A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System

被引：41

作者：

Aliyu, Ibrahim ^{[1
]}

Feliciano, Marco Carlo ^{[2
]}

Van Engelenburg, Selinde ^{[3
]}

Kim, Dong Ok ^{[4
]}

Lim, Chang Gyoon ^{[1
]}

机构：

[1] Chonnam Natl Univ, Dept Comp Engn, Yeosu 59626, South Korea

[2] Univ Naples Federico II, Dept Elect & ICT Engn, I-80138 Naples, Italy

[3] Delft Univ Technol, Fac Technol Policy & Management, NL-2628 Delft, Netherlands

[4] Natl Innovat Cluster Support Ctr, Jeonnam Technopk, Sunchon 58034, Jenonnam, South Korea

来源：

IEEE ACCESS | 2021年 / 9卷

关键词：

Data models; Collaborative work; Training; Blockchain; Feature extraction; Automobiles; Intrusion detection; CAN; federated learning; intrusion detection system; in-vehicle network; random forest; SDN; ARCHITECTURE;

D O I：

10.1109/ACCESS.2021.3094365

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In-vehicle communication systems are usually managed by controller area networks (CAN). By broadcasting packets to their bus, the CAN facilitates the interaction between Electronic Control Units (ECU) that coordinate, monitor and control internal vehicle components. With no authentication mechanism for identifying the legitimacy and source of packets, CAN are vulnerable to cyber-attacks. An Intrusion Detection System (IDS) can detect attacks on CAN and machine learning can be used to create the models for the IDSs to detect non-linear attack patterns. However, car manufacturers and owners might want to keep the sensitive information required for training the models confidential. Therefore, we proposed a Blockchain-based Federated Forest Software-Defined Networking (SDN)-enabled IDS (BFF-IDS) to address the problem of data sharing the sensitive CAN data. To ensure scalability, we used InterPlanetary File System (IPFS) to host the models, and the blockchain is designed to store only a hash of the model and a pointer to its location. The SDN provides the dynamic routing of packets and model exchanges. We used Federated Learning (FL) to create a random forest model. Individuals provide partially trained models, allowing them to keep the underlying data confidential. Using Fourier transform, we decomposed the CAN IDs cycle from CAN bus traffic in the frequency domain for better generalization in multiclass detection of attacks. Multiple statistical and entropy features were extracted to handle the high complexity and non-linearity in CAN bus traffic. The proposed system allows manufacturers and car owners to contribute to the training of the models, as their sensitive data is protected. By storing hashes of the models on a blockchain, the risk of adversaries poisoning the models is reduced and a single point of failure is avoided. We evaluated the proposed system by conducting experiments on a testbed. We found that the proposed system has efficient use of memory and CPU resources and that the detection rate of closely related attacks was high. We recorded the highest model attack detection rate of about 0.981.

引用

页码：102593 / 102608

页数：16

共 37 条

[1] EEG-based tonic cold pain recognition system using wavelet transform [J].