Loading…
GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus
The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area...
Saved in:
| Published in: | arXiv.org 2021-08 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | |
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Islam, Riadul Devnath, Maloy K Samad, Manar D Syed Md Jaffrey Al Kadry |
| description | The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel {\textbf g}raph-based {\textbf G}aussian {\textbf n}aive {\textbf B}ayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRank-related features. The GGNB on the real rawCAN data set~\cite{Lee:2017} yields 99.61\%, 99.83\%, 96.79\%, and 96.20\% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set~\cite{Guillaume:2019}, the proposed methodology has 100\%, 99.85\%, 99.92\%, 100\%, 99.92\%, 97.75\% and 99.57\% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about \(239\times\) and \(135\times\) lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable gate array (FPGA) board, the proposed GGNB requires \(5.7 \times\), \(5.9 \times\), \(5.1 \times\), and \(3.6 \times\) fewer slices, LUTs, flip-flops, and DSP units, respectively, than conventional NN architecture. |
| format | article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2564692538</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2564692538</sourcerecordid><originalsourceid>FETCH-proquest_journals_25646925383</originalsourceid><addsrcrecordid>eNqNirEKwjAUAIMgWLT_8MC5UJOmVjdTNTrYRfcSNMUWTWpeIvj3KvgBTndwNyARZWyWFBmlIxIjdmma0nxOOWcROUhZiSVIp_prIhTqC0gVEFtloFLtU4NQL42wN94FbK2Btfb67L92fKHXd2isg3JVgQg4IcNG3VDHP47JdLs5lbukd_YRNPq6s8GZT6opz7N8QTkr2H_XG5tEPCA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2564692538</pqid></control><display><type>article</type><title>GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus</title><source>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</source><creator>Islam, Riadul ; Devnath, Maloy K ; Samad, Manar D ; Syed Md Jaffrey Al Kadry</creator><creatorcontrib>Islam, Riadul ; Devnath, Maloy K ; Samad, Manar D ; Syed Md Jaffrey Al Kadry</creatorcontrib><description>The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel {\textbf g}raph-based {\textbf G}aussian {\textbf n}aive {\textbf B}ayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRank-related features. The GGNB on the real rawCAN data set~\cite{Lee:2017} yields 99.61\%, 99.83\%, 96.79\%, and 96.20\% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set~\cite{Guillaume:2019}, the proposed methodology has 100\%, 99.85\%, 99.92\%, 100\%, 99.92\%, 97.75\% and 99.57\% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about \(239\times\) and \(135\times\) lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable gate array (FPGA) board, the proposed GGNB requires \(5.7 \times\), \(5.9 \times\), \(5.1 \times\), and \(3.6 \times\) fewer slices, LUTs, flip-flops, and DSP units, respectively, than conventional NN architecture.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Control equipment ; Controller area network ; Cybersecurity ; Datasets ; Denial of service attacks ; Electronic control ; Field programmable gate arrays ; Highway safety ; Information systems ; Intrusion detection systems ; Search algorithms ; Spoofing ; Support vector machines ; Traffic safety</subject><ispartof>arXiv.org, 2021-08</ispartof><rights>2021. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2564692538?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Islam, Riadul</creatorcontrib><creatorcontrib>Devnath, Maloy K</creatorcontrib><creatorcontrib>Samad, Manar D</creatorcontrib><creatorcontrib>Syed Md Jaffrey Al Kadry</creatorcontrib><title>GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus</title><title>arXiv.org</title><description>The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel {\textbf g}raph-based {\textbf G}aussian {\textbf n}aive {\textbf B}ayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRank-related features. The GGNB on the real rawCAN data set~\cite{Lee:2017} yields 99.61\%, 99.83\%, 96.79\%, and 96.20\% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set~\cite{Guillaume:2019}, the proposed methodology has 100\%, 99.85\%, 99.92\%, 100\%, 99.92\%, 97.75\% and 99.57\% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about \(239\times\) and \(135\times\) lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable gate array (FPGA) board, the proposed GGNB requires \(5.7 \times\), \(5.9 \times\), \(5.1 \times\), and \(3.6 \times\) fewer slices, LUTs, flip-flops, and DSP units, respectively, than conventional NN architecture.