Research On Intrusion Detection Methods For IoVs In Edge Computing Scenarios

A safe and reliable internet of vehicles(Io Vs)is the foundation for ensuring the normal operation of intelligent transportation systems and smart connected vehicles.Therefore,vehicle manufacturers and transportation infrastructure designers have high expectations for the security of Io Vs.However,an increasing number of Io Vs intrusion cases indicate that there are still many network security threats in the current Io Vs environment.Network intrusion detection systems,as a reliable active safety mechanism,can be deployed on network nodes in the Io Vs environment to identify potential attack behaviors through traffic analysis.In order to balance the deployment cost,detection accuracy and real-time performance of the intrusion detection system in the Io Vs,this thesis transfers some intrusion detection tasks requiring higher computing power to the edge computing node,and constructs the intrusion detection method through the cooperation between the vehicle and the edge computing node.The main contributions and innovations of this thesis are summarized as follows:(1)A collaborative intrusion detection mode based on edge computing environment is designed.In this thesis,different intrusion detection tasks are assigned according to the differences in computing and storage capabilities of vehicle end,edge computing node and cloud server.For external networks,this collaborative model combines the advantages of abnormal network traffic detection model and network traffic classification model.For the internal network of the vehicle,the collaborative mode constructs the detection sample sequence through feature extraction on the vehicle side.The data after feature extraction does not include the sensitive information of the internal network,which reduces the risk of information leakage of the internal network caused by the attack of the edge computing node.(2)The intrusion detection data set based on the threat model of Io Vs is constructed.Based on the network security threats existing in the external network and the internal network of vehicles,this thesis constructs the threat model of the Internet of vehicles.According to the threat model,an intrusion test platform was built,and traffic capture technology and network flow feature extraction technology were used to collect external network intrusion samples and normal samples in the simulated vehicle-networking environment.(3)This thesis presents an external network intrusion detection method in edge computing scenario.On the vehicle side,this thesis designs a vehicle abnormal network flow detection model based on one-class support vector machine,sparse autoencoder and Grey Wolf optimization algorithm,and conducts training and detection according to the edge cooperative mode.At the edge nodes,this thesis implements an integrated learning model consisting of random forest,XGBoost,and extreme random trees based on the fusion method of Stacking model,and improves the classification accuracy of network flow data through feature selection.According to the test results of the self-collected data set and the CIC-IDS2017 data set,the abnormal detection model obtained 98.89% and97.94% abnormal network flow sample recall rates,respectively,which is a certain improvement compared with the comparative literature methods.The network traffic classification model obtained 93.99% and 95.73% macro F1 values respectively,and compared with the comparison scheme,the classification accuracy and derivation speed were greatly improved.(4)The intrusion detection method of vehicle internal network based on edge computing environment is proposed.On the vehicle side,a feature extraction method of CAN bus data frame is proposed in this thesis.The feature sequence uploaded by the vehicle to the edge compute node does not contain the original data of data segment and arbitration segment.At the edge compute node,this thesis constructs a lightweight intrusion detection model based on gated cyclic neural network,and tests the intrusion detection method with a mixed data set composed of two public data sets.According to the experimental results,the intrusion detection method proposed in this thesis has a good detection effect on fuzzy attacks,spoofing attacks and disguised attacks,and the overall value of macro F1 is 98.39%.Compared with the comparative literature schemes,the proposed method has improved the detection speed and accuracy to some extent.The intrusion detection method proposed in this thesis is integrated into the vehicleconnected edge network,which not only reduces the deployment cost,but also improves the flexibility of the intrusion detection system in the network of vehicles.Thus,to some extent,the possibility of Internet of vehicles being threatened by network attacks can be reduced.