Detecting Abnormal Vehicle Behavior: A Clustering-Based Approach

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


The increase in connected and autonomous functionality is increasing the potential for cyberattacks. However, the amount of data generated, processed, and stored by the modern vehicle is increasing, and this is creating the potential to detect and prevent abnormal and potentially dangerous situations from occurring. The purpose of this paper is to investigate the area of intrusion detection using automotive data and to lay the foundations of research in intrusion detection using unsupervised machine learning. As vehicles continue to become more connected, there is an increased possibility of them being exploited through a successful cyberattack. An example of a hacked Jeep Cherokee (Amruthnath and Gupta, A research study on unsupervised machine learning algorithms for early fault detection in predictive maintenance. In: 2018 5th International Conference on Industrial Engineering and Applications (ICIEA). IEEE, pp 355–361, 2018) and a remote exploitation strategy using multiple attack vectors (Checkoway et al., Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security symposium, vol 4, no. 447–462, p 2021, 2011) demonstrated that vehicles can be remotely compromised. These examples demonstrate the potential to exploit aspects of the vehicle’s communication and control systems, resulting in unexpected behavior. There is therefore a strong need to detect unusual behavior. This paper is focused on detecting attacks targeting a vehicle by identifying abnormal vehicle behavior, exhibited through vehicle control data. To achieve this, synthetic vehicle data containing detectable abnormalities is generated and used for analysis and detection to help detect cyberattacks. Unsupervised machine learning techniques are used to detect abnormal entries in-vehicle data. The synthetic data is generated based on datasets comparable with those generated during normal vehicle operations, before being used to manually insert skewness to generate abnormalities, before using and evaluating various unsupervised learning algorithms.
Original languageEnglish
Title of host publicationDeception in Autonomous Transport Systems
Subtitle of host publicationThreats, Impacts and Mitigation Policies
EditorsSimon Parkinson, Alexandros Nikitas, Mauro Vallati
PublisherSpringer, Cham
Number of pages12
ISBN (Electronic)9783031550447
ISBN (Print)9783031550430, 9783031550461
Publication statusPublished - 16 May 2024

Publication series

NameWireless Networks
ISSN (Print)2366-1186
ISSN (Electronic)2366-1445

Cite this