Intrusion Detection Systems based on Artificial Intelligence need robust data sources in order to achieve strong generalization levels from the knowledge domain of interest. Anomaly detection is a well-known topic in cybersecurity, and its application to the Internet of Things can lead to suitable protection techniques against problems such as DoS and DDoS attacks.
The following devices are connected to the automotive Ethernet testbed:
- a RAD-Galaxy: BroadR-Reach switch
- two neoECU AVB/TSN (AVB/TSN Endpoint Simulation): configured as an AVB talker and an AVB listener, respectively
- a RAD-Moon: a media converter (between BroadR-Reach and Ethernet)
- an USB Camera connected to the AVB talker
The dataset contains four benign (attack-free) packet captures.
- driving_01_original.pcap (about 10 min)
- driving_02_original.pcap (about 16 min)
- indoors_01_original.pcap (about 24 min)
- indoors_02_original.pcap (about 21 min)
We suppose that an attacker injects arbitrary stream AVTP data units (AVTPDUs) into the IVN. The goal of the attacker is to output a single video frame, at a terminal application connected to the AVB listener, by injecting previously generated AVTPDUs during a certain period. To demonstrate the attack, we extract 36 continuous stream AVTPDUs (single-MPEG-frame.pcap) from one of our AVB datasets; the extracted AVTPDUs constitute one video frame. Then, the attacker performs a replay attack by sending the 36 stream AVTPDUs repeatedly. Check *_injected.pcap files for the result of the replay attack.
To open the packet captures, we recommend researchers use Wireshark and the following plug-ins:
- Dissector for IEEE1722 (AVTP) IEC61883/IIDC Subtype MPEG2-TS: https://gist.github.com/oro350/8321451
- (Optional) MPEG video parser https://wiki.wireshark.org/mpeg_dump.lua
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2018-0-00312, Developing technologies to predict, detect, respond, and automatically diagnose security threats to automotive Ethernet-based vehicle).
Collecting and analysing heterogeneous data sources from the Internet of Things (IoT) and Industrial IoT (IIoT) are essential for training and validating the fidelity of cybersecurity applications-based machine learning. However, the analysis of those data sources is still a big challenge for reducing high dimensional space and selecting important features and observations from different data sources.
One of the major research challenges in this field is the unavailability of a comprehensive network based data set which can reflect modern network traffic scenarios, vast varieties of low footprint intrusions and depth structured information about the network traffic. Evaluating network intrusion detection systems research efforts, KDD98, KDDCUP99 and NSLKDD benchmark data sets were generated a decade ago. However, numerous current studies showed that for the current network threat environment, these data sets do not inclusively reflect network traffic and modern low footprint attacks.