Research And Implementation Of Vehicle Intrusion Detection Method Based On Incremental Learning And Message Characteristics

With the rapid development of Internet of Vehicles technology,more and more vehicles are starting to connect to the Internet,and intelligent connected vehicles are gradually becoming the mainstream.Intelligent connected vehicles have made vehicle functions more diverse.These changes not only bring people a better travel experience,but also lead to an increasing openness of vehicles,which means that the potential attack range of vehicles has also become wider.The current vehicle intrusion detection methods still face some problems,including incomplete detection,failure to consider the incremental characteristics of attacks,and insufficient vehicle computing and storage capabilities.In order to address the above issues,the following work has been completed in this paper:(1)A tree-structured incremental learning method is established,which can make the intrusion detection model have the ability to incrementally learn new attack types.Aiming at the problem of incomplete detection,this paper analyzes the commonality of in-vehicle network traffic and external network traffic in terms of model selection,and uses a one-dimensional convolutional neural network suitable for time series data for training,which can be applied to both in-vehicle network and out-ofvehicle network intrusion detection.In addition,to solve the possible class imbalance problem during training,this paper uses the SMOTE method.The experimental results show that this method is applicable to both the invehicle network and the out-of-vehicle network,and has an accuracy rate of 99.99%on the data set representing the in-vehicle network and 99.37%on the data set representing the out-of-vehicle network.It effectively avoids the problem of catastrophic forgetting,and has better performance compared with the same type of research results.(2)An intrusion detection method based on message characteristics is proposed,and the model is established by selecting features from two dimensions of message content and frequency.After the model training is completed,a detection strategy is generated,and the vehicle performs intrusion detection according to the detection strategy.For the message content dimension,four features are selected:message format,CAN ID,signal value of a specific field,and time interval;for the frequency dimension,two features are selected:total message frequency and ID message frequency.In addition,the cloud can monitor the vehicle status through the diagnostic service UDS.When false alarms are found on the vehicle end,the detection strategy can be updated on the vehicle end to achieve better detection results.Experimental results show that this method can effectively detect attack behaviors in real time,and at the same time meet the requirements of vehicle storage and computing capabilities.