الفهرس 
BackgroundOnly 14 pages are availabe for public view
 |  | from | 136 |  |  |
| | | from | 136 | | |
Abstract
Summary
Cyber-physical security has become a central and primary concern in the automotive field due to its rapid development. Recent research interests have been directed to study the security of vehicles due to the advancement of their technologies. Due to rapid growth and accelerated development of the electronic control units (ECUs), they are countered to be exploited by external attacks. The majority of intrusion detection systems (IDSs) focused on detecting abnormal communication messages using the cyber-physical features of ECUs and the specs of the communication bus. While other IDSs are built on signatures of known attacks. One of the main problems that counters IDSs is the necessity to have a low false alarm detection rate with high detection accuracy without major changes in the vehicle network infrastructure. As a result, recent research efforts have been focused on investigating alternative countermeasures that might be implemented by introducing different IDSs. The problem with some of IDSs is the location of their deployment because of the ECU limitations and constraints. Other introduced IDSs require severe changes in the in-vehicle network, which is not preferred by vehicle manufacturers. In this thesis, we introduce three novel designs of frameworks to check the state of the vehicle and capture any possible attack by detecting any malicious data in the diagnostic parameters of the vehicle. The proposed frameworks are verified against two datasets collected from real vehicles to show the robustness of the frameworks.
The first framework is introduced to detect a random attack in any parameter identifier (PID) using an extreme gradient boosting technique (XGBoost). The first attack model has been introduced to manipulate benign data. The results highlight the superiority of the model against the machine learning models.
The second framework is composed of the specific-based detection stage and the anomalous-based detection stage. The proposed system employs the XGBoost algorithm to detect anomalies in diagnostic data and it is optimized by genetic algorithm (GA). To generate anomalies in datasets, an attack generation algorithm is introduced. XGBoost is trained on a dataset that contains different attack types and verified blindly against different datasets that contain benign and attack that is not used in training before. The results of the second proposed IDS show that it can detect abnormalities with a good detection rate (DR), low false acceptance rate (FA), and high accuracy.
xii
Also, we proposed the third framework of multistage to detect abnormality in vehicle diagnostic data based on specifications of diagnostics and stacking ensemble between the deep learning model and machine learning model. Our IDS is tested against anomalous attacks that have never been seen before. The results show the superiority of the framework and its robustness with high accuracy, a low FA, and good DR.
The thesis is organized as follows.
Chapter 1
This chapter illustrates the problem statement, objectives, challenges, and motivation to solve this problem. It provides examples of serious threats to which vehicles are exposed. It provides an abstract overview illustrating the contribution of this research and stated the organization of the thesis.
Chapter 2
This chapter gives a brief background about automotive basics, genetic algorithm, and some of the machine learning and deep learning models used in this research. Chapter 3
This chapter categorizes the previously introduced IDSs related to the automotive field into vehicle communication IDSs and vehicle diagnostic IDSs. The mentioned vehicle communication IDSs concerned with protecting ECU from attacks on CAN buses. The chapter also illustrates the previously proposed deep learning and machine learning IDSs related to this topic.
Chapter 4
This chapter explains in detail the implementation of the three proposed frameworks. The first framework targets to detect malicious diagnostics using the XGBoost model. The second framework is a modified version of the first one, which is composed of two stages. The second framework has been modified to create the third one to include a deep learning model to detect attacks that are applied for a period of time.
xiii
Chapter 5
This chapter describes the used datasets illustrating how they were collected, the shape of training and testing of the datasets, and the total number of the samples. This chapter also illustrates the attack models used to train and test the proposed frameworks.
Chapter 6
This chapter shows the experimental results for each framework against its corresponding attack model. It also includes a discussion on the acquired results which highlights the advantages of the proposed frameworks and their limitations.
Chapter 7
This chapter finalizes the thesis by providing the conclusion and future work. It summarizes the introduced contributions and concludes the performance of the three proposed frameworks. It also shows the aspects that need to be addressed in future work.
Keywords:
Anomaly detection, cyber-physical security threats, GAN, intrusion detection, machine learning, NSGA-II, vehicle diagnostics, vehicular security, XGBoost