Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network ident...Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.展开更多
基金the National Key R&D Program of China(No.2017YFA60700602)。
文摘Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.
