TY - CHAP
T1 - Detecting Abnormal Vehicle Behavior
T2 - A Clustering-Based Approach
AU - Verma, Shrey
AU - Parkinson, Simon
AU - Khan, Saad
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024/5/16
Y1 - 2024/5/16
N2 - The increase in connected and autonomous functionality is increasing the potential for cyberattacks. However, the amount of data generated, processed, and stored by the modern vehicle is increasing, and this is creating the potential to detect and prevent abnormal and potentially dangerous situations from occurring. The purpose of this paper is to investigate the area of intrusion detection using automotive data and to lay the foundations of research in intrusion detection using unsupervised machine learning. As vehicles continue to become more connected, there is an increased possibility of them being exploited through a successful cyberattack. An example of a hacked Jeep Cherokee (Amruthnath and Gupta, A research study on unsupervised machine learning algorithms for early fault detection in predictive maintenance. In: 2018 5th International Conference on Industrial Engineering and Applications (ICIEA). IEEE, pp 355–361, 2018) and a remote exploitation strategy using multiple attack vectors (Checkoway et al., Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security symposium, vol 4, no. 447–462, p 2021, 2011) demonstrated that vehicles can be remotely compromised. These examples demonstrate the potential to exploit aspects of the vehicle’s communication and control systems, resulting in unexpected behavior. There is therefore a strong need to detect unusual behavior. This paper is focused on detecting attacks targeting a vehicle by identifying abnormal vehicle behavior, exhibited through vehicle control data. To achieve this, synthetic vehicle data containing detectable abnormalities is generated and used for analysis and detection to help detect cyberattacks. Unsupervised machine learning techniques are used to detect abnormal entries in-vehicle data. The synthetic data is generated based on datasets comparable with those generated during normal vehicle operations, before being used to manually insert skewness to generate abnormalities, before using and evaluating various unsupervised learning algorithms.
AB - The increase in connected and autonomous functionality is increasing the potential for cyberattacks. However, the amount of data generated, processed, and stored by the modern vehicle is increasing, and this is creating the potential to detect and prevent abnormal and potentially dangerous situations from occurring. The purpose of this paper is to investigate the area of intrusion detection using automotive data and to lay the foundations of research in intrusion detection using unsupervised machine learning. As vehicles continue to become more connected, there is an increased possibility of them being exploited through a successful cyberattack. An example of a hacked Jeep Cherokee (Amruthnath and Gupta, A research study on unsupervised machine learning algorithms for early fault detection in predictive maintenance. In: 2018 5th International Conference on Industrial Engineering and Applications (ICIEA). IEEE, pp 355–361, 2018) and a remote exploitation strategy using multiple attack vectors (Checkoway et al., Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security symposium, vol 4, no. 447–462, p 2021, 2011) demonstrated that vehicles can be remotely compromised. These examples demonstrate the potential to exploit aspects of the vehicle’s communication and control systems, resulting in unexpected behavior. There is therefore a strong need to detect unusual behavior. This paper is focused on detecting attacks targeting a vehicle by identifying abnormal vehicle behavior, exhibited through vehicle control data. To achieve this, synthetic vehicle data containing detectable abnormalities is generated and used for analysis and detection to help detect cyberattacks. Unsupervised machine learning techniques are used to detect abnormal entries in-vehicle data. The synthetic data is generated based on datasets comparable with those generated during normal vehicle operations, before being used to manually insert skewness to generate abnormalities, before using and evaluating various unsupervised learning algorithms.
KW - cyberattacks
KW - abnormal vehicle behavior
KW - vehicle control data
KW - Unsupervised machine learning
KW - Anomaly detection technique
KW - Automotive security
KW - Automotive data
KW - Clustering
KW - Synthetic data generation
UR - https://doi.org/10.1007/978-3-031-55044-7
UR - http://www.scopus.com/inward/record.url?scp=85194545165&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-55044-7_7
DO - 10.1007/978-3-031-55044-7_7
M3 - Chapter
SN - 9783031550430
SN - 9783031550461
T3 - Wireless Networks
SP - 99
EP - 110
BT - Deception in Autonomous Transport Systems
A2 - Parkinson, Simon
A2 - Nikitas, Alexandros
A2 - Vallati, Mauro
PB - Springer, Cham
ER -