SaTC: CORE: Small: Collaborative: GOALI: Detecting and Reconstructing Network Anomalies and Intrusions in Heavy Duty Vehicles

SaTC：核心：小型：协作：GOALI：检测和重建重型车辆中的网络异常和入侵

• 批准号: 1715458
• 负责人: Indrakshi Ray
• 金额: $ 27.57万
• 依托单位: Colorado State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2023-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1715458&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; GOALI

Heavy vehicles (e.g., trucks and busses) are a critical element of U.S. and worldwide logistics, often carrying cargo of high value or high risk (e.g., explosive liquids and gasses). Heavy vehicles often have hundreds of Electronic Control Units (ECUs) that communicate over an internal network to carry commands (such as "engage the brakes") or share sensor data (such as the temperature of pressurized cargo unit carrying petroleum). ECUs with access to the communication network can send any message they want. If the network or an ECU is compromised by an attack, the truck or a cargo container safety mechanism could malfunction. This project is gathering data from operational trucks to better understand communication among components of heavy vehicles and developing techniques to detect attacks in this environment.The project is working to accomplish three main objectives: (1) Collect representative Controller Area Network (CAN) bus data from operational heavy vehicles, (2) Develop detection systems that can distinguish anomalous CAN bus network traffic, and (3) Test and verify the detection systems to reduce the number of false positives. The team is developing a log algebra to efficiently assess live CAN traffic using embedded devices with limited resources. Data is being gathered from truck traffic during highway operation, enabling the application of machine learning algorithms for anomaly detection. The team is evaluating the effectiveness of their intrusion detection techniques in their heavy vehicle testbed, using synthetic attacks against testbed ECUs and real-world CAN traffic data.

重型车辆（例如，卡车和公共汽车）是美国和全球物流的关键要素，通常运载高价值或高风险的货物（例如，爆炸性液体和气体）。 重型车辆通常有数百个电子控制单元（ECU），通过内部网络进行通信，以执行命令（例如“接合制动器”）或共享传感器数据（例如携带石油的加压货物单元的温度）。可以访问通信网络的ECU可以发送任何他们想要的消息。 如果网络或ECU受到攻击，卡车或货物集装箱安全机制可能会发生故障。该项目正在收集运营卡车的数据，以更好地了解重型车辆部件之间的通信，并开发技术来检测这种环境中的攻击。该项目正在努力实现三个主要目标：（1）从运行中的重型车辆收集有代表性的控制器局域网（CAN）总线数据，（2）开发能够区分异常CAN总线网络流量的检测系统，以及（3）测试和验证检测系统以减少误报的数量。该团队正在开发一种日志代数，以便使用资源有限的嵌入式设备有效地评估实时CAN流量。在高速公路运营期间，正在从卡车交通中收集数据，从而能够应用机器学习算法进行异常检测。该团队正在评估他们的入侵检测技术在重型车辆测试平台上的有效性，使用针对测试平台ECU和真实世界CAN流量数据的合成攻击。

项目成果

Sparse Binary Transformers for Multivariate Time Series Modeling

• DOI: 10.1145/3580305.3599508
• 发表时间: 2023-08
• 期刊: Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining
• 作者: Matt Gorbett;H. Shirazi;I. Ray

The intrinsic dimensionality of network datasets and its applications1

网络数据集的内在维数及其应用1

• DOI: 10.3233/jcs-220131
• 发表时间: 2023
• 期刊: Journal of Computer Security
• 影响因子: 1.2
• 作者: Gorbett, Matt;Siebert, Caspian;Shirazi, Hossein;Ray, Indrakshi
• 通讯作者: Ray, Indrakshi

Towards Resiliency of Heavy Vehicles through Compromised Sensor Data Reconstruction

• DOI: 10.1145/3508398.3511523
• 发表时间: 2022-04
• 期刊: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy
• 作者: H. Shirazi;W. Pickard;I. Ray;Haonan Wang

Adversarial Autoencoder Data Synthesis for Enhancing Machine Learning-Based Phishing Detection Algorithms

• DOI: 10.1109/tsc.2023.3234806
• 发表时间: 2023-07
• 期刊: IEEE Transactions on Services Computing
• 影响因子: 8.1
• 作者: H. Shirazi;Shashika Ranga Muramudalige;I. Ray;A. Jayasumana;Haonan Wang

Workflow Resilience for Mission Critical Systems

关键任务系统的工作流程弹性

• 发表时间: 2023
• 期刊: and Security of Distributed Systems
• 作者: Abdelgawad, Mahmoud;Ray, Indrakshi;Vasquez, Tomas
• 通讯作者: Vasquez, Tomas