Internet of vehicles (IoV) has led to major improvements in vehicle communication and automation, as well as introduced vehicles to the increasing threat of cybersecurity attacks, including Denial-of-Service (DoS) attacks and spoofing. Traditional Intrusion Detection Systems (IDS) rely on properly labeled data, which is either of limited availability or excessively inconsistent in actual automotive settings because of privacy issues, data gathering, and changing malevolent activity inclination. To deal with this, we introduce a dual-pipeline IDS system to combine supervised ensemble models and Positive-Unlabeled (PU) learning which is dedicated to cases when only positive (attack) data is labeled, and benign data left unlabeled. Based on the CICIoV2024 CAN bus traffic of a 2019 model Ford car we applied Random Forest algorithm, XGBoost algorithm, Voting Classifier, and several PU algorithms such as ElkanotoPU, BaggingPU, PU-SVM, and Two-Step PU Learning. In order to deal with classes imbalance, we use synthetic sampling based on Gaussian properties to enlarge the dataset maintaining the same statistical properties and enhancing the model’s generalization. The results show that the Two-Step PU and ensemble methods obtain the F1-scores of up to 0.98 under conditions of limited labeling. A/B testing proves that the gains of synthetic augmentation of performance are statistically significant. The suggested structure possesses high precision, scalability, and flexibility to be implemented into intelligent transport systems under real-time constraints with limited data availability.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Robust Intrusion Detection in IoV Using PU Learning and Supervised Ensembles with Synthetic Data Augmentation on CICIoV2024

  • Yashwanth Reddy Kovvuri,
  • Charan Gudla

摘要

Internet of vehicles (IoV) has led to major improvements in vehicle communication and automation, as well as introduced vehicles to the increasing threat of cybersecurity attacks, including Denial-of-Service (DoS) attacks and spoofing. Traditional Intrusion Detection Systems (IDS) rely on properly labeled data, which is either of limited availability or excessively inconsistent in actual automotive settings because of privacy issues, data gathering, and changing malevolent activity inclination. To deal with this, we introduce a dual-pipeline IDS system to combine supervised ensemble models and Positive-Unlabeled (PU) learning which is dedicated to cases when only positive (attack) data is labeled, and benign data left unlabeled. Based on the CICIoV2024 CAN bus traffic of a 2019 model Ford car we applied Random Forest algorithm, XGBoost algorithm, Voting Classifier, and several PU algorithms such as ElkanotoPU, BaggingPU, PU-SVM, and Two-Step PU Learning. In order to deal with classes imbalance, we use synthetic sampling based on Gaussian properties to enlarge the dataset maintaining the same statistical properties and enhancing the model’s generalization. The results show that the Two-Step PU and ensemble methods obtain the F1-scores of up to 0.98 under conditions of limited labeling. A/B testing proves that the gains of synthetic augmentation of performance are statistically significant. The suggested structure possesses high precision, scalability, and flexibility to be implemented into intelligent transport systems under real-time constraints with limited data availability.