MGA-IDS: Optimal feature subset selection for anomaly detection framework on in-vehicle networks-CAN bus based on genetic algorithm and intrusion detection approach

AKSU D., AYDIN M. A.

COMPUTERS & SECURITY, cilt.118, 2022 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 118
  • Basım Tarihi: 2022
  • Doi Numarası: 10.1016/j.cose.2022.102717
  • Dergi Adı: COMPUTERS & SECURITY
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, PASCAL, ABI/INFORM, Aerospace Database, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Communication Abstracts, Computer & Applied Sciences, Criminal Justice Abstracts, INSPEC, Metadex, Civil Engineering Abstracts
  • Anahtar Kelimeler: Controller area network bus, Cyber security, Data mining, Intrusion detection system, Feature selection, DETECTION SYSTEM, ATTACKS, SET
  • İstanbul Üniversitesi Adresli: Hayır

Özet

Controller area network (CAN) bus which provides efficient, reliable and robust communication between electronic control units (ECUs) is the most frequently used protocol for in-vehicle networks. However, the lack of security mechanisms in the CAN protocol makes it vulnerable to inside and outside cyber-attacks. Therefore, an intrusion detection system (IDS), which is a widely used method to detect malicious activities, is preferred to improve the security of the CAN buses. In spite of the fact that various supervised and unsupervised machine learning algorithms are employed to increase the performance of IDSs, obtaining high classification performance is still a challenge for them. First, a lot of irrelevant and redundant features in the datasets result in long computational times with low detection performances. Second, different classification performances are acquired based on classifiers and a combination of the features. Third, many of the models suffer from unknown and different types of attacks. For these reasons, a new intrusion detection framework is proposed in this paper based on feature selection and classifier. Initially, we propose a meta-heuristic algorithm called modified genetic algorithm (MGA) m-feature selection for dimension reduction by selecting optimal feature subset based on k-fold cross validation. Then, we utilize five different linear and nonlinear classifiers: support vector classifier (SVC), logistic regression classifier (LRC), decision tree classifier (DTC), k-nearest neighbors classifier (KNC), and linear discriminant analysis classifier (LDAC) as candidate classifiers to develop an efficient IDS. Finally, we select the best classifier from the candidates and build an IDS. The experimental results reveal that the proposed MGA-DTC presents a better performance in terms of several metrics based on not only the HCRL-car hacking dataset but also UNSW-NB15, and CIC-IDS2017 datasets.(c) 2022 Elsevier Ltd. All rights reserved.