AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in Automotive Ethernet Networks

• URL: http://arxiv.org/abs/2202.00045v1
• Date: Mon, 31 Jan 2022 19:13:20 GMT
• Title: AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in Automotive Ethernet Networks
• Authors: Natasha Alkhatib, Maria Mushtaq, Hadi Ghauch, Jean-Luc Danger
• Abstract summary: In this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP) Our proposed approach is evaluated on the recently published " Automotive Ethernet Intrusion dataset"
• Score: 2.415997479508991
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Network Intrusion Detection Systems are well considered as efficient tools for securing in-vehicle networks against diverse cyberattacks. However, since cyberattack are always evolving, signature-based intrusion detection systems are no longer adopted. An alternative solution can be the deployment of deep learning based intrusion detection system (IDS) which play an important role in detecting unknown attack patterns in network traffic. To our knowledge, no previous research work has been done to detect anomalies on automotive ethernet based in-vehicle networks using anomaly based approaches. Hence, in this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP), an application layer protocol implemented in the recent in-vehicle network Automotive Ethernet. The CAE consists of an encoder and a decoder with CNN structures that are asymmetrical. Anomalies in AVTP packet stream, which may lead to critical interruption of media streams, are therefore detected by measuring the reconstruction error of each sliding window of AVTP packets. Our proposed approach is evaluated on the recently published "Automotive Ethernet Intrusion Dataset", and is also compared with other state-of-the art traditional anomaly detection and signature based models in machine learning. The numerical results show that our proposed model outperfoms the other methods and excel at predicting unknown in-vehicle intrusions, with 0.94 accuracy. Moreover, our model has a low level of false alarm and miss detection rates for different AVTP attack types.

Related papers

• A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks [0.4077787659104315]
  We present an assessment framework that allows for reproducible, comparable, and rapid evaluation of anomaly detection algorithms. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types.
  arXiv  Detail & Related papers  (2024-05-02T14:29:42Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• Using EBGAN for Anomaly Intrusion Detection [13.155954231596434]
  We propose an EBGAN-based intrusion detection method, IDS-EBGAN, that classifies network records as normal traffic or malicious traffic. The generator in IDS-EBGAN is responsible for converting the original malicious network traffic in the training set into adversarial malicious examples. During testing, IDS-EBGAN uses reconstruction error of discriminator to classify traffic records.
  arXiv  Detail & Related papers  (2022-06-21T13:49:34Z)
• ARCADE: Adversarially Regularized Convolutional Autoencoder for Network Anomaly Detection [0.0]
  unsupervised anomaly-based deep learning detection system called ARCADE. A convolutional Autoencoder (AE) is proposed that suits online detection in resource-constrained environments.
  arXiv  Detail & Related papers  (2022-05-03T11:47:36Z)
• DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly detection in air transportation [68.8204255655161]
  We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE) It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase. Results show that the DAE achieves better results in both accuracy and speed of detection.
  arXiv  Detail & Related papers  (2021-09-08T14:07:55Z)
• SOME/IP Intrusion Detection using Deep Learning-based Sequential Models in Automotive Ethernet Networks [2.3204135551124407]
  Intrusion Detection Systems are widely used to detect cyberattacks. We present a deep learning-based sequential model for offline intrusion detection on SOME/IP protocol.
  arXiv  Detail & Related papers  (2021-08-04T09:58:06Z)
• DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows [52.31831255787147]
  We introduce a novel technique, DAAIN, to detect out-of-distribution (OOD) inputs and adversarial attacks (AA) Our approach monitors the inner workings of a neural network and learns a density estimator of the activation distribution. Our model can be trained on a single GPU making it compute efficient and deployable without requiring specialized accelerators.
  arXiv  Detail & Related papers  (2021-05-30T22:07:13Z)
• Convolutional Neural Network-based Intrusion Detection System for AVTP Streams in Automotive Ethernet-based Networks [2.141079906482723]
  Connected and autonomous vehicles (CAVs) are an innovative form of traditional vehicles. No previous studies have focused on intrusion detection in automotive Ethernet-based networks. We present an intrusion detection method for detecting audio-video transport protocol (AVTP) stream injection attacks.
  arXiv  Detail & Related papers  (2021-02-06T09:37:09Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)
• Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical Edge Computing [65.78881372074983]
  IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay. We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems. We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-04-15T06:13:33Z)
• Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
  We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.