Weighted Local Outlier Factor for Detecting Anomaly on In-Vehicle Network

摘要

Modern vehicles are generally equipped with dozens of (or even hundreds of) electronic and intelligent devices and bloom into more involved information hub in enabling V2X networking. Protecting this increasingly complex vehicle ecosystem can be an arduous task, especially as the proliferation of data across distinct connected devices makes them more vulnerable than ever before. Intrusion detection systems (IDSs) have been found extremely rewarding in monitoring in-vehicle network traffic and detecting potential intrusions. The paper presents WLOF-InV, a novel unsupervised method based on local density for IDS on in-vehicle network. Given historical in-vehicle data of message identifiers, WLOF-InV first segments the traffic into a slice of (e.g., m) sliding windows. For each sliding window, WLOF-InV exerts information gain to select features for dimensionality reduction and squeezes out n features which are then bundled together to form a row vector and eventually gets an $mimes n$ matrix. WLOF-InV then adaptively determines the hyperparameters for local outlier factor (LOF) model (optimizing the scores for ranking the training data and the cutoff position for anomalies). In online detection, WLOF-InV determines the features by the information gain and invokes abnormal score weighting mode (which weights the LOF value of each dimension data by entropy method) to obtain the complete LOF score (of the overall traffic), and thereby grabs the anomaly traffic by resorting to the adjusted model. WLOF-InV is validated on the real data of three attack types (DoS, fuzzy, and impersonation). Experimental results demonstrate that WLOF-InV contrives next to optimal performance.