Intrusion detection is an important defensive measure for the security of automotive communications. Accurate frame detection models assist vehicles to avoid malicious attacks. Uncertainty and diversity regarding attack methods make this task challenging. However, the existing works have the limitation of only considering local features or the weak feature mapping of multi-features. To address these limitations, we present a novel model for automotive intrusion detection by spatial-temporal correlation features of in-vehicle communication traffic (STC-IDS). Specifically, the proposed model exploits an encoding-detection architecture. In the encoder part, spatial and temporal relations are encoded simultaneously. To strengthen the relationship between features, the attention-based convolution network still captures spatial and channel features to increase the receptive field, while attention-LSTM build important relationships from previous time series or crucial bytes. The encoded information is then passed to the detector for generating forceful spatial-temporal attention features and enabling anomaly classification. In particular, single-frame and multi-frame models are constructed to present different advantages respectively. Under automatic hyper-parameter selection based on Bayesian optimization, the model is trained to attain the best performance. Extensive empirical studies based on a real-world vehicle attack dataset demonstrate that STC-IDS has outperformed baseline methods and cables fewer false-positive rates while maintaining efficiency.
翻译:入侵探测是汽车通信安全的一项重要防御措施。准确的框架探测模型有助于车辆避免恶意攻击。攻击方法的不确定性和多样性使得这项任务具有挑战性。然而,现有工程仅考虑到当地特点或多功能特征绘图薄弱的特征图,而仅考虑到当地特点或多功能特征绘图薄弱,因而受到限制。为解决这些局限性,我们提出了一个新颖的模式,通过车辆通信流量的空间-时际相关特征来探测汽车入侵(STC-IDS) 。具体地说,拟议的模型利用了编码探测结构。在编码部分,空间和时间关系同时编码。为了加强功能之间的关系,基于注意力的共振网络仍然捕捉空间和频道特性,以增加可容纳的场,而注意力-LSTM则从以往的时间序列或关键字节中建立重要关系。随后,编码信息传递给探测器,用于生成强有力的空间-时际关注特征和促成异常分类。具体地说,特别是,单一框架和多框架模型建于目前的不同优势。在基于Bayesian攻击率的自动超度选择超度参数,同时,根据BayesianS-S-Stregram Stabist Stabist 格式模型进行最佳的业绩测试,以展示,以最低的进度模型显示。