediction performance. Moreover, we use the early -stopping and grid search approaches to overcome overfitting without affecting model accuracy. We evaluate our detection approach on real CAN bus datasets collected from Hyundai Sonata, a KIA Soul, and Chevrolet Spark with different attack scenarios, such as Denial-of-Service (DoS), fuzzy, spoofing, and malfunction attacks. Using standard metrics, such as accuracy, recall, precision, F1 score, and false-positive rate, the performance analysis of the proposed model achieved an overall accuracy of over 99 percent.
Loading