The integration of intelligent and connected technologies in modern vehicles, while offering enhanced functionalities through Electronic Control Unit and interfaces like OBD-II and telematics, also exposes the vehicle's in-vehicle network (IVN) to potential cyberattacks. In this paper, we consider a specific type of cyberattack known as the injection attack. As demonstrated by empirical data from real-world cybersecurity adversarial competitions(available at https://mimic2024.xctf.org.cn/race/qwmimic2024 ), these injection attacks have excitation effect over time, gradually manipulating network traffic and disrupting the vehicle's normal functioning, ultimately compromising both its stability and safety. To profile the abnormal behavior of attackers, we propose a novel injection attack detector to extract long-term features of attack behavior. Specifically, we first provide a theoretical analysis of modeling the time-excitation effects of the attack using Multi-Dimensional Hawkes Process (MDHP). A gradient descent solver specifically tailored for MDHP, MDHP-GDS, is developed to accurately estimate optimal MDHP parameters. We then propose an injection attack detector, MDHP-Net, which integrates optimal MDHP parameters with MDHP-LSTM blocks to enhance temporal feature extraction. By introducing MDHP parameters, MDHP-Net captures complex temporal features that standard Long Short-Term Memory (LSTM) cannot, enriching temporal dependencies within our customized structure. Extensive evaluations demonstrate the effectiveness of our proposed detection approach.
翻译:现代车辆中智能网联技术的集成,虽然通过电子控制单元以及OBD-II和远程信息处理等接口提供了增强的功能,但也使车辆的车载网络暴露于潜在的网络攻击之下。本文研究一种特定的网络攻击类型,即注入攻击。如来自现实世界网络安全对抗竞赛的实证数据所示,这些注入攻击具有随时间推移的激励效应,会逐步操纵网络流量并破坏车辆的正常功能,最终危及其稳定性和安全性。为刻画攻击者的异常行为,我们提出一种新颖的注入攻击检测器以提取攻击行为的长期特征。具体而言,我们首先对利用多维霍克斯过程建模攻击的时间激励效应进行了理论分析。开发了一种专为MDHP定制的梯度下降求解器MDHP-GDS,以精确估计最优MDHP参数。随后,我们提出一种注入攻击检测器MDHP-Net,它将最优MDHP参数与MDHP-LSTM模块相结合,以增强时间特征提取。通过引入MDHP参数,MDHP-Net能够捕获标准长短期记忆网络无法捕捉的复杂时间特征,从而在我们定制的结构中丰富了时间依赖性。大量评估实验证明了我们所提检测方法的有效性。