Introduction
Limitations of existing studies
-
Large volumes of data must be sent from sensors to a distant server, which necessitates additional network traffic encoding and transmission time. Consequently, low bandwidth may result in poor data transmission efficiency. Furthermore, cloud servers are frequently located distant from sensors, requiring data to transit via several edge nodes. As a result of the long-distance data transmission, a VSN with multiple sensor nodes is unable to achieve real-time and high Quality of Service (QoS) expectations. As a result, the typical cloud-based architecture used with the traditional-based IDSs is unsuitable for meeting the aforementioned objectives.
-
In the traditional centralized model-training systems, clients communicate their datasets to the cloud server via various communication network links. As a result, wireless communications and core network connections between clients and servers have a significant impact on DL model training and resulting decisions. Consequently, even when the network is down, the connection must be reasonably robust. However, due to the unpredictable wireless connection between the client and server, a centralized design confronts system performance deterioration and probable failures, which can have a substantial impact on the model training and its inferences.
-
Since clients must exchange their raw data with other parties, such as cloud or edge servers, to train a model, traditional centralized ML-based IDSs are prone to sensitive data privacy violations and attackers. To address this issue, a tailored set of controls and methodologies identifying the relative relevance of datasets, their sensitivity, compliance requirements, and the application of suitable measures to secure these resources is necessary. These solutions are conceivable, but they necessitate the incorporation of additional resources to the traditional ML-based IDSs, as well as a higher computational cost.
-
As data owners become more worried about their privacy, administrative regulations must be implemented to limit data collection to those that are participating in the processing and have been granted explicit approval from the owners. The traditional centralized model-training architecture cannot provide privacy legislation, since clients must submit raw data to the server for model training.
Motivation
Major contributions
Cyberattacks in vehicular sensor networks
Sensor | Sensor use in vehicles | Cyberattacks |
---|---|---|
Camera | Detection of traffic signs, improvement in night vision, estimation of collision risks, and parking assistance | Blinding and auto-control |
GPS | Navigation and anti-theft purposes | Jamming, spoofing, and blackhole |
Ultrasonic sensors | Low-speed maneuvers | Sensor interference, blind spot exploitation, cloaking, physical tampering, and acoustic cancellation |
LiDAR | Collision avoidance system and adaptive cruise control | Denial of Service (DoS), replay, spoofing, jamming, and blinding |
Radar | Adaptive cruise control and lane change assistant | Jamming and spoofing |
Inertial sensors | Information about the vehicle’s acceleration and orientation | Spoofing and acoustic cancellation |
Magnetic encoders | Measurement of vehicle’s speed and angular position | Disruptive attacks and spoofing |
TPMS | Monitoring of tire air pressure | Spoofing, eavesdropping, and reverse-engineering |
Attack | Description |
---|---|
DoS | A DoS attack is a sort of cyberattack in which a malicious actor attempts to disable the regular operation of a device to make it unavailable to its intended users |
Jamming | Jamming attacks are a subset of denial-of-service attacks in which hostile nodes disrupt legitimate communication by interfering with networks |
Spoofing | Spoofing, in the context of cybersecurity, occurs when someone or something impersonates another entity to win our trust, obtain access to our systems, steal data, steal money, or distribute malware |
Acoustic | Acoustic is a type of side-channel attack that exploits sounds emitted by computers or smart devices |
Eavesdropping | Eavesdropping is a technique in which an attacker listens passively to network conversations to get private information such as node identifying numbers, routing changes, or application-sensitive data |
Blackhole | A blackhole attack occurs when a router deletes all messages that it is supposed to forward. A router can be set improperly to give a zero-cost route to every destination on the Internet on rare occasions |
Cloaking | Malicious websites frequently impersonate well-known businesses to house malware and conduct social engineering attacks to obtain user credentials. Certain types of websites frequently seek to conceal hazardous information from search engine crawlers while displaying it to users/client browsers, a practice known as cloaking |
Replay | A replay attack occurs when a hacker eavesdrops on a secure network connection, intercepts it, and then fraudulently delays or resends it to trick the receiver into doing what the hacker wants |
Environmental sensors
Camera
GPS
Ultrasonic sensor
LiDAR
Radar
Vehicle dynamics sensors
Inertial sensors
Magnetic encoders
Tire pressure monitoring systems
Proposed federated learning framework
Gated recurrent unit (GRU)
Sigmoid function
Hyperbolic tangent function
Gates of GRUs
Cyberattack detection framework
Virtual prototypes
Preprocessing
FL training
FL Training process | |
---|---|
Begin | |
Step-1 | Initialize the specific window size \(W_{i}\) |
Step-2 | Define virtual prototypes to represent IoT edge devices \(f l_{i}\) |
Step-3 | Define the model parameters \(G R U_{M L}\) for each window size \(W_{i}\) |
Step-4 | Share the weights of the trained model with each \(f l_{i}\) |
Step-5 | At each \(f l_{i}\), the learning algorithm is executed on \(G R U_{M L}\) and after that, the updated weights of the trained model are shared with \(f l_{\text{ avg } }\) |
Step-6 | \(f l_{i}\) serves as an accumulating unit on the centralized server and monitors the local model updates. The global ML model \(G_{w i}\) of each window size is obtained by accumulating the weights of the local model |
Step-7 | A copy of the global ML model is shared with each edge device |
End |
Ensembler
-
It reduces overfitting in decision trees and helps to improve accuracy.
-
It can address both classification and regression problems.
-
It can handle both categorical and continuous data.
-
It automates the replacement of missing values present in the trained data.
-
Data normalization is not required, since RF uses a rule-based approach.
Experiments and results
Simulation platform
Dataset
Hyperparameters
Parameters | GRU model | ||||
---|---|---|---|---|---|
GRU 1 | GRU 2 | GRU 3 | GRU 4 | GRU 5 | |
Learning rate | 0.001 | 0.005 | 0.01 | 0.05 | 0.10 |
Optimizer | Adam | Adam | Adam | Adam | Adam |
Epochs | 100 | 100 | 100 | 100 | 100 |
Batch size | 256 | 512 | 512 | 128 | 256 |
Momentum | 0.5 | 0.6 | 0.7 | 0.8 | 0.9 |
Dropout | 0.01 | 0.05 | 0.01 | 0.0 | 0.05 |
Learning rate
Optimizer
-
It is straightforward to implement.
-
It is computationally efficient.
-
Its memory requirements are minimal.
-
Its gradients are invariant to diagonal rescaling.
-
It is perfectly adapted to solve problems handling a significant amount of data and/or parameters.
-
It is appropriate for problems involving highly noisy/or sparse gradients.
-
The used hyperparameters have intuitive interpretation and require minimal fine-tuning.
Epochs
Batch size
Momentum
Dropout
Performance evaluation parameters
Accuracy
Precision
Recall
F1 score
Results and discussion
Work | Publication year | Proposed scheme | Accuracy |
---|---|---|---|
Seo et al. [35] | 2018 | GAN | 98.00% |
Ashraf et al. [14] | 2020 | LSTM autoencoder algorithm | 99.00% |
Zadid et al. [41] | 2020 | LSTM | 87.90% |
Khan et al. [42] | 2021 | LSTM | 99.11% |
Abdel-Basset et al. [43] | 2021 | Two anomaly detection DL models | 97.82% |
Song et al [44] | 2021 | LSTM | 95.37% |
Our work | 2022 | Federated learning scheme based on GRU and RF ensembler | 99.52% |