Professional Documents
Culture Documents
LSTM-Based Intrusion Detection System For VANETs A Time Series Classification Approach To False Message Detection
LSTM-Based Intrusion Detection System For VANETs A Time Series Classification Approach To False Message Detection
Abstract— In vehicular ad hoc networks (VANETs), vehicles real time by broadcasting messages. These messages enable
broadcast emergency messages and beacon messages, which drivers to perceive traffic conditions beyond their visual range,
enable drivers to perceive traffic conditions beyond their visual thus helping drivers to take action in advance to avoid traffic
range thus improve driving safety. However, internal attackers
can launch a false message attack for selfish purposes by accidents [2].
reporting a non-existent traffic incident in emergency messages. Due to the safety-critical nature of the messages exchange
Moreover, some collusion attackers may spread bogus beacon in VANETs, it is vital to ensure the security of VANETs,
messages cooperatively to make the bogus traffic incident more especially the authenticity of messages. In order to realize
deceptive. To improve the accuracy of false emergency message safety applications, vehicles are allowed to broadcast two types
detection, we propose a novel intrusion detection system (IDS)
based on time series classification and deep learning. Consid- of messages: beacon messages, which are periodic and used to
ering that traffic parameters are highly correlated with time, show the basic motion state of a vehicle in the network, and
we collect time series of traffic parameters closely related to emergency messages, which are used to report the occurrences
traffic incidents from messages of vehicles near reported traffic of traffic incidents (such as accidents, poor road conditions,
incidents as time series feature vectors. To recognize the pattern and congestion, etc.). However, bogus information can be
of traffic parameters changing over time more accurately, a traffic
incident classifier based on long short-term memory (LSTM) injected into the network intentionally (attacker) or uninten-
is designed and trained using time series feature vectors from tionally (faults) [3]. Malicious attackers can broadcast false
both normal and collusion attack scenarios. Based on the emergency messages (like false congestion information) to
classification result, the authenticity of the emergency message change the normal behavior of other vehicles for their benefit.
can be determined. Finally, we evaluate the performance of More seriously, some collusion attackers may spread bogus
the proposed LSTM-based IDS through extensive simulation.
Simulation results validate that our IDS is more accurate in beacon messages simultaneously to make the false emergency
false message detection compared with some well-known machine messages more convincing. Unreliable messages may mislead
learning-based schemes. the drivers to make wrong driving decisions, which may reduce
Index Terms— Vehicular ad hoc networks (VANETs), intrusion traffic efficiency and even cause major traffic accidents. Hence,
detection, false message detection, time series classification, deep effective detection of false messages is essential in VANETs.
learning, long short-term memory model (LSTM). The existing mechanisms for ensuring the information
security of the VANETs can be mainly divided into three
I. I NTRODUCTION categories: authentication-based scheme, node-centric scheme,
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23907
a numerical score to evaluate the trustworthiness of the node. condition around the warning vehicle. In our scheme, the
A central reputation server is set to maintain and update attacker or collusion attackers cannot affect other vehicles by
the reputation score of the vehicle node in the network. simply forging several beacon messages. Instead, they need to
However, due to the unique nature of VANETs, such as a assess the current traffic trend over time and precisely affect
large geographical range and high node mobility, querying the statistical time series within a certain range and within
and updating the reputation score is time-consuming, and it is a period of time, which makes their attacking attempt very
difficult to meet the real-time requirements for false message difficult, if not impossible, to succeed.
detection. (2) An LSTM-based traffic incident classifier is designed
To address the above challenge, data-centric schemes have and trained to classify time series of traffic parameters, and
been proposed to detect false messages more effectively by the pattern of traffic parameters changing over time can be
using fully distributed and localized algorithms, in which each accurately recognized. The effect of time steps on the accuracy
vehicle collects possible evidence independently or coopera- of the LSTM-based classifier is also investigated.
