Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Detection of Car Hacking Using One Class Classifier

단일 클래스 분류기를 사용한 차량 해킹 탐지

  • Seo, Jae-Hyun (Division of Computer Science & Engineering, WonKwang University)
  • 서재현 (원광대학교 컴퓨터.소프트웨어공학과)
  • Received : 2018.04.03
  • Accepted : 2018.06.20
  • Published : 2018.06.28
Download PDF
⟨ Previous Next ⟩

Abstract

In this study, we try to detect new attacks for vehicle by learning only one class. We use Car-Hacking dataset, an intrusion detection dataset, which is used to evaluate classification performance. The dataset are created by logging CAN (Controller Area Network) traffic through OBD-II port from a real vehicle. The dataset have four attack types. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve high efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data, which are new attacks. In this study, we use one class classifier to detect new attacks that are difficult to detect using signature-based rules on network intrusion detection system. The proposed method suggests a combination of parameters that detect all new attacks and show efficient classification performance for normal dataset.

본 논문에서는 단일 클래스만을 학습하여 차량에 대한 새로운 공격을 탐지한다. 분류 성능 평가를 위해 Car-Hacking 데이터셋을 사용한다. Car-Hacking 데이터셋은 실제 차량의 OBD-II 포트를 통해 CAN (Controller Area Network) 트래픽을 로깅하여 생성된다. 이 데이터셋에는 네 가지 공격 유형이 포함된다. 실험에 사용한 단일 클래스 분류기법은 정상 클래스만을 학습하여 비정상인 공격 클래스를 분류해내는 비지도 학습이다. 비지도 학습 방법을 사용하는 경우에 훈련 과정에서 네거티브 인스턴스를 사용하지 않기 때문에 고효율의 분류 성능을 내는 것은 어렵다. 하지만, 비지도 학습은 라벨이 없는 새로운 공격 데이터를 분류하는데 적합한 장점이 있다. 본 연구에서는 네트워크 침입탐지 시스템에서 서명기반의 규칙으로 탐지하기 어려운 새로운 공격 유형을 탐지하기 위해 단일 클래스 분류기를 사용한다. 제안 방법은 새로운 공격을 모두 탐지하고 정상데이터에 대해서도 효율적인 분류 성능을 보이는 파라미터 조합을 제시한다.

Keywords

References

  1. B. Mukherjee, L. T. Heberlein & K. N. Levitt. (1994). Network intrusion detection. IEEE network, 8(3), 26-41. https://doi.org/10.1109/65.283931
  2. P. Garcia-Teodoro, J. Diaz-Verdejo. G. Macia-Fernandez & E. Vazquez. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security, 28(1-2), 18-28. https://doi.org/10.1016/j.cose.2008.08.003
  3. E. M. Yang, H. J. Lee & C. H. Seo. (2017). Comparison of Detection Performance of Intrusion Detection System Using Fuzzy and Artificial Neural Network. Journal of Digital Convergence, 15(6), 391-398. https://doi.org/10.14400/JDC.2017.15.6.391
  4. Vehicle anomaly detection tutorial, Information protection R&D data challenge.
  5. D. H. Choi & J. H. Park. (2015). Security tendency analysis techniques through machine learning algorithms applications in big data environments. Journal of Digital Convergence, 13(9), 269-276. https://doi.org/10.14400/JDC.2015.13.9.269
  6. M. S. Han & W. S. Bae. (2014). Security Verification of a Communication Authentication Protocol in Vehicular Security System. Journal of Digital Convergence, 12(8), 229-234. https://doi.org/10.14400/JDC.2014.12.8.229
  7. S. J. Lee & W. S. Bae. (2015). Inter-device Mutual Authentication and Formal Verification in Vehicular Security System. Journal of Digital Convergence, 13(4), 205-210. https://doi.org/10.14400/JDC.2015.13.4.205
  8. S. J. Lee & W. S. Bae. (2015). Verification of a Communication Method Secure against Attacks Using Convergence Hash Functions in Inter-vehicular Secure Communication. Journal of Digital Convergence, 13(9), 297-302. https://doi.org/10.14400/JDC.2015.13.9.297
  9. CAN intrusion dataset. http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset
  10. L. Portnoy, E. Eskin & S. Stolfo. (2001). Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001.
  11. L. M. Manevitz & M. Yousef. (2001). One-class SVMs for document classification. Journal of machine Learning research, 2(Dec), 139-154.
  12. H. S. Lee, S. H. Jeong & Huy Kang Kim. (2017). OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame, PST (Privacy, Security and Trust).
  13. H. M. Song, H. R. Kim & Huy Kang Kim. (2016). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, In Information Networking (ICOIN), 2016 International Conference on. IEEE. 63-68.
  14. S. Woo, H. J. Jo & D. H. Lee. (2015). A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Transactions on Intelligent Transportation Systems, 16(2), 993-1006. https://doi.org/10.1109/TITS.2014.2351612
  15. WEKA, https://www.cs.waikato.ac.nz/ml/weka/
  16. C. C. Chang & C. J. Lin. (2011). LIBSVM: a library for support vector machines. ACM transactions on intelligent systems and technology (TIST), 2(3), 27.
  17. D. E. Goldberg & J. H. Holland. (1988). Genetic algorithms and machine learning. Machine learning, 3(2), 95-99. https://doi.org/10.1023/A:1022602019183
  18. F. Glover. (1989). Tabu search-part I. ORSA Journal on computing, 1(3), 190-206. https://doi.org/10.1287/ijoc.1.3.190
  19. P. J. Van Laarhoven & E. H. Aarts. (1987). Simulated annealing. In Simulated annealing: Theory and applications. Springer, Dordrecht, 7-15.
  20. Metaheuristic, https://en.wikipedia.org/wiki/Metaheuristic