A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System

【Author】 Aliyu, Ibrahim; Feliciano, Marco Carlo; Van Engelenburg, Selinde; Kim, Dong Ok; Lim, Chang Gyoon

【Source】IEEE ACCESS

【Abstract】In-vehicle communication systems are usually managed by controller area networks (CAN). By broadcasting packets to their bus, the CAN facilitates the interaction between Electronic Control Units (ECU) that coordinate, monitor and control internal vehicle components. With no authentication mechanism for identifying the legitimacy and source of packets, CAN are vulnerable to cyber-attacks. An Intrusion Detection System (IDS) can detect attacks on CAN and machine learning can be used to create the models for the IDSs to detect non-linear attack patterns. However, car manufacturers and owners might want to keep the sensitive information required for training the models confidential. Therefore, we proposed a Blockchain-based Federated Forest Software-Defined Networking (SDN)-enabled IDS (BFF-IDS) to address the problem of data sharing the sensitive CAN data. To ensure scalability, we used InterPlanetary File System (IPFS) to host the models, and the blockchain is designed to store only a hash of the model and a pointer to its location. The SDN provides the dynamic routing of packets and model exchanges. We used Federated Learning (FL) to create a random forest model. Individuals provide partially trained models, allowing them to keep the underlying data confidential. Using Fourier transform, we decomposed the CAN IDs cycle from CAN bus traffic in the frequency domain for better generalization in multiclass detection of attacks. Multiple statistical and entropy features were extracted to handle the high complexity and non-linearity in CAN bus traffic. The proposed system allows manufacturers and car owners to contribute to the training of the models, as their sensitive data is protected. By storing hashes of the models on a blockchain, the risk of adversaries poisoning the models is reduced and a single point of failure is avoided. We evaluated the proposed system by conducting experiments on a testbed. We found that the proposed system has efficient use of memory and CPU resources and that the detection rate of closely related attacks was high. We recorded the highest model attack detection rate of about 0.981.

【Keywords】Data models; Collaborative work; Training; Blockchain; Feature extraction; Automobiles; Intrusion detection; Blockchain; CAN; federated learning; intrusion detection system; in-vehicle network; random forest; SDN

【标题】一种基于区块链的联邦森林，用于支持 SDN 的车载网络入侵检测系统

【摘要】车载通信系统通常由控制器局域网 (CAN) 管理。通过向其总线广播数据包，CAN 促进了电子控制单元 (ECU) 之间的交互，这些电子控制单元 (ECU) 协调、监控和控制车辆内部组件。由于没有用于识别数据包合法性和来源的身份验证机制，CAN 很容易受到网络攻击。入侵检测系统 (IDS) 可以检测对 CAN 的攻击，机器学习可用于为 IDS 创建模型以检测非线性攻击模式。但是，汽车制造商和车主可能希望对训练模型所需的敏感信息保密。因此，我们提出了一种基于区块链的联邦森林软件定义网络 (SDN) 支持的 IDS (BFF-IDS) 来解决数据共享敏感 CAN 数据的问题。为了确保可扩展性，我们使用星际文件系统 (IPFS) 来托管模型，而区块链旨在仅存储模型的哈希值和指向其位置的指针。 SDN 提供数据包的动态路由和模型交换。我们使用联邦学习 (FL) 创建随机森林模型。个人提供部分训练的模型，允许他们对基础数据保密。使用傅里叶变换，我们在频域中从 CAN 总线流量中分解 CAN ID 循环，以便更好地泛化攻击的多类检测。提取了多个统计和熵特征来处理 CAN 总线流量中的高复杂性和非线性。拟议的系统允许制造商和车主为模型的训练做出贡献，因为他们的敏感数据受到保护。通过将模型的哈希值存储在区块链上，可以降低对手毒害模型的风险并避免单点故障。我们通过在测试平台上进行实验来评估所提出的系统。我们发现所提出的系统有效地利用了内存和 CPU 资源，并且密切相关的攻击的检测率很高。我们记录的最高模型攻击检测率约为 0.981。

【关键词】数据模型；协作工作；训练;区块链；特征提取;汽车；入侵检测;区块链；能够;联邦学习；入侵侦测系统;车载网络；随机森林； SDN

【发表时间】2021

【收录时间】2022-07-06

【文献类型】Article

【论文大主题】区块链联邦学习

【论文小主题】联邦学习为主体

【影响因子】3.476

【翻译者】石东瑛