Misbehavior-aware on-demand collaborative intrusion detection system using distributed ensemble learning for VANET

Vehicular ad hoc networks (VANETs) play an important role as enabling technology for future cooperative intelligent transportation systems (CITSs). Vehicles in VANETs share real-time information about their movement state, traffic situation, and road conditions. However, VANETs are susceptible to the cyberattacks that create life threatening situations and/or cause road congestion. Intrusion detection systems (IDSs) that rely on the cooperation between vehicles to detect intruders, were the most suggested security solutions for VANET. Unfortunately, existing cooperative IDSs (CIDSs) are vulnerable to the legitimate yet compromised collaborators that share misleading and manipulated information and disrupt the IDSs’ normal operation. As such, this paper proposes a misbehavior-aware on-demand collaborative intrusion detection system (MA-CIDS) based on the concept of distributed ensemble learning. That is, vehicles individually use the random forest algorithm to train local IDS classifiers and share their locally trained classifiers on-demand with the vehicles in their vicinity, which reduces the communication overhead. Once received, the performance of the classifiers is evaluated using the local testing dataset in the receiving vehicle. The evaluation values are used as a trustworthiness factor and used to rank the received classifiers. The classifiers that deviate much from the box-and-whisker plot lower boundary are excluded from the set of the collaborators. Then, each vehicle constructs an ensemble of weighted random forest-based classifiers that encompasses the locally and remotely trained classifiers. The outputs of the classifiers are aggregated using a robust weighted voting scheme. Extensive simulations were conducted utilizing the network security laboratory-knowledge discovery data mining (NSL-KDD) dataset to evaluate the performance of the proposed MA-CIDS model. The obtained results show that MA-CIDS performs better than the other existing models in terms of effectiveness and efficiency for VANET

Malicious Software Threats

Malicious software, or malware for short, is software designed with a nefarious intent of harming the computer user. There are many types of malware, depending on how they are spread and the nature of harm they intend. Some examples of malware include – viruses, worms, Trojan horses, spyware, keyloggers, botnets, rootkits, ransomware, scareware, and drive-by downloads. To date, over a million different viruses and other malware have been detected. Some have caused significant damage to individuals and organizations, sometimes in the order of billions of US dollars. Some notable viruses, in chronological order, include the Morris worm in 1988, the Melissa virus in 1999, the ILOVEYOU virus in 2000, the Anna Kournikova virus in 2001, The code Red worm in 2001, the Slammer virus in 2003, the Mydoom worm in 2004, the Sasser and Netsky worms in 2004, the Storm worm in 2007, the Mirai malware in 2016, and the WannaCry ransomware in 2017. The malware with the most damage known to date have been the Sasser and Netsky worms with an estimated damage of $31 billion. Sometimes, even governments tend to use malware for espionage and other political motives. Malware can be prevented by using appropriate security software such as firewalls, antivirus software, and antispyware. In addition, researchers have employed criminological theories, in particular, self-control and routine activity theories, to determine factors that may increase the risks of malware infection victimization. The extant evidence indicates that irresponsible use of the Internet, such as failing to use a security software or clicking on questionable websites, can also lead to malware infection victimization. Accordingly, to effectively address malware, the technical aspects of the problem as well as the human side of the issue must be jointly considered and targeted. Malware developers are getting smarter in terms of their ability to develop malware that goes undetected by antimalware software, and antimalware developers need to constantly remain innovative to combat smarter malware