MTH-IDS: A Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles

TL;DR

This paper introduces MTH-IDS, a multi-tiered hybrid intrusion detection system for vehicles that combines signature and anomaly detection to identify both known and unknown cyber-attacks in real-time, enhancing vehicular cybersecurity.

Contribution

The paper proposes a novel multi-tiered hybrid IDS for vehicular networks that effectively detects known and zero-day attacks with high accuracy and low latency.

Findings

Detects known attacks with 99.99% accuracy on intra-vehicle data

Achieves 99.88% accuracy on external network data

Maintains real-time processing with less than 0.6 ms per data packet

Abstract

Modern vehicles, including connected vehicles and autonomous vehicles, nowadays involve many electronic control units connected through intra-vehicle networks to implement various functionalities and perform actions. Modern vehicles are also connected to external networks through vehicle-to-everything technologies, enabling their communications with other vehicles, infrastructures, and smart devices. However, the improving functionality and connectivity of modern vehicles also increase their vulnerabilities to cyber-attacks targeting both intra-vehicle and external networks due to the large attack surfaces. To secure vehicular networks, many researchers have focused on developing intrusion detection systems (IDSs) that capitalize on machine learning methods to detect malicious cyber-attacks. In this paper, the vulnerabilities of intra-vehicle and external networks are discussed, and a multi-tiered hybrid IDS that incorporates a signature-based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks. Experimental results illustrate that the proposed system can detect various types of known attacks with 99.99% accuracy on the CAN-intrusion-dataset representing the intra-vehicle network data and 99.88% accuracy on the CICIDS2017 dataset illustrating the external vehicular network data. For the zero-day attack detection, the proposed system achieves high F1-scores of 0.963 and 0.800 on the above two datasets, respectively. The average processing time of each data packet on a vehicle-level machine is less than 0.6 ms, which shows the feasibility of implementing the proposed system in real-time vehicle systems. This emphasizes the effectiveness and efficiency of the proposed IDS.