Qiguang Jiang

Kai Wang, Qiguang Jiang, Bailing Wang et al.

In-vehicle network (IVN) is facing complex external cyber-attacks, especially the emerging masquerade attacks with extremely high difficulty of detection while serious damaging effects. In this paper, we propose the STATGRAPH, which is an effective and fine-grained intrusion detection methodology for IVN security services via multi-view statistical graph learning on in-vehicle controller area network (CAN) messages with insight into their variations in periodicity, payload and signal combinations. Specifically, STATGRAPH generates two statistical graphs, timing correlation graph (TCG) and coupling relationship graph (CRG), in every CAN message detection window, where edge attributes in TCGs represent temporal correlation between different message IDs while edge attributes in CRGs denote the neighbour relationship and contextual similarity. Besides, a lightweight shallow layered graph convolution network is trained based on graph property of TCGs and CRGs, which learns the universal laws of various patterns more effectively and further enhance the performance of detection. To address the problem of insufficient attack types in previous intrusion detection, we select two real in-vehicle CAN datasets covering five new instances of sophisticated and stealthy masquerade attacks that are never investigated before. Experimental result shows STATGRAPH improves both detection granularity and detection performance over state-of-the-art intrusion detection methods. Code is available at https://github.com/wangkai-tech23/StatGraph.

Aiheng Zhang, Qiguang Jiang, Kai Wang et al.

With the development of intelligent transportation systems, vehicles are exposed to a complex network environment. As the main network of in-vehicle networks, the controller area network (CAN) has many potential security hazards, resulting in higher generalization capability and lighter security requirements for intrusion detection systems to ensure safety. Among intrusion detection technologies, methods based on deep learning work best without prior expert knowledge. However, they all have a large model size and usually rely on large computing power such as cloud computing, and are therefore not suitable to be installed on the in-vehicle network. Therefore, we explore computational resource allocation schemes in in-vehicle network and propose a lightweight parallel neural network structure, LiPar, which achieve enhanced generalization capability for identifying normal and abnormal patterns of in-vehicle communication flows to achieve effective intrusion detection while improving the utilization of limited computing resources. In particular, LiPar adaptationally allocates task loads to in-vehicle computing devices, such as multiple electronic control units, domain controllers, computing gateways through evaluates whether a computing device is suitable to undertake the branch computing tasks according to its real-time resource occupancy. Through experiments, we prove that LiPar has great detection performance, running efficiency, and lightweight model size, which can be well adapted to the in-vehicle environment practically and protect the in-vehicle CAN bus security. Furthermore, with only the common multi-dimensional branch convolution networks for detection, LiPar can have a high potential for generalization in spatial and temporal feature fusion learning.