MARINE: Man-in-the-middle attack resistant trust model IN connEcted vehicles

Vehicular Ad-hoc NETwork (VANET), a novel technology holds a paramount importance within the transportation domain due to its abilities to increase traffic efficiency and safety. Connected vehicles propagate sensitive information which must be shared with the neighbors in a secure environment. However, VANET may also include dishonest nodes such as Man-in-the-Middle (MiTM) attackers aiming to distribute and share malicious content with the vehicles, thus polluting the network with compromised information. In this regard, establishing trust among connected vehicles can increase security as every participating vehicle will generate and propagate authentic, accurate and trusted content within the network. In this paper, we propose a novel trust model, namely, Man-in-the-middle Attack Resistance trust model IN connEcted vehicles (MARINE), which identifies dishonest nodes performing MiTM attacks in an efficient way as well as revokes their credentials. Every node running MARINE system first establishes trust for the sender by performing multi-dimensional plausibility checks. Once the receiver verifies the trustworthiness of the sender, the received data is then evaluated both directly and indirectly. Extensive simulations are carried out to evaluate the performance and accuracy of MARINE rigorously across three MiTM attacker models and the bench-marked trust model. Simulation results show that for a network containing 35% MiTM attackers, MARINE outperforms the state of the art trust model by 15%, 18%, and 17% improvements in precision, recall and F-score, respectively.N/A

Intrusion Detection System for Platooning Connected Autonomous Vehicles

The deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detection System (IDS) based on Machine Learning (ML) techniques designed to detect both spoofing and jamming attacks in a CAV environment. The IDS would reduce the risk of traffic disruption and accident caused as a result of cyber-attacks. The detection engine of the presented IDS is based on the ML algorithms Random Forest (RF), k-Nearest Neighbour (k-NN) and One-Class Support Vector Machine (OCSVM), as well as data fusion techniques in a cross-layer approach. To the best of the authors’ knowledge, the proposed IDS is the first in literature that uses a cross-layer approach to detect both spoofing and jamming attacks against the communication of connected vehicles platooning. The evaluation results of the implemented IDS present a high accuracy of over 90% using training datasets containing both known and unknown attacks

Host Based Intrusion Detection for VANETs: A statistical approach to Rogue Node Detection

In this paper, an intrusion detection system (IDS) for vehicular ad hoc networks (VANETs) is proposed and evaluated. The IDS is evaluated by simulation in the presence of rogue nodes (RNs) that can launch different attacks. The proposed IDS is capable of detecting a false information attack using statistical techniques effectively and can also detect other types of attacks. First, the theory and implementation of the VANET model that is used to train the IDS is discussed. Then, an extensive simulation and analysis of our model under different traffic conditions is conducted to identify the effects of these parameters in VANETs. In addition, the extensive data gathered in the simulations are presented using graphical and statistical techniques. Moreover, RNs are introduced in the network, and an algorithm is presented to detect these RNs. Finally, we evaluate our system and observe that the proposed application-layer IDS based on a cooperative information exchange mechanism is better for dynamic and fast-moving networks such as VANETs, as compared with other techniques available

A Framework for Incident Detection and notification in Vehicular Ad-Hoc Networks

The US Department of Transportation (US-DOT) estimates that over half of all congestion events are caused by highway incidents rather than by rush-hour traffic in big cities. The US-DOT also notes that in a single year, congested highways due to traffic incidents cost over $75 billion in lost worker productivity and over 8.4 billion gallons of fuel. Further, the National Highway Traffic Safety Administration (NHTSA) indicates that congested roads are one of the leading causes of traffic accidents, and in 2005 an average of 119 persons died each day in motor vehicle accidents. Recently, Vehicular Ad-hoc Networks (VANET) employing a combination of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) wireless communication have been proposed to alert drivers to traffic events including accidents, lane closures, slowdowns, and other traffic-safety issues. In this thesis, we propose a novel framework for incident detection and notification dissemination in VANETs. This framework consists of three main components: a system architecture, a traffic incident detection engine and a notification dissemination mechanism. The basic idea of our framework is to collect and aggregate traffic-related data from passing cars and to use the aggregated information to detect traffic anomalies. Finally, the suitably filtered aggregated information is disseminated to alert drivers about traffic delays and incidents. The first contribution of this thesis is an architecture for the notification of traffic incidents, NOTICE for short. In NOTICE, sensor belts are embedded in the road at regular intervals, every mile or so. Each belt consists of a collection of pressure sensors, a simple aggregation and fusion engine, and a few small transceivers. The pressure sensors in each belt allow every message to be associated with a physical vehicle passing over that belt. Thus, no one vehicle can pretend to be multiple vehicles and then, is no need for an ID to be assigned to vehicles. Vehicles in NOTICE are fitted with a tamper-resistant Event Data Recorder (EDR), very much like the well-known black-boxes onboard commercial aircraft. EDRs are responsible for storing vehicles behavior between belts such as acceleration, deceleration and lane changes. Importantly, drivers can provide input to the EDR, using a simple menu, either through a dashboard console or through verbal input. The second contribution of this thesis is to develop incident detection techniques that use the information provided by cars in detecting possible incidents and traffic anomalies using intelligent inference techniques. For this purpose, we developed deterministic and probabilistic techniques to detect both blocking incidents, accidents for examples, as well as non-blocking ones such as potholes. To the best of our knowledge, our probabilistic technique is the first VANET based automatic incident detection technique that is capable of detecting both blocking and non blocking incidents. Our third contribution is to provide an analysis for vehicular traffic proving that VANETs tend to be disconnected in many highway scenarios, consisting of a collection of disjoint clusters. We also provide an analytical way to compute the expected cluster size and we show that clusters are quite stable over time. To the best of our knowledge, we are the first in the VANET community to prove analytically that disconnection is the norm rather than the exceptions in VANETs. Our fourth contribution is to develop data dissemination techniques specifically adapted to VANETs. With VANETs disconnection in mind, we developed data dissemination approaches that efficiently propagate messages between cars and belts on the road. We proposed two data dissemination techniques, one for divided roads and another one for undivided roads. We also proposed a probabilistic technique used by belts to determine how far should an incident notification be sent to alert approaching drivers. Our fifth contribution is to propose a security technique to avoid possible attacks from malicious drivers as well as preserving driver\u27s privacy in data dissemination and notification delivery in NOTICE. We also proposed a belt clustering scheme to reduce the probability of having a black-hole in the message dissemination while reducing also the operational burden if a belt is compromised

RSU-Based Online Intrusion Detection and Mitigation for VANET

Secure vehicular communication is a critical factor for secure traffic management. Effective security in intelligent transportation systems (ITS) requires effective and timely intrusion detection systems (IDS). In this paper, we consider false data injection attacks and distributed denial-of-service (DDoS) attacks, especially the stealthy DDoS attacks, targeting the integrity and availability, respectively, in vehicular ad-hoc networks (VANET). Novel statistical intrusion detection and mitigation techniques based on centralized communications through roadside units (RSU) are proposed for the considered attacks. The performance of the proposed methods are evaluated using a traffic simulator and a real traffic dataset. Comparisons with the state-of-the-art solutions clearly demonstrate the superior performance of the proposed methods in terms of quick and accurate detection and localization of cyberattacks