SOME/IP Intrusion Detection using Deep Learning-based Sequential Models in Automotive Ethernet Networks

TL;DR

This paper introduces a deep learning-based sequential model, specifically an RNN, for offline intrusion detection in automotive Ethernet networks using the SOME/IP protocol, supported by a newly generated dataset.

Contribution

It presents a novel dataset for intrusion detection in SOME/IP and applies an RNN model, demonstrating high accuracy in detecting intrusions.

Findings

RNN achieves F1 Scores > 0.8 for intrusion detection

Generated and labeled a new dataset for SOME/IP intrusion detection

Deep learning models outperform traditional methods in this context

Abstract

Intrusion Detection Systems are widely used to detect cyberattacks, especially on protocols vulnerable to hacking attacks such as SOME/IP. In this paper, we present a deep learning-based sequential model for offline intrusion detection on SOME/IP application layer protocol. To assess our intrusion detection system, we have generated and labeled a dataset with several classes representing realistic intrusions, and a normal class - a significant contribution due to the absence of such publicly available datasets. Furthermore, we also propose a recurrent neural network (RNN), as an instance of deep learning-based sequential model, that we apply to our generated dataset. The numerical results show that RNN excel at predicting in-vehicle intrusions, with F1 Scores and AUC values greater than 0.8 depending on each intrusion type.