A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System
In-vehicle communication systems are usually managed by controller area networks (CAN). By broadcasting packets to their bus, the CAN facilitates the interaction between Electronic Control Units (ECU) that coordinate, monitor and control internal vehicle components. With no authentication mechanism...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9471858/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850126818686795776 |
|---|---|
| author | Ibrahim Aliyu Marco Carlo Feliciano Selinde Van Engelenburg Dong Ok Kim Chang Gyoon Lim |
| author_facet | Ibrahim Aliyu Marco Carlo Feliciano Selinde Van Engelenburg Dong Ok Kim Chang Gyoon Lim |
| author_sort | Ibrahim Aliyu |
| collection | DOAJ |
| description | In-vehicle communication systems are usually managed by controller area networks (CAN). By broadcasting packets to their bus, the CAN facilitates the interaction between Electronic Control Units (ECU) that coordinate, monitor and control internal vehicle components. With no authentication mechanism for identifying the legitimacy and source of packets, CAN are vulnerable to cyber-attacks. An Intrusion Detection System (IDS) can detect attacks on CAN and machine learning can be used to create the models for the IDSs to detect non-linear attack patterns. However, car manufacturers and owners might want to keep the sensitive information required for training the models confidential. Therefore, we proposed a Blockchain-based Federated Forest Software-Defined Networking (SDN)-enabled IDS (BFF-IDS) to address the problem of data sharing the sensitive CAN data. To ensure scalability, we used InterPlanetary File System (IPFS) to host the models, and the blockchain is designed to store only a hash of the model and a pointer to its location. The SDN provides the dynamic routing of packets and model exchanges. We used Federated Learning (FL) to create a random forest model. Individuals provide partially trained models, allowing them to keep the underlying data confidential. Using Fourier transform, we decomposed the CAN IDs cycle from CAN bus traffic in the frequency domain for better generalization in multiclass detection of attacks. Multiple statistical and entropy features were extracted to handle the high complexity and non-linearity in CAN bus traffic. The proposed system allows manufacturers and car owners to contribute to the training of the models, as their sensitive data is protected. By storing hashes of the models on a blockchain, the risk of adversaries poisoning the models is reduced and a single point of failure is avoided. We evaluated the proposed system by conducting experiments on a testbed. We found that the proposed system has efficient use of memory and CPU resources and that the detection rate of closely related attacks was high. We recorded the highest model attack detection rate of about 0.981. |
| format | Article |
| id | doaj-art-da6857df85ec4a628de5a15a9b54720f |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2021-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-da6857df85ec4a628de5a15a9b54720f2025-08-20T02:33:50ZengIEEEIEEE Access2169-35362021-01-01910259310260810.1109/ACCESS.2021.30943659471858A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection SystemIbrahim Aliyu0https://orcid.org/0000-0002-5340-6675Marco Carlo Feliciano1https://orcid.org/0000-0002-0130-3981Selinde Van Engelenburg2Dong Ok Kim3Chang Gyoon Lim4Department of Computer Engineering, Chonnam National University, Yeosu, South KoreaDepartment of Electrical and ICT Engineering, University of Naples Federico II, Naples, ItalyFaculty of Technology, Policy and Management, Delft University of Technology, Delft, The NetherlandsNational Innovation Cluster Support Center, Jeonnam Technopark, Suncheon, South KoreaDepartment of Computer Engineering, Chonnam National University, Yeosu, South KoreaIn-vehicle communication systems are usually managed by controller area networks (CAN). By broadcasting packets to their bus, the CAN facilitates the interaction between Electronic Control Units (ECU) that coordinate, monitor and control internal vehicle components. With no authentication mechanism for identifying the legitimacy and source of packets, CAN are vulnerable to cyber-attacks. An Intrusion Detection System (IDS) can detect attacks on CAN and machine learning can be used to create the models for the IDSs to detect non-linear attack patterns. However, car manufacturers and owners might want to keep the sensitive information required for training the models confidential. Therefore, we proposed a Blockchain-based Federated Forest Software-Defined Networking (SDN)-enabled IDS (BFF-IDS) to address the problem of data sharing the sensitive CAN data. To ensure scalability, we used InterPlanetary File System (IPFS) to host the models, and the blockchain is designed to store only a hash of the model and a pointer to its location. The SDN provides the dynamic routing of packets and model exchanges. We used Federated Learning (FL) to create a random forest model. Individuals provide partially trained models, allowing them to keep the underlying data confidential. Using Fourier transform, we decomposed the CAN IDs cycle from CAN bus traffic in the frequency domain for better generalization in multiclass detection of attacks. Multiple statistical and entropy features were extracted to handle the high complexity and non-linearity in CAN bus traffic. The proposed system allows manufacturers and car owners to contribute to the training of the models, as their sensitive data is protected. By storing hashes of the models on a blockchain, the risk of adversaries poisoning the models is reduced and a single point of failure is avoided. We evaluated the proposed system by conducting experiments on a testbed. We found that the proposed system has efficient use of memory and CPU resources and that the detection rate of closely related attacks was high. We recorded the highest model attack detection rate of about 0.981.https://ieeexplore.ieee.org/document/9471858/BlockchainCANfederated learningintrusion detection systemin-vehicle networkrandom forest |
| spellingShingle | Ibrahim Aliyu Marco Carlo Feliciano Selinde Van Engelenburg Dong Ok Kim Chang Gyoon Lim A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System IEEE Access Blockchain CAN federated learning intrusion detection system in-vehicle network random forest |
| title | A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System |
| title_full | A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System |
| title_fullStr | A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System |
| title_full_unstemmed | A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System |
| title_short | A Blockchain-Based Federated Forest for SDN-Enabled In-Vehicle Network Intrusion Detection System |
| title_sort | blockchain based federated forest for sdn enabled in vehicle network intrusion detection system |
| topic | Blockchain CAN federated learning intrusion detection system in-vehicle network random forest |
| url | https://ieeexplore.ieee.org/document/9471858/ |
| work_keys_str_mv | AT ibrahimaliyu ablockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT marcocarlofeliciano ablockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT selindevanengelenburg ablockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT dongokkim ablockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT changgyoonlim ablockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT ibrahimaliyu blockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT marcocarlofeliciano blockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT selindevanengelenburg blockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT dongokkim blockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem AT changgyoonlim blockchainbasedfederatedforestforsdnenabledinvehiclenetworkintrusiondetectionsystem |