A Deep Learning Perspective on Connected Automated Vehicle (CAV) Cybersecurity and Threat Intelligence
Authors:
Manoj Basnet,
Mohd. Hasan Ali
Abstract:
The automation and connectivity of CAV inherit most of the cyber-physical vulnerabilities of incumbent technologies such as evolving network architectures, wireless communications, and AI-based automation. This book chapter entails the cyber-physical vulnerabilities and risks that originated in IT, OT, and the physical domains of the CAV ecosystem, eclectic threat landscapes, and threat intelligen…
▽ More
The automation and connectivity of CAV inherit most of the cyber-physical vulnerabilities of incumbent technologies such as evolving network architectures, wireless communications, and AI-based automation. This book chapter entails the cyber-physical vulnerabilities and risks that originated in IT, OT, and the physical domains of the CAV ecosystem, eclectic threat landscapes, and threat intelligence. To deal with the security threats in high-speed, high dimensional, multimodal data and assets from eccentric stakeholders of the CAV ecosystem, this chapter presents and analyzes some of the state of art deep learning-based threat intelligence for attack detection. The frontiers in deep learning, namely Meta-Learning and Federated Learning, along with their challenges have been included in the chapter. We have proposed, trained, and tested the deep CNN-LSTM architecture for CAV threat intelligence; assessed and compared the performance of the proposed model against other deep learning algorithms such as DNN, CNN, LSTM. Our results indicate the superiority of the proposed model although DNN and 1d-CNN also achieved more than 99% of accuracy, precision, recall, f1-score, and AUC on the CAV-KDD dataset. The good performance of deep CNN-LSTM comes with the increased model complexity and cumbersome hyperparameters tuning. Still, there are open challenges on deep learning adoption in the CAV cybersecurity paradigm due to lack of properly developed protocols and policies, poorly defined privileges between stakeholders, costlier training, adversarial threats to the model, and poor generalizability of the model under out of data distributions.
△ Less
Submitted 22 September, 2021;
originally announced September 2021.
Ransomware Detection Using Deep Learning in the SCADA System of Electric Vehicle Charging Station
Authors:
Manoj Basnet,
Subash Poudyal,
Mohd. Hasan Ali,
Dipankar Dasgupta
Abstract:
The Supervisory control and data acquisition (SCADA) systems have been continuously leveraging the evolution of network architecture, communication protocols, next-generation communication techniques (5G, 6G, Wi-Fi 6), and the internet of things (IoT). However, SCADA system has become the most profitable and alluring target for ransomware attackers. This paper proposes the deep learning-based nove…
▽ More
The Supervisory control and data acquisition (SCADA) systems have been continuously leveraging the evolution of network architecture, communication protocols, next-generation communication techniques (5G, 6G, Wi-Fi 6), and the internet of things (IoT). However, SCADA system has become the most profitable and alluring target for ransomware attackers. This paper proposes the deep learning-based novel ransomware detection framework in the SCADA controlled electric vehicle charging station (EVCS) with the performance analysis of three deep learning algorithms, namely deep neural network (DNN), 1D convolution neural network (CNN), and long short-term memory (LSTM) recurrent neural network. All three-deep learning-based simulated frameworks achieve around 97% average accuracy (ACC), more than 98% of the average area under the curve (AUC), and an average F1-score under 10-fold stratified cross-validation with an average false alarm rate (FAR) less than 1.88%. Ransomware driven distributed denial of service (DDoS) attack tends to shift the SOC profile by exceeding the SOC control thresholds. The severity has been found to increase as the attack progress and penetration increases. Also, ransomware driven false data injection (FDI) attack has the potential to damage the entire BES or physical system by manipulating the SOC control thresholds. It's a design choice and optimization issue that a deep learning algorithm can deploy based on the tradeoffs between performance metrics.
△ Less
Submitted 15 April, 2021;
originally announced April 2021.