Survival Analysis Dataset for automobile IDS
Anomaly intrusion detection method for vehicular networks based on survival analysis
Abstract
In recent years, alongside with the convergence of In-vehicle network (IVN) and wireless communication technology, vehicle communication technology has been steadily progressing. Furthermore, communication with various external networks—such as cloud, vehicle-to-vehicle (V2V), and vehicle-to-infrastructure (V2I) communication networks—further reinforces the connectivity between the inside and outside of a vehicle. On the contrary, this means that the functions of existing vehicles using computer-assisted mechanical mechanisms can be manipulated and controlled by a malicious packet attack. Therefore, diversified and advanced architectures of vehicle systems can significantly increase the accessibility of the system to hackers and the possibility of an attack. This paper proposes an intrusion detection method for vehicular networks based on the survival analysis model. Our main aims were to identify malicious CAN messages and accurately detect the normality and abnormality of a vehicle network without semantic knowledge of the CAN ID function. To this end, normal and abnormal driving data were extracted from three different types of vehicles and we evaluated the performance of our proposed method by measuring the accuracy and the time complexity of anomaly detection by considering three attack scenarios and the periodic characteristics of CAN IDs. Based on the results, we concluded that a CAN ID with a long cycle affects the detection accuracy and the number of CAN IDs affects the detection speed. The difference in the detection accuracy between applying all CAN IDs and CAN IDs with a short cycle is not considerable with some differences observed in the detection accuracy depending on the chunk size and the specific attack type. High detection accuracy and low computational cost will be the essential factors for real-time processing of IVN security. Taken together, the results of the present study contribute to the current understanding of how to correctly manage vehicle communications for vehicle security and driver safety.
1 Dataset
In the present study, we focused on the following three attack scenarios that can immediately and severely impair in-vehicle functions or deepen the intensity of an attack and the degree of damage: Flooding, Fuzzy, and Malfunction. To substantiate the three attack scenarios, two different datasets were produced. One of the datasets contained normal driving data without an attack. The other dataset included the abnormal driving data that occurred when an attack was performed. In particular, we generated attack data in which attack packets were injected for five seconds every 20 seconds for the three attack scenarios. The following figure shows the three typical attack scenarios against an In-vehicle network (IVN).