Machine Learning Algorithm of Detection of DOS Attacks on An Automotive Telematic Unit

Eric Perraud

Renault Software Labs, Toulouse, France

Abstract

Today vehicles are connected to private networks which are owned by the car manufacturer. But in coming years, vehicles become more and more connected to the public Internet for infotainment applications but also to safety applications. Like any Internet terminal, some hackers can attack the wireless connectivity unit of the vehicle with Distribution Denial of Services (DDOS) attacks, so that the wireless connectivity unit of the vehicle is not available and the service is lost. Therefore, it is critical to developing a mechanism to detect such an attack and eliminate it, to maintain the availability of the wireless connectivity unit. This paper proposes an algorithm which proceeds in 2 steps: it uses an unsupervised machine learning algorithm to detect DDOS attacks in the incoming Internet data. When it detects an attack, it uses the results of the machine learning algorithm to split the legitimate flow and the rogue flows. The rogue flow is filtered so that the availability of the wireless connectivity unit of the vehicle is restored. This proposed algorithm needs very few CPU computing power and is compatible with low-cost CPUs which are used in an automotive wireless connectivity unit.

Keywords

Clustering algorithm, vehicle, DDOS, unsupervised learning

For More Details: http://aircconline.com/ijcnc/V11N1/11119cnc02.pdf

Volume Link: http://airccse.org/journal/ijc2019.html

REFERENCES

[1]     Andrew Ng – Coursera Online – Machine Learning

[2]     D. Ippoliti and X. Zhou. Online adaptive anomaly detection for augmented network flows. In IEEE 22nd Int. Symp. on Modelling, Analysis Simulation of Comput. and Telecommun. Syst., pages 433–442, Sept. 2014.

[3]     A. Lakhina, M. Crovella, and C. Diot. Diagnosing network-wide traffic anomalies. In Conf. on Applications, Technologies, Architectures, and Protocols for Comput. Commun., pages 219–230, New York, NY, USA, 2004. ACM.

[4]     Juliette Dromard, Gilles Roudiere, Philippe Owezarski. Online and scalable unsupervised network anomaly detection method – IEEE Transactions on Networks and Service Management ,pages 34-47, 2017.

[5]     N. Chen, A. Chen, and L. Zhou. An incremental grid density-based clustering algorithm. Journal of Software, 13(1), Aug. 2002.

[6]     P. Casas, J. Mazel, and P. Owezarski. NETWORKING 2011: 10th Int. IFIP TC 6 Networking Conf., chapter UNADA: Unsupervised Network Anomaly Detection Using Sub-space Outliers Ranking, pages 40–51. Springer Berlin Heidelberg, 2011.

[7]     Y. Bengio, O. Delalleau, and N. Le Roux. The curse of highly variable functions for local kernel machines. In Proc. of the 18th Int. Conf. on Neural Information Processing Systems, pages 107–114, Cambridge, MA, USA, 2005. MIT Press.

[8]     Chiadighikaobi Ikenna Rene and Johari Abdullah. Malicious Code Intrusion Detection using Machine Learning And Indicators of Compromise. International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017

[9]     A. Patcha and J. Park. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Netw., 51(12), Aug 2007.

[10]   Vishwas S. Ciza, T. and Balakrishnan N. Usefulness of darpa dataset for intrusion detection system evaluation, 2014

[11]   P. F. Evangelista, M. J. Embrechts, and B. K. Szymanski. Taming the Curse of Dimensionality in Kernels and Novelty Detection, pages 425– 438. Springer Berlin Heidelberg, Berlin, Heidelberg, 2006

[12]   M-LShyu,S-CChen,K.Sarinnapakorn,andL.Chang. A novel anomaly detection scheme based on principal component classifier. IEEE Foundations and New Directions of Data Mining Workshop, pages 171– 179, 2003.

[13]   J. Dromard, V. Baudin, P. Owezarski, A. Mozo-Velasco, B. Ordozgoiti, and S. Gomez-Canaval.D4.3: Experimental evaluation of algorithms for online network characterizations. Technical report, FP7 European ONTIC project: Online Network Traffic Characterization, January 2017.

[14]   J. Mazel. Unsupervised network anomaly detection. PhD thesis, INSA Toulouse, France, Dec. 2011

[15]   Vijaya P. Vipin, D., Sattvik S., Sreevathsan S., and Gireesh K. T. Network intrusion detection system based on machine learning algorithms. International Journal of Computer Science and Information Technology (IJCSIT), 2(6):138–151, 2010.

[16]   Deshmukh S. Patil, R. and Rajeswari K. Analysis of simple k-means with multiple dimensions using weka. International Journal of Advanced Research in Computer Science and Software Engineering, 110:14–17, 2015.

[17]   K. Leung and C. Leckie. Unsupervised anomaly detection in network intrusion detection using clusters. In Twenty-Eighth Australasian Comput. Science Conf. (ACSC2005), pages 333–342, 2005.

[18]   P. Casas, J. Mazel, and P. Owezarski. Unsupervised network intrusion detection systems: Detecting the unknown without knowledge. Comput. Comm., 35(7):772 – 783, 2012.

[19]   11. L. Parsons et al., “Subspace Clustering for High Dimensional Data: a Review”, in ACM SIGKDD Expl. Newsletter, vol. 6 (1), pp. 90-105, 2004 ACM SIGKDD Expl. Newsletter, vol. 6 (1), pp. 90-105, 2004

AUTHORS 

Eric Perraud works at Renault Software labs in the Strategy Office. He had previously been working at Intel and Motorola as modem chief architect. He has a Telecommunication master from Sup Telecom Bretagne and a opto-electronics PhD from Sup-Aero