AntibotV: A Multilevel Behaviour-based Framework for Botnets Detection in Vehicular Networks

TL;DR

AntibotV is a multilevel, behaviour-based framework designed to detect vehicular botnets by monitoring network and in-vehicle activities, achieving high detection accuracy and low false positives.

Contribution

The paper introduces AntibotV, a novel multilevel detection framework combining network and in-vehicle analysis using decision trees for vehicular botnet detection.

Findings

Detection rate exceeds 97%

False positive rate is below 0.14%

Outperforms existing detection solutions

Abstract

Connected cars offer safety and efficiency for both individuals and fleets of private vehicles and public transportation companies. However, equipping vehicles with information and communication technologies raises privacy and security concerns, which significantly threaten the user's data and life. Using bot malware, a hacker may compromise a vehicle and control it remotely, for instance, he can disable breaks or start the engine remotely. In this paper, besides in-vehicle attacks existing in the literature, we consider new zeroday bot malware attacks specific to the vehicular context, WSMP-Flood, and Geo-WSMP Flood. Then, we propose AntibotV, a multilevel behaviour-based framework for vehicular botnets detection in vehicular networks. The proposed framework combines two main modules for attack detection, the first one monitors the vehicle's activity at the network level, whereas the second one monitors the in-vehicle activity. The two intrusion detection modules have been trained on a historical network and in-vehicle communication using decision tree algorithms. The experimental results showed that the proposed framework outperforms existing solutions, it achieves a detection rate higher than 97% and a false positive rate lower than 0.14%.