SeqWatch: Unsupervised Sequence-based Intrusion Detection System for Automotive Ethernet
Resumo
Modern connected vehicles are increasing the demand for Ethernet in automotive networks due to its ability to provide high-bandwidth and flexible in-vehicle communication. However, Ethernet lacks built-in authentication and encryption, which has led to growing interest in Intrusion Detection Systems (IDS) as a defense mechanism to detect malicious activities when other security mechanisms are not present or fail. In this work, we present SeqWatch, an unsupervised IDS that uses a sequence-based deep learning model capable of capturing the temporal relationships in network traffic. SeqWatch can identify previously unseen (zero-day) attacks by training only on normal traffic data. Our experimental results show that SeqWatch outperforms other state-of-the-art unsupervised automotive IDSs, achieving higher detection rates in attacks from two publicly available datasets.
Palavras-chave:
Deep learning, Automotive Networks, Automotive Ethernet, Intrusion Detection Systems, Long Short Term Memory
Referências
Alkhatib, N., Ghauch, H., and Danger, J.-L. (2021). SOME/IP intrusion detection using deep learning-based sequential models in automotive ethernet networks. In 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communications Conference (IEMCON), pp. 0954–0962.
Alkhatib, N., Mushtaq, M., Ghauch, H., and Danger, J.-L. (2022). Unsupervised network intrusion detection system for AVTP in automotive ethernet networks.
Alkhatib, N., Mushtaq, M., Ghauch, H., and Danger, J.-L. (2023). Here comes SAID: A SOME/IP attention-based mechanism for intrusion detection. In 2023 14th International Conference on Ubiquitous Future Networks (ICUFN), pp. 462–467.
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., and Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. In 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA. USENIX Association.
Combs, G. and the Wireshark Contributors (2024). Wireshark: The World’s Foremost Network Protocol Analyzer. Wireshark Foundation. Version 4.2.0.
da Luz, L. F. M., Freitas de Araujo-Filho, P., and Campelo, D. R. (2024). Multi-stage deep learning-based intrusion detection system for automotive ethernet networks. Ad Hoc Networks, 162, 103548.
Dibaei, M., Zheng, X., Jiang, K., Abbas, R., Liu, S., Zhang, Y., Xiang, Y., and Yu, S. (2020). Attacks and defenses on intelligent connected vehicles: a survey. Digital Communications and Networks, 6(4), 399–421.
Freitas de Araujo-Filho, P., Kaddoum, G., Campelo, D. R., Gondim Santos, A., Macêdo, D., and Zanchettin, C. (2021). Intrusion detection for cyber–physical systems using generative adversarial networks in fog environments. IEEE Internet of Things Journal, 8(8), 6247–6256.
Han, M. L., Kwak, B. I., and Kim, H. K. (2018). Anomaly intrusion detection method for vehicular networks based on survival analysis. Vehicular Communications, 14, 52–63.
Han, M. L., Kwak, B. I., and Kim, H. K. (2023). TOW-IDS: Intrusion Detection System Based on Three Overlapped Wavelets for Automotive Ethernet. IEEE Transactions on Information Forensics and Security, 18, 411–422.
Jeong, S., Jeon, B., Chung, B., and Kim, H. K. (2021). Convolutional neural network-based intrusion detection system for AVTP streams in automotive ethernet-based networks. Vehicular Communications, 29, 100338.
Jeong, S., Kim, H. K., Han, M. L., and Kwak, B. I. (2024). AERO: Automotive ethernet real-time observer for anomaly detection in in-vehicle networks. IEEE Transactions on Industrial Informatics, 20(3), 4651–4662.
Jo, H. J. and Choi, W. (2022). A survey of attacks on controller area networks and corresponding countermeasures. IEEE Transactions on Intelligent Transportation Systems, 23(7), 6123–6141.
Matheus, K. and Königseder, T. (2021). Automotive Ethernet. Cambridge University Press.
Moussa, B., Kassouf, M., Hadjidj, R., Debbabi, M., and Assi, C. (2020). An extension to the precision time protocol (PTP) to enable the detection of cyber attacks. IEEE Transactions on Industrial Informatics, 16(1), 18–27.
Nisioti, A., Mylonas, A., Yoo, P., and Katos, V. (2018). From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods. IEEE Communications Surveys & Tutorials, 1–1.
Sutskever, I., Vinyals, O., and Le, Q. V. (2014). Sequence to sequence learning with neural networks.
