Research On Attack Detection Method Based On Behavior Analysis In Internet Of Vehicles

The characteristics of Internet of Vehicles,such as highly dynamic topology,physical constraints of vehicle dynamics,widespread communication,heterogeneity of various applications and system architectures,etc.,render it vulnerable to physical intrusion or cyber attacks.The researches of attack techniques and their principles in the Internet of Vehicles and the establishment of efficient detection model is significant to enhance the network security protection capability of the Internet of Vehicles.However,the existing detection technologies for Internet of Vehicles attacks are still inadequate.Firstly,the current detection mechanism does not consider the limited availability of detection resources.When in-vehicle communication and computing resources are constrained,the detection performance will be degraded.Secondly,the evaluation criteria of vehicle credit value are not completely reliable,and there is a lack of comprehensive and fair credit evaluation criteria.At the same time,the fault-tolerant ability of the detection system is weak,which can not effectively distinguish the accidental wrong sensing of the vehicular sensors from the device failure caused by malicious attacks.Moreover,the current detection mechanism for multi-point coordinated attacks is still imperfect,and faces the difficult problem of modeling and analysis of coordinated attack.In view of these research deficiencies,combined with the data-centric and vehicle-centric detection technologies,the key technologies of attack behavior detection in the Internet of Vehicles are deeply studied.The attack principle,security state estimation and attack detection model of sensor layer,communication layer,control layer and application layer are studied respectively.To balance resource consumption and detection performance in perceptual layer of the Internet of Vehicles,a Bayesian game based dynamic detection model is presented to simulate the attack and defense process,and the mixed Nash equilibrium solution between the attacker and the intrusion detection system is obtained by the extremum method.Firstly,in view of the different performance and function characteristics of heterogeneous nodes in the perceptual layer of the Internet of Vehicles,a heterogeneous nodes based non-uniform clustering algorithm is presented,which selects cluster header according to the performance of vehicle nodes and deploys defense strategies on the cluster header.Furthermore,in the process of network attack and defense,the interaction between the attacker and the intrusion detection system is modeled as an infinitely repeated Bayesian game,in which the detection system uses game reasoning to constantly update its prior knowledge and make the defense decision.Finally,simulation results show that the proposed detection model can detect malicious vehicles with a high accuracy while taking into account the resource constraints of various vehicle nodes.In view of the diversity and complexity of the attack behaviors in the Internet of vehicles,a cooperative attack detection system based on invariants is designed to identify betrayal attacks in communication layer of the Internet of Vehicles.Firstly,a reputationbased cooperative communication method is presented to establish a stable and reliable communication link,and cluster-head vehicles are selected based on the global reputation status,traffic density,and link lifetime.On this basis,dynamic behavior analysis technology is used to mine invariants from traffic flow information,communication flow information and behavior relationship state of vehicles to determine the range of normal vehicle driving behaviors,thereby detecting known or unknown attack behaviors.Finally,compared with the existing detection framework,the proposed detection system has higher attack detection rate,lower false positive rate,and faster detection rate.To enhance the fault tolerance and attack detection performance of the vehicle platoon system,a comprehensive detection mechanism based on the control invariant set is proposed to identify attacks on the physical components and the communication network of the vehicle platoon system.In particular,the control model of a specific vehicle is determined by an invariant coefficient matrix,which is derived from the physical law relationship between kinematic variables.On this basis,a distributed information-weighted setmembership filtering technique is proposed to generate invariant state set that always contains actual state of the plant despite the presence of disturbances or uncertainties.Firstly,a convex optimization issue is formed to determine the local invariant state estimation sets with credibility-based consensus weights.Furthermore,a union method using weighted Minkowski sum of local state set is presented to produce the global invariant state set for attack detection.Eventual simulation results demonstrate that the proposed attack detection mechanism with fault-tolerant ability has high secure state estimation effectiveness and attack detection capability,and can effectively distinguish attacks against physical components from attacks on communication networks.Considering the dynamics driving environment and uncertainties of the movement,discriminative analysis is integrated with K-means clustering algorithms to detect two types of cooperative attacks in the application layer of Internet of Vehicles: location spoofing attacks and Sybil attacks.Firstly,in order to distinguish faults from malicious attacks,the fixed point theorem is used to prove the existence of cooperative attacks.Secondly,according to the potential energy of quantum,the variable Information Transfer Entropy(ITE)is introduced.ITE will consider the change rate of self-information features and the influence of communication behavior on features,and effectively integrate self-information features and mutual information features.Moreover,the node with the maximum ITE in the cluster is regarded as the cluster center,which overcomes the problem that the K-means clustering algorithm is sensitive to the initial cluster centers.Eventually,quantum-behavior particle swarm algorithm is adopted to assist the K-means clustering algorithm to complete the clustering,so that the clustering algorithm has the global search capability.The simulation results show that the proposed detection method can not only increase the clustering speed,but also effectively identify collaborative attacks behavior.