| With the rapid development of digitization process such as artificial intelligence and 5G,Intelligent and Connected Vehicles(ICVs)have gradually become the main carrier in the transportation industry.It is worth noting that these advanced technologies not only improve the user’s driving experience,but also make the communication connection between the inside and outside of the vehicle more frequently.A large number of interfaces in the vehicle are exposed to the outside world,which provides an invasive way for malicious attackers.The resulting network security threats will most likely cause information leakage,vehicle out of control and other issues.No matter how it intrudes into the vehicle network,its final destination must be on the Controller Area Network(CAN)protocol.As the most widely used bus protocol in the automotive field,CAN protocol has the vulnerability of broadcasting transmission,data content lack of encryption,and is very vulnerable to malicious invasion by attackers.Therefore,the development of CAN protocol-based defense technology is of great significance to the protection of automobile safety.At present,security research on CAN protocol can be attributed to three aspects: encrypting and decrypting data information;Authentication filtering for data frames;Develop Intrusion Detection System(IDS).The first two methods,while guaranteeing security,will occupy a large amount of bandwidth,computing and other resources,which limits the high-speed operation of CAN network.Intrusion detection system accesses CAN protocol as an external device,which is low cost,easy to deploy and more suitable for security defense in vehicle network.Existing in-vehicle intrusion detection systems can be classified according to their attributes as: IDS based on parameter monitoring,IDS based on information theory,IDS based on fingerprint recognition,IDS based on machine learning.Most researchers have promoted the development of automobile safety in intrusion detection research,but most of them focus on a specific form of attack defense,which is not universal to the existing advanced means of attack and unknown threats.For example,an IDS based on parameter monitoring cannot recognize an attacker’s changes to the contents of a data frame in a bus network.IDS based on information entropy relies on a large number of message changes in the network and cannot recognize masquerade attacks.IDS based on fingerprint recognition relies on the device documentation provided by the automotive manufacturer to construct the quantity information of the in-car electronic control unit.In view of the increasingly serious network security problems ICVs are facing,this paper fully considers the characteristics and limitations of CAN protocol work,and conducts research on vehicle intrusion detection system.First,extract the CAN data frames from two real cars,and reverse analyze the content of the data frames.The data samples collected in real cars are greatly disturbed by noise,which is more in line with the real traffic scene than the simulated data sets.Secondly,an in-vehicle intrusion detection system based on data frame sequence is designed and implemented.By analyzing the data frame sequence in CAN protocol,the text features of the data frame sequence are constructed to encode and preprocess the data content.Finally,the in-vehicle IDS is designed through the improved generation-countermeasure network,which can accurately identify the abnormal data frames in CAN protocol.The system can be installed directly in the automobile gateway,monitors external intrusions,and can be connected to the CAN protocol as an independent external device to protect automobile safety.In addition,the experimental results on two vehicles show that the intrusion detection system in this paper can accurately identify a variety of advanced attack means,and is not affected by the attack frequency,vehicle-mounted devices,driver behavior and other factors,and has strong robustness.Compared with previous intrusion detection systems,this model reduces training costs,improves detection accuracy,expands the scope of attack detection,and can be applied to different types of vehicles. |