Wu, W., Li, R., Xie, G., An, J., Bai, Y., Zhou, J., and Li, K. (2020). A survey of intrusion detection for in-vehicle networks. IEEE Transactions on Intelligent Transportation Systems, 21(3), 919–933.
Zhang, X., Cui, X., Cheng, K., and Zhang, L. (2020). A convolutional encoder network for intrusion detection in controller area networks. In 2020 16th International Conference on Computational Intelligence and Security (CIS), pp. 366–369.
Alkhatib, N., Mushtaq, M., Ghauch, H., and Danger, J.-L. (2022). Unsupervised network intrusion detection system for AVTP in automotive ethernet networks.
Alkhatib, N., Mushtaq, M., Ghauch, H., and Danger, J.-L. (2023). Here comes SAID: A SOME/IP attention-based mechanism for intrusion detection. In 2023 14th International Conference on Ubiquitous Future Networks (ICUFN), pp. 462–467.
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., and Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. In 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA. USENIX Association.
Combs, G. and the Wireshark Contributors (2024). Wireshark: The World’s Foremost Network Protocol Analyzer. Wireshark Foundation. Version 4.2.0.
da Luz, L. F. M., Freitas de Araujo-Filho, P., and Campelo, D. R. (2024). Multi-stage deep learning-based intrusion detection system for automotive ethernet networks. Ad Hoc Networks, 162, 103548.
Dibaei, M., Zheng, X., Jiang, K., Abbas, R., Liu, S., Zhang, Y., Xiang, Y., and Yu, S. (2020). Attacks and defenses on intelligent connected vehicles: a survey. Digital Communications and Networks, 6(4), 399–421.
Freitas de Araujo-Filho, P., Kaddoum, G., Campelo, D. R., Gondim Santos, A., Macêdo, D., and Zanchettin, C. (2021). Intrusion detection for cyber–physical systems using generative adversarial networks in fog environments. IEEE Internet of Things Journal, 8(8), 6247–6256.
Han, M. L., Kwak, B. I., and Kim, H. K. (2018). Anomaly intrusion detection method for vehicular networks based on survival analysis. Vehicular Communications, 14, 52–63.
Han, M. L., Kwak, B. I., and Kim, H. K. (2023). TOW-IDS: Intrusion Detection System Based on Three Overlapped Wavelets for Automotive Ethernet. IEEE Transactions on Information Forensics and Security, 18, 411–422.
Jeong, S., Jeon, B., Chung, B., and Kim, H. K. (2021). Convolutional neural network-based intrusion detection system for AVTP streams in automotive ethernet-based networks. Vehicular Communications, 29, 100338.
Jeong, S., Kim, H. K., Han, M. L., and Kwak, B. I. (2024). AERO: Automotive ethernet real-time observer for anomaly detection in in-vehicle networks. IEEE Transactions on Industrial Informatics, 20(3), 4651–4662.
Jo, H. J. and Choi, W. (2022). A survey of attacks on controller area networks and corresponding countermeasures. IEEE Transactions on Intelligent Transportation Systems, 23(7), 6123–6141.
Matheus, K. and Königseder, T. (2021). Automotive Ethernet. Cambridge University Press.
Moussa, B., Kassouf, M., Hadjidj, R., Debbabi, M., and Assi, C. (2020). An extension to the precision time protocol (PTP) to enable the detection of cyber attacks. IEEE Transactions on Industrial Informatics, 16(1), 18–27.
Nisioti, A., Mylonas, A., Yoo, P., and Katos, V. (2018). From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods. IEEE Communications Surveys & Tutorials, 1–1.
Sutskever, I., Vinyals, O., and Le, Q. V. (2014). Sequence to sequence learning with neural networks.
Wu, W., Li, R., Xie, G., An, J., Bai, Y., Zhou, J., and Li, K. (2020). A survey of intrusion detection for in-vehicle networks. IEEE Transactions on Intelligent Transportation Systems, 21(3), 919–933.
Zhang, X., Cui, X., Cheng, K., and Zhang, L. (2020). A convolutional encoder network for intrusion detection in controller area networks. In 2020 16th International Conference on Computational Intelligence and Security (CIS), pp. 366–369.
Publicado
19/05/2025
Como Citar
LEANDRO, Maurício S. G. A.; ARAUJO-FILHO, Paulo Freitas de; CAMPELO, Divanilson R.; DA LUZ, Luigi F. Marques.
SeqWatch: Unsupervised Sequence-based Intrusion Detection System for Automotive Ethernet. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 43. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 378-391.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2025.5949.
