信息网络安全 ›› 2022, Vol. 22 ›› Issue (12): 57-66.doi: 10.3969/j.issn.1671-1122.2022.12.007

• 技术研究 • 上一篇    下一篇

基于LSTM的CAN入侵检测模型研究

银鹰1,2(), 周志洪1,2, 姚立红3   

  1. 1.上海交通大学网络安全技术研究院,上海 200240
    2.上海市信息安全综合管理技术研究重点实验室,上海 200240
    3.上海交通大学网络空间安全学院,上海 200240
  • 收稿日期:2022-10-09 出版日期:2022-12-10 发布日期:2022-12-30
  • 通讯作者: 银鹰 E-mail:yyin@sjtu.edu.cn
  • 作者简介:银鹰(1977—),女,湖南,助理研究员,硕士,主要研究方向为网络安全检测与风险评估、密码应用安全和车联网安全|周志洪(1979—),男,江西,讲师,博士,主要研究方向为网络安全检测与风险评估、密码应用安全和车联网安全|姚立红(1974—),女,江苏,高级工程师,博士,主要研究方向为操作系统与移动端安全、车联网安全
  • 基金资助:
    国家自然科学基金(U20B2048)

Research on LSTM-Based CAN Intrusion Detection Model

YIN Ying1,2(), ZHOU Zhihong1,2, YAO Lihong3   

  1. 1. Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China
    2. Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai 200240, China
    3. School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
  • Received:2022-10-09 Online:2022-12-10 Published:2022-12-30
  • Contact: YIN Ying E-mail:yyin@sjtu.edu.cn

摘要:

车载控制器局域网(Controller Area Network,CAN)连接着智能网联汽车系统的核心电子控制单元,对于保证汽车系统的安全性至关重要。由于其缺乏足够的信息安全措施,容易遭受拒绝服务(Denial of Service,DoS)攻击、重放攻击、模糊攻击等,给汽车系统及驾乘人员带来严重安全威胁。文章通过分析车载CAN面临的信息安全威胁,提取CAN报文在报文ID、时间间隔、数据字段中的通信特征,提出一种基于长短期记忆(Long Short Term Memory,LSTM)的CAN入侵检测模型,该模型能有效保留CAN报文的时序特征,在CAN遭受攻击时检测攻击行为以及对应的攻击类型。实验结果表明,该模型的攻击检测精度达99.99%。

关键词: 智能网联汽车, CAN, 入侵检测, LSTM

Abstract:

The controller area network (CAN) is connected to the core electronic control units of the intelligent networked automobile system, which is crucial to ensure the safety of the vehicle system. But it is vulnerable to denial of service(DoS) attack, replay attack and fuzzy attack due to its lack of adequate information security measures and thus causes serious security threat for automobiles and drivers. In order to effectively detect whether the CAN bus was attacked, the security threats and communication features were analyzed, and a model of CAN intrusion detection based on long short term memory (LSTM) was proposed, which could preserve the timing characteristics of CAN messages and effectively perform intrusion detection and attack classification. The experimental results show that the detection accuracy of the model is 99.99%.

Key words: intelligent networked automobile, CAN, intrusion detection, LSTM

中图分类号: