Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model
Abstract
:1. Introduction
- The paper examines different data-balancing methods and their effects on IDS efficacy. A combined mechanism of the SMOTE and random undersampling is utilized to address class imbalance issues and attain balanced class distribution. This approach’s efficacy is demonstrated using the CICIDS2017 (CICIDS) dataset. Additionally, Principal Component Analysis (PCA) is employed to reduce feature dimensionality, substantially lessening computational demands.
- The paper presents a DFSENet as the core of the IDS. This network effectively classifies network traffic data from In-Vehicle Networks (IVNs) and external sources. The deep-layered IDS model stacks various machine learning (ML) models sequentially layer by layer, connecting them in an ordered manner. This architecture enhances the ability to precisely and efficiently detect a spectrum of cyber-attacks, safeguarding both IoV systems and intelligent connected vehicles (ICVs) from diverse cyber threats.
- A CIDS architecture is proposed, based on machine learning, that enables information exchange and knowledge sharing within vehicular networks.
- A design principle is also presented to determine the optimal privacy parameter value. This is attained by solving an optimization problem that balances the tradeoff between security for the vehicular network and protecting its privacy.
- The proposed IDS’s performance was evaluated using two datasets—the widely accepted CICIDS2017, known as CICIDS, for network intrusion detection, and the car-hacking dataset pertinent to IoV security.
2. Literature Review
3. Proposed CIDS
3.1. Data Processing
3.1.1. Data Collection
3.1.2. Data Cleaning
Algorithm 1: Enhanced Real-time VANET Surveillance |
INPUT: Real-time VANET System Data Stream (X) OUTPUT: Intrusion Detection Alerts (Y) |
START PROCEDURE //Step 1: Data Preprocessing Stage Preprocessed_Data = Processing_data(X) //Check if classifier update is needed IF NEED_UPDATE(Preprocessed_Data) THEN //Step 2: Classifier Update Mechanism Updated_Classifier <- IDS (Load_local_dataset()) Classifier = Updated_Classifier //Step 3: Local IDS with updated classifier Alerts = Local_Detection (Preprocessed_Data, Classifier) IF Alerts CONTAIN Intrusions THEN TRIGGER_ALERT(Y) END IF ELSE //Step 4: Continuous Monitoring with the current classifier Alerts = Local_Detection (Preprocessed_Data, Classifier) IF Alerts CONTAIN Intrusions THEN TRIGGER_ALERT(Y) END IF END IF END PROCEDURE |
3.1.3. Feature Selection
3.1.4. Data Normalization
3.1.5. Data Balancing
3.2. Local Intrusion Detection Engine
3.2.1. Overview
3.2.2. Dynamic Forest-Structured Ensemble Network (DFSENet)
3.2.3. Machine Learning Models
4. Experimental Results
4.1. Datasets
4.1.1. CICIDS Dataset
4.1.2. Car-Hacking Dataset
4.2. Evaluation Metrics
4.3. Discussion
4.4. Empirical Analysis between the Proposed Model and Related Works
4.5. Limitation and Future Works
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Manale, B.; Tomader, M. A Survey of Intrusion Detection Algorithm in VANET. In Proceedings of the NISS2020: The 3rd International Conference on Networking, Information Systems & Security, ACM International Conference Proceeding Series, Marrakech, Morocco, 31 March–2 April 2020. [Google Scholar] [CrossRef]
- Buczak, A.L.; Guven, E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Commun. Surv. Tutor. 2016, 18, 1153–1176. [Google Scholar] [CrossRef]
- Young, C.; Zambreno, J.; Olufowobi, H.; Bloom, G. Survey of automotive controller area network intrusion detection systems. IEEE Des. Test 2019, 36, 48–55. [Google Scholar] [CrossRef]
- Liang, J.; Sheikh, M.S.; Wang, W. A Survey of Security Services, Attacks, and Applications for Vehicular Ad Hoc Networks (VANETs). Sensors 2019, 19, 3589. [Google Scholar] [CrossRef] [PubMed]
- Sharma, S.; Kaul, A. A survey on Intrusion Detection Systems and Honeypot based proactive security mechanisms in VANETs and VANET Cloud. Veh. Commun. 2018, 12, 138–164. [Google Scholar] [CrossRef]
- Dong, S.; Su, H.; Xia, Y.; Zhu, F.; Hu, X.; Wang, B. A Comprehensive Survey on Authentication and Attack Detection Schemes That Threaten It in Vehicular Ad-Hoc Networks. IEEE Trans. Intell. Transp. Syst. 2023, 24, 13573–13602. [Google Scholar] [CrossRef]
- Ullah, S.; Khan, M.A.; Ahmad, J.; Jamal, S.S.; e Huma, Z.; Hassan, M.T.; Pitropakis, N.; Arshad; Buchanan, W.J. HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles. Sensors 2022, 22, 1340. [Google Scholar] [CrossRef]
- Injadat, M.; Moubayed, A.; Nassif, A.B.; Shami, A. Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection. IEEE Trans. Netw. Serv. Manag. 2021, 18, 1803–1816. [Google Scholar] [CrossRef]
- Schwenker, F. Ensemble Methods: Foundations and Algorithms [Book Review]. IEEE Comput. Intell. Mag. 2013, 8, 77–79. [Google Scholar] [CrossRef]
- Kachirski, O.; Guha, R. Effective intrusion detection using multiple sensors in wireless ad hoc networks. In Proceedings of the 36th Annual Hawaii International Conference on System Sciences, HICSS 2003, Big Island, HI, USA, 6–9 January 2003. [Google Scholar] [CrossRef]
- Ahmed, H.A.; Hameed, A.; Bawany, N.Z. Network intrusion detection using oversampling technique and machine learning algorithms. PeerJ Comput. Sci. 2022, 8, e820. [Google Scholar] [CrossRef]
- Manderna, A.; Kumar, S.; Dohare, U.; Aljaidi, M.; Kaiwartya, O.; Lloret, J. Vehicular Network Intrusion Detection Using a Cascaded Deep Learning Approach with Multi-Variant Metaheuristic. Sensors 2023, 23, 8772. [Google Scholar] [CrossRef]
- Goncalves, F.; Ribeiro, B.; Gama, O.; Santos, A.; Costa, A.; Dias, B.; Macedo, J.; Nicolau, M.J. A Systematic Review on Intelligent Intrusion Detection Systems for VANETs. In Proceedings of the 2019 11th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops, Dublin, Ireland, 28–30 October 2019; Volume 2019. [Google Scholar] [CrossRef]
- Nie, L.; Ning, Z.; Wang, X.; Hu, X.; Cheng, J.; Li, Y. Data-Driven Intrusion Detection for Intelligent Internet of Vehicles: A Deep Convolutional Neural Network-Based Method. IEEE Trans. Netw. Sci. Eng. 2020, 7, 2219–2230. [Google Scholar] [CrossRef]
- Gad, A.R.; Nashat, A.A.; Barkat, T.M. Intrusion Detection System Using Machine Learning for Vehicular Ad Hoc Networks Based on ToN-IoT Dataset. IEEE Access 2021, 9, 142206–142217. [Google Scholar] [CrossRef]
- Arya, M.; Sastry, H.; Dewangan, B.K.; Rahmani, M.K.I.; Bhatia, S.; Muzaffar, A.W.; Bivi, M.A. Intruder Detection in VANET Data Streams Using Federated Learning for Smart City Environments. Electronics 2023, 12, 894. [Google Scholar] [CrossRef]
- Karthiga, B.; Durairaj, D.; Nawaz, N.; Venkatasamy, T.K.; Ramasamy, G.; Hariharasudan, A. Intelligent Intrusion Detection System for VANET Using Machine Learning and Deep Learning Approaches. Wirel. Commun. Mob. Comput. 2021, 2022, 5069104. [Google Scholar] [CrossRef]
- Hassan, F.; Yu, J.; Syed, Z.S.; Ahmed, N.; Al Reshan, M.S.; Shaikh, A. Achieving model explainability for intrusion detection in VANETs with LIME. PeerJ Comput. Sci. 2023, 9, e1440. [Google Scholar] [CrossRef]
- Koscher, K.; Czeskis, A.; Roesner, F.; Patel, S.; Kohno, T.; Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; et al. Experimental security analysis of a modern automobile. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 16–19 May 2010; pp. 447–462. [Google Scholar] [CrossRef]
- Song, W.; Choi, H.; Kim, J.; Kim, E.; Kim, Y.; Kim, J. Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. 2016. Available online: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/song (accessed on 17 January 2024).
- Woo, S.; Jo, H.J.; Lee, D.H. A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN. IEEE Trans. Intell. Transp. Syst. 2015, 16, 993–1006. [Google Scholar] [CrossRef]
- Kumar, M.; Hanumanthappa, M.; Kumar, T.V.S. Intrusion Detection System using decision tree algorithm. In Proceedings of the International Conference on Communication Technology Proceedings, ICCT 2012, Chengdu, China, 9–11 November 2012; pp. 629–634. [Google Scholar] [CrossRef]
- Peng, K.; MLeung, V.C.; Zheng, L.; Wang, S.; Huang, C.; Lin, T. Intrusion Detection System Based on Decision Tree over Big Data in Fog Environment. Wirel. Commun. Mob. Comput. 2017, 2018, 4680867. [Google Scholar] [CrossRef]
- Chitrakar, R.; Huang, C. Selection of Candidate Support Vectors in incremental SVM for network intrusion detection. Comput. Secur. 2014, 45, 231–241. [Google Scholar] [CrossRef]
- Zhang, H.; Dai, S.; Li, Y.; Zhang, W. Real-time Distributed-Random-Forest-Based Network Intrusion Detection System Using Apache Spark. In Proceedings of the 2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC 2018, Orlando, FL, USA, 17–19 November 2018. [Google Scholar] [CrossRef]
- Waskle, S.; Parashar, L.; Singh, U. Intrusion Detection System Using PCA with Random Forest Approach. In Proceedings of the International Conference on Electronics and Sustainable Communication Systems, ICESC 2020, Coimbatore, India, 2–4 July 2020; pp. 803–808. [Google Scholar] [CrossRef]
- Diro, A.; Chilamkurti, N. Leveraging LSTM Networks for Attack Detection in Fog-to-Things Communications. IEEE Commun. Mag. 2018, 56, 124–130. [Google Scholar] [CrossRef]
- Samy, A.; Yu, H.; Zhang, H. Fog-Based Attack Detection Framework for Internet of Things Using Deep Learning. IEEE Access 2020, 8, 74571–74585. [Google Scholar] [CrossRef]
- Labiod, Y.; Korba, A.A.; Ghoualmi, N. Fog Computing-Based Intrusion Detection Architecture to Protect IoT Networks. Wirel. Pers. Commun. 2022, 125, 231–259. [Google Scholar] [CrossRef]
- Li, S.; Lu, Y.; Li, J. CAD-IDS: A Cooperative Adaptive Distributed Intrusion Detection System with Fog Computing. In Proceedings of the 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design, CSCWD 2022, Hangzhou, China, 4–6 May 2022; pp. 635–640. [Google Scholar] [CrossRef]
- Latif, S.; e Huma, Z.; Jamal, S.S.; Ahmed, F.; Ahmad, J.; Zahid, A.; Dashtipour, K.; Aftab, M.U.; Ahmad, M.; Abbasi, Q.H. Intrusion Detection Framework for the Internet of Things Using a Dense Random Neural Network. IEEE Trans. Ind. Inform. 2022, 18, 6435–6444. [Google Scholar] [CrossRef]
- Thapa, K.N.K.; Duraipandian, N. Malicious Traffic classification Using Long Short-Term Memory (LSTM) Model. Wirel. Pers. Commun. 2021, 119, 2707–2724. [Google Scholar] [CrossRef]
- Latif, S.; Driss, M.; Boulila, W.; e Huma, Z.; Jamal, S.S.; Idrees, Z.; Ahmad, J. Deep Learning for the Industrial Internet of Things (IIoT): A Comprehensive Survey of Techniques, Implementation Frameworks, Potential Applications, and Future Directions. Sensors 2021, 21, 7518. [Google Scholar] [CrossRef]
- Binbusayyis, A.; Vaiyapuri, T. Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and one-class SVM. Appl. Intell. 2021, 51, 7094–7108. [Google Scholar] [CrossRef]
- Ma, T.; Yu, Y.; Wang, F.; Zhang, Q.; Chen, X. A hybrid methodologies for intrusion detection based deep neural network with support vector machine and clustering technique. Lect. Notes Electr. Eng. 2018, 422, 123–134. [Google Scholar] [CrossRef]
- Zaidi, K.; Milojevic, M.B.; Rakocevic, V.; Nallanathan, A.; Rajarajan, M. Host-Based Intrusion Detection for VANETs: A Statistical Approach to Rogue Node Detection. IEEE Trans. Veh. Technol. 2016, 65, 6703–6714. [Google Scholar] [CrossRef]
- Alheeti, K.M.A.; Donald-Maier, K.M. Intelligent intrusion detection in external communication systems for autonomous vehicles. Syst. Sci. Control Eng. 2018, 6, 48–56. [Google Scholar] [CrossRef]
- Zhao, R.; Gui, G.; Xue, Z.; Yin, J.; Ohtsuki, T.; Adebisi, B.; Gacanin, H. A Novel Intrusion Detection Method Based on Lightweight Neural Network for Internet of Things. IEEE Internet Things J. 2022, 9, 9960–9972. [Google Scholar] [CrossRef]
- Yang, L.; Moubayed, A.; Hamieh, I.; Shami, A. Tree-based intelligent intrusion detection system in internet of vehicles. In Proceedings of the 2019 IEEE Global Communications Conference, GLOBECOM 2019—Proceedings, Waikoloa, HI, USA, 9–13 December 2019. [Google Scholar] [CrossRef]
- Chen, Z.; Simsek, M.; Kantarci, B.; Djukic, P. All Predict Wisest Decides: A Novel Ensemble Method to Detect Intrusive Traffic in IoT Networks. In Proceedings of the 2021 IEEE Global Communications Conference, GLOBECOM 2021—Proceedings, Madrid, Spain, 7–11 December 2021. [Google Scholar] [CrossRef]
- Khalvati, L.; Keshtgary, M.; Rikhtegar, N. Intrusion Detection based on a Novel Hybrid Learning Approach. J. AI Data Min. 2018, 6, 157–162. [Google Scholar] [CrossRef]
- Canbay, Y.; Sagiroglu, S. A hybrid method for intrusion detection. In Proceedings of the 2015 IEEE 14th International Conference on Machine Learning and Applications, ICMLA 2015, Miami, FL, USA, 9–11 December 2016; pp. 156–161. [Google Scholar] [CrossRef]
- Singh, P.; Kaur, A.; Aujla, G.S.; Batth, R.S.; Kanhere, S. DaaS: Dew Computing as a Service for Intelligent Intrusion Detection in Edge-of-Things Ecosystem. IEEE Internet Things J. 2021, 8, 12569–12577. [Google Scholar] [CrossRef]
- Albers, P.; Camp, O.; Percher, J.; Jouga, B.; Mé, L.; Puttini, R. Security in Ad Hoc Networks: A General Intrusion Detection Architecture Enhancing Trust Based Approaches. In Proceedings of the Wireless Information Systems, 1st International Workshop on Wireless Information Systems, WIS 2002 in Conjunction with ICEIS 2002, Ciudad Real, Spain, 2–3 April 2002. [Google Scholar]
- Sterne, D.; Balasubramanyam, P.; Carman, D.; Wilson, B.; Talpade, R.; Ko, C.; Balupari, R.; Tseng, C.-Y.; Bowen, T.; Levitt, K.; et al. A general cooperative intrusion detection architecture for MANETs. In Proceedings of the 3rd IEEE International Workshop on Information Assurance, IWIA 2005, College Park, MD, USA, 23–24 March 2005; pp. 57–70. [Google Scholar] [CrossRef]
- Blowers, M.; Williams, J. Machine learning applied to cyber operations. Adv. Inf. Secur. 2014, 55, 155–175. [Google Scholar] [CrossRef]
- Horng, S.J.; Su, M.-Y.; Chen, Y.-H.; Kao, T.-W.; Chen, R.-J.; Lai, J.-L.; Perkasa, C.D. A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 2011, 38, 306–313. [Google Scholar] [CrossRef]
- Muda, Z.; Yassin, W.; Sulaiman, M.N.; Udzir, N.I. Intrusion detection based on K-Means clustering and Naïve Bayes classification. In Proceedings of the 2011 7th International Conference on Information Technology in Asia, Sarawak, Malaysia, 12–13 July 2011. [Google Scholar] [CrossRef]
- Hikal, N.A.; Elgayar, M.M. Enhancing IoT Botnets Attack Detection Using Machine Learning-IDS and Ensemble Data Preprocessing Technique. In Internet of Things—Applications and Future; Lecture Notes in Networks and Systems; Ghalwash, A., El Khameesy, N., Magdi, D., Joshi, A., Eds.; Springer: Singapore, 2020; Volume 114. [Google Scholar]
- Mohammed; Jassim, R.; Abed, E.A.; Elgayar, M.M. Comparative study between metaheuristic algorithms for internet of things wireless nodes localization. Int. J. Electr. Comput. Eng. 2022, 12, 660–668. [Google Scholar]
- Haytham Tarek Mohammed, F.; El-Gayar, M.M.; Aboelfetouh, A. Detection Technique and Mitigation Against a Phishing Attack. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 2021, 12, 2021. [Google Scholar] [CrossRef]
- Zhang, W.; Wu, C.; Zhong, H.; Li, Y.; Wang, L. Prediction of undrained shear strength using extreme gradient boosting and random forest based on Bayesian optimization. Geosci. Front. 2020, 12, 469–477. [Google Scholar] [CrossRef]
- Zhang, W.; Wu, C.; Tang, L.; Gu, X.; Wang, L. Efficient time-variant reliability analysis of Bazimen landslide in the Three Gorges Reservoir Area using XGBoost and LightGBM algorithms. Gondwana Res. 2023, 123, 41–53. [Google Scholar] [CrossRef]
Precision | Recall | F1-Score | Accuracy | # Categories | |
---|---|---|---|---|---|
LSTM | 0.954 | 0.895 | 0.885 | 0.893 | 2 |
MLP | 0.882 | 0.859 | 0.868 | 0.872 | 2 |
1D-CNN | 0.964 | 0.906 | 0.935 | 0.938 | 2 |
DBN | 0.897 | 0.975 | 0.943 | 0.946 | 6 |
Categories | Prior-Balance Adjustment | Post-Balance Adjustment |
---|---|---|
Normal | 1,221,300 | 700,000 |
DDoS | 192,162 | 420,000 |
Botnet | 1160 | 45,000 |
Web Attack | 1272 | 45,000 |
Port Scan | 34,384 | 49,000 |
Brute Force | 5131 | 53,000 |
Precision | Recall | F1-Score | Accuracy | Execution Time (ms) | |
---|---|---|---|---|---|
Without PCA | 95.9 | 98.8 | 96 | 99 | 1.05 |
With PCA | 95.4 | 98.3 | 95 | 98 | 2.66 × 10−3 |
Model | Precision | Recall | F1-Score | Accuracy | Execution Time (ms) |
---|---|---|---|---|---|
DT | 93.4 | 96.5 | 94.9 | 97.7 | 1.23 × 10−25 |
RF | 89.6 | 98.7 | 93.2 | 98.2 | 1.67 × 10−5 |
XGBOOST | 97 | 85.9 | 91.1 | 95.5 | 3.83 × 10−5 |
XGBoost + RF | 98.3 | 93.4 | 95.2 | 97.6 | 1.26 × 10−4 |
Proposed DFSENet | 95.6 | 98.8 | 96.9 | 99.2 | 2.91 × 10−4 |
Precision | Recall | F1-Score | Accuracy | |
---|---|---|---|---|
Normal | 0.984 | 0.974 | 0.978 | 0.992 |
DDoS | 0.963 | 0.973 | 0.965 | 0.991 |
Web Attack | 0.978 | 0.968 | 0.973 | 0.992 |
Botnet | 0.882 | 0.962 | 0.922 | 0.93 |
Brute Force | 0.982 | 0.986 | 0.984 | 0.995 |
Port Scan | 0.979 | 0.989 | 0.984 | 0.995 |
Precision | Recall | F1-Score | Accuracy | |
---|---|---|---|---|
Normal | 0.984 | 0.984 | 0.984 | 0.98 |
DoS | 0.964 | 0.986 | 0.975 | 0.98 |
Gear | 0.978 | 0.968 | 0.973 | 0.98 |
Spoofing Gauge | 0.972 | 0.982 | 0.977 | 0.98 |
Fuzzy | 0.982 | 0.986 | 0.984 | 0.98 |
Precision | Recall | F1-Score | Accuracy | Categories | |
---|---|---|---|---|---|
LSTM | 0.954 | 0.895 | 0.885 | 0.893 | 2 |
MLP | 0.882 | 0.859 | 0. 868 | 0.872 | 2 |
1D-CNN | 0.964 | 0.906 | 0.935 | 0.938 | 2 |
DBN | 0.897 | 0.975 | 0.943 | 0.946 | 6 |
Proposed Model | 0.956 | 0.988 | 0.969 | 0.992 | 6 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
El-Gayar, M.M.; Alrslani, F.A.F.; El-Sappagh, S. Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model. Information 2024, 15, 583. https://doi.org/10.3390/info15100583
El-Gayar MM, Alrslani FAF, El-Sappagh S. Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model. Information. 2024; 15(10):583. https://doi.org/10.3390/info15100583
Chicago/Turabian StyleEl-Gayar, Mostafa Mahmoud, Faheed A. F. Alrslani, and Shaker El-Sappagh. 2024. "Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model" Information 15, no. 10: 583. https://doi.org/10.3390/info15100583
APA StyleEl-Gayar, M. M., Alrslani, F. A. F., & El-Sappagh, S. (2024). Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model. Information, 15(10), 583. https://doi.org/10.3390/info15100583