</description><subject>Control equipment</subject><subject>Controller area network</subject><subject>Cybersecurity</subject><subject>Datasets</subject><subject>Denial of service attacks</subject><subject>Electronic control</subject><subject>Field programmable gate arrays</subject><subject>Highway safety</subject><subject>Information systems</subject><subject>Intrusion detection systems</subject><subject>Search algorithms</subject><subject>Spoofing</subject><subject>Support vector machines</subject><subject>Traffic safety</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNirEKwjAUAIMgWLT_8MC5UJOmVjdTNTrYRfcSNMUWTWpeIvj3KvgBTndwNyARZWyWFBmlIxIjdmma0nxOOWcROUhZiSVIp_prIhTqC0gVEFtloFLtU4NQL42wN94FbK2Btfb67L92fKHXd2isg3JVgQg4IcNG3VDHP47JdLs5lbukd_YRNPq6s8GZT6opz7N8QTkr2H_XG5tEPCA</recordid><startdate>20210824</startdate><enddate>20210824</enddate><creator>Islam, Riadul</creator><creator>Devnath, Maloy K</creator><creator>Samad, Manar D</creator><creator>Syed Md Jaffrey Al Kadry</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20210824</creationdate><title>GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus</title><author>Islam, Riadul ; Devnath, Maloy K ; Samad, Manar D ; Syed Md Jaffrey Al Kadry</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_25646925383</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Control equipment</topic><topic>Controller area network</topic><topic>Cybersecurity</topic><topic>Datasets</topic><topic>Denial of service attacks</topic><topic>Electronic control</topic><topic>Field programmable gate arrays</topic><topic>Highway safety</topic><topic>Information systems</topic><topic>Intrusion detection systems</topic><topic>Search algorithms</topic><topic>Spoofing</topic><topic>Support vector machines</topic><topic>Traffic safety</topic><toplevel>online_resources</toplevel><creatorcontrib>Islam, Riadul</creatorcontrib><creatorcontrib>Devnath, Maloy K</creatorcontrib><creatorcontrib>Samad, Manar D</creatorcontrib><creatorcontrib>Syed Md Jaffrey Al Kadry</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Islam, Riadul</au><au>Devnath, Maloy K</au><au>Samad, Manar D</au><au>Syed Md Jaffrey Al Kadry</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus</atitle><jtitle>arXiv.org</jtitle><date>2021-08-24</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this paper we propose a novel {\textbf g}raph-based {\textbf G}aussian {\textbf n}aive {\textbf B}ayes (GGNB) intrusion detection algorithm by leveraging graph properties and PageRank-related features. The GGNB on the real rawCAN data set~\cite{Lee:2017} yields 99.61\%, 99.83\%, 96.79\%, and 96.20\% detection accuracy for denial of service (DoS), fuzzy, spoofing, replay, mixed attacks, respectively. Also, using OpelAstra data set~\cite{Guillaume:2019}, the proposed methodology has 100\%, 99.85\%, 99.92\%, 100\%, 99.92\%, 97.75\% and 99.57\% detection accuracy considering DoS, diagnostic, fuzzing CAN ID, fuzzing payload, replay, suspension, and mixed attacks, respectively. The GGNB-based methodology requires about \(239\times\) and \(135\times\) lower training and tests times, respectively, compared to the SVM classifier used in the same application. Using Xilinx Zybo Z7 field-programmable gate array (FPGA) board, the proposed GGNB requires \(5.7 \times\), \(5.9 \times\), \(5.1 \times\), and \(3.6 \times\) fewer slices, LUTs, flip-flops, and DSP units, respectively, than conventional NN architecture.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2021-08 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_2564692538 |
| source | Publicly Available Content Database (Proquest) (PQ_SDU_P3) |
| subjects | Control equipment Controller area network Cybersecurity Datasets Denial of service attacks Electronic control Field programmable gate arrays Highway safety Information systems Intrusion detection systems Search algorithms Spoofing Support vector machines Traffic safety |
| title | GGNB: Graph-Based Gaussian Naive Bayes Intrusion Detection System for CAN Bus |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T14%3A09%3A57IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=GGNB:%20Graph-Based%20Gaussian%20Naive%20Bayes%20Intrusion%20Detection%20System%20for%20CAN%20Bus&rft.jtitle=arXiv.org&rft.au=Islam,%20Riadul&rft.date=2021-08-24&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2564692538%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_25646925383%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2564692538&rft_id=info:pmid/&rfr_iscdi=true |