STATGRAPH: Effective In-vehicle Intrusion Detection via Multi-view Statistical Graph Learning

TL;DR

STATGRAPH is a novel multi-view statistical graph learning approach for in-vehicle network intrusion detection, leveraging timing and coupling graphs with graph convolution networks to detect sophisticated masquerade attacks effectively.

Contribution

It introduces a multi-view graph learning framework with statistical graphs and a shallow graph convolution network for fine-grained IVN intrusion detection, addressing previous limitations.

Findings

Improves detection accuracy over state-of-the-art methods

Detects five new types of masquerade attacks

Enhances detection granularity and performance

Abstract

In-vehicle network (IVN) is facing complex external cyber-attacks, especially the emerging masquerade attacks with extremely high difficulty of detection while serious damaging effects. In this paper, we propose the STATGRAPH, which is an effective and fine-grained intrusion detection methodology for IVN security services via multi-view statistical graph learning on in-vehicle controller area network (CAN) messages with insight into their variations in periodicity, payload and signal combinations. Specifically, STATGRAPH generates two statistical graphs, timing correlation graph (TCG) and coupling relationship graph (CRG), in every CAN message detection window, where edge attributes in TCGs represent temporal correlation between different message IDs while edge attributes in CRGs denote the neighbour relationship and contextual similarity. Besides, a lightweight shallow layered graph convolution network is trained based on graph property of TCGs and CRGs, which learns the universal laws of various patterns more effectively and further enhance the performance of detection. To address the problem of insufficient attack types in previous intrusion detection, we select two real in-vehicle CAN datasets covering five new instances of sophisticated and stealthy masquerade attacks that are never investigated before. Experimental result shows STATGRAPH improves both detection granularity and detection performance over state-of-the-art intrusion detection methods. Code is available at https://github.com/wangkai-tech23/StatGraph.