A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks

• URL: http://arxiv.org/abs/2405.01324v1
• Date: Thu, 2 May 2024 14:29:42 GMT
• Title: A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks
• Authors: Philipp Meyer, Timo Häckel, Teresa Lübeck, Franz Korf, Thomas C. Schmidt,
• Abstract summary: We present an assessment framework that allows for reproducible, comparable, and rapid evaluation of anomaly detection algorithms. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types.
• Score: 0.4077787659104315
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Connected cars are susceptible to cyberattacks. Security and safety of future vehicles highly depend on a holistic protection of automotive components, of which the time-sensitive backbone network takes a significant role. These onboard Time-Sensitive Networks (TSNs) require monitoring for safety and -- as versatile platforms to host Network Anomaly Detection Systems (NADSs) -- for security. Still a thorough evaluation of anomaly detection methods in the context of hard real-time operations, automotive protocol stacks, and domain specific attack vectors is missing along with appropriate input datasets. In this paper, we present an assessment framework that allows for reproducible, comparable, and rapid evaluation of detection algorithms. It is based on a simulation toolchain, which contributes configurable topologies, traffic streams, anomalies, attacks, and detectors. We demonstrate the assessment of NADSs in a comprehensive in-vehicular network with its communication flows, on which we model traffic anomalies. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types. Our approach translates to other real-time Ethernet domains, such as industrial facilities, airplanes, and UAVs.

Related papers

• Convolutional Neural Network Design and Evaluation for Real-Time Multivariate Time Series Fault Detection in Spacecraft Attitude Sensors [41.94295877935867]
  This paper presents a novel approach to detecting stuck values within the Accelerometer and Inertial Measurement Unit of a drone-like spacecraft. A multi-channel Convolutional Neural Network (CNN) is used to perform multi-target classification and independently detect faults in the sensors. An integration methodology is proposed to enable the network to effectively detect anomalies and trigger recovery actions at the system level.
  arXiv  Detail & Related papers  (2024-10-11T09:36:38Z)
• Electrical Grid Anomaly Detection via Tensor Decomposition [41.94295877935867]
  Previous work has shown that dimensionality reduction-based approaches can be used for accurate identification of anomalies in SCADA systems. In this work, we novelly apply the tensor decomposition method Canonical Polyadic Alternating Poisson Regression with a probabilistic framework, to identify anomalies in SCADA systems. In our experiments, we model real-world SCADA system data collected from the electrical grid operated by Los Alamos National Laboratory.
  arXiv  Detail & Related papers  (2023-10-12T18:23:06Z)
• A Variational Autoencoder Framework for Robust, Physics-Informed Cyberattack Recognition in Industrial Cyber-Physical Systems [2.051548207330147]
  We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on industrial control systems. The framework has a hybrid design that combines a variational autoencoder (VAE), a recurrent neural network (RNN), and a Deep Neural Network (DNN)
  arXiv  Detail & Related papers  (2023-10-10T19:07:53Z)
• DARTH: Holistic Test-time Adaptation for Multiple Object Tracking [87.72019733473562]
  Multiple object tracking (MOT) is a fundamental component of perception systems for autonomous driving. Despite the urge of safety in driving systems, no solution to the MOT adaptation problem to domain shift in test-time conditions has ever been proposed. We introduce DARTH, a holistic test-time adaptation framework for MOT.
  arXiv  Detail & Related papers  (2023-10-03T10:10:42Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• Anomaly Detection in Automatic Generation Control Systems Based on Traffic Pattern Analysis and Deep Transfer Learning [0.38073142980733]
  In modern highly interconnected power grids, automatic generation control (AGC) is crucial in maintaining the stability of the power grid. The dependence of the AGC system on the information and communications technology (ICT) system makes it vulnerable to various types of cyber-attacks. Information flow (IF) analysis and anomaly detection became paramount for preventing cyber attackers from driving the cyber-physical power system to instability.
  arXiv  Detail & Related papers  (2022-09-16T17:52:42Z)
• Unsupervised Abnormal Traffic Detection through Topological Flow Analysis [1.933681537640272]
  topological connectivity component of a malicious flow is less exploited. We present a simple method that facilitate the use of connectivity graph features in unsupervised anomaly detection algorithms.
  arXiv  Detail & Related papers  (2022-05-14T18:52:49Z)
• STC-IDS: Spatial-Temporal Correlation Feature Analyzing based Intrusion Detection System for Intelligent Connected Vehicles [7.301018758489822]
  We present a novel model for automotive intrusion detection by spatial-temporal correlation features of in-vehicle communication traffic (STC-IDS) Specifically, the proposed model exploits an encoding-detection architecture. In the encoder part, spatial and temporal relations are encoded simultaneously. The encoded information is then passed to the detector for generating forceful spatial-temporal attention features and enabling anomaly classification.
  arXiv  Detail & Related papers  (2022-04-23T04:22:58Z)
• AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in Automotive Ethernet Networks [2.415997479508991]
  In this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP) Our proposed approach is evaluated on the recently published " Automotive Ethernet Intrusion dataset"
  arXiv  Detail & Related papers  (2022-01-31T19:13:20Z)
• Defending Water Treatment Networks: Exploiting Spatio-temporal Effects for Cyber Attack Detection [46.67179436529369]
  Water Treatment Networks (WTNs) are critical infrastructures for local communities and public health, WTNs are vulnerable to cyber attacks. We propose a structured anomaly detection framework to defend WTNs by modeling thetemporal characteristics of cyber attacks in WTNs.
  arXiv  Detail & Related papers  (2020-08-26T15:56:55Z)
• Risk-Averse MPC via Visual-Inertial Input and Recurrent Networks for Online Collision Avoidance [95.86944752753564]
  We propose an online path planning architecture that extends the model predictive control (MPC) formulation to consider future location uncertainties. Our algorithm combines an object detection pipeline with a recurrent neural network (RNN) which infers the covariance of state estimates. The robustness of our methods is validated on complex quadruped robot dynamics and can be generally applied to most robotic platforms.
  arXiv  Detail & Related papers  (2020-07-28T07:34:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.