tively to verify the authenticity of the safety message. Typical (3) To detect false emergency messages under collusion
methods include heartbeat-based scheme [7], consistency and attacks more effectively, in the process of training the traffic
plausibility checking [8], [9], threshold-based scheme [10], incident classifier, we collect data sets under varying collu-
[11], etc. However, these solutions mainly collect evidence sion attacker proportions. We also investigate the effect of
from the communication process of messages, and few efforts collusion attacker proportions on the accuracy of the proposed
attempt to utilize out-domain information (i.e. traffic parame- IDS.
ters) to analyze whether the reported traffic incident actually The remainder of this paper is organized as follows. Related
happened. work is discussed in Section II. The VANETs model and
Some schemes [12]–[14] choose traffic flow as the observa- attack model are presented in Section III. In Section IV, the
tion data on macroscopic traffic conditions. The actual traffic overview of the proposed IDS is provided. The results of
condition is estimated according to the statistical trend of the performance evaluation are showed in Section V, and the
traffic flow. However, the calculation of traffic flow is based conclusion is drawn in Section VI.
on a linear speed-density model called Greenshields, which is
not accurate to fit real traffic data. It is noted that some more II. R ELATED W ORK
realistic nonlinear speed-density models are proposed in the The security of VANETs is a critical issue that has been the
field of transportation, such as Greenberg, Underwood, and the focus of research for many years [18]. The users of VANETs
logistic model [15]. These models show a better fitting effect are informed of traffic incidents based on received safety
on empirical observation data [16]. So it can be concluded messages. Therefore, false messages pose a major threat to
that the linear Greenshields model is insufficient for estimating traffic safety. The traditional authentication-based schemes use
actual traffic conditions. cryptographic techniques, such as digital signature [19] and
As a universal nonlinear model [17], deep learning is suit- pseudonym [20], to ensure the legitimacy of the node identity
able for fitting nonlinear traffic models. By introducing various and the integrity of the message. However, these mechanisms
nonlinear activation functions, it can fit complex nonlinear can isolate external attackers but cannot guarantee that mes-
functions. Furthermore, traffic parameters are highly correlated sages from legitimate vehicles are true. Several approaches
with time. With strong ability of nonlinear modeling and time aimed at detecting false messages from internal attackers have
series processing, the long short-term memory model (LSTM) been proposed and they can be mainly classified into two
is suitable for identifying traffic conditions based on the categories: (1) node-centric scheme (i.e. trust/reputation-based
time series of traffic parameters in our intrusion detection scheme), and (2) data-centric scheme (i.e. information-oriented
system (IDS). scheme).
In summary, with the help of emergency messages and bea- In node-centric schemes, the reliability of a message is
con messages, vehicles can perceive traffic conditions beyond evaluated according to the past communication history of
their visual range. However, these messages can be false and the sender vehicle [21]. A numerical score (i.e. trustworthi-
affect driving decisions. To detect a false emergency message, ness/reputation score) is used to quantify the healthy degree
vehicles need to determine whether the current traffic condition of a vehicle node. A message is considered reliable if its sender
matches the description of the message. To accurately identify node has a sufficiently high score. A centralized infrastructure
the current traffic condition, we collect multiple types of traffic called reputation server (i.e. trusted authority) is designed by
parameters from the vehicles near the reported traffic incident, Li et al. [5] to collect, update and certify the reputation score
and the mapping relationship between traffic parameters and of each vehicle. However, it’s impractical to maintain trust
specific traffic incidents is established considering time and or reputation in a centralized way due to the high mobility
position factors. To prevent collusion attacks, we also consider with dynamic topology and larger network size of VANETs.
the fact that false beacon messages may mislead the intrusion The trust management of vehicles can also be implemented in
detection of false emergency messages. The contributions of a decentralized/self-organizing way. In [6], a reputation man-
this paper can be summarized as follows: agement system is built for each vehicle to quickly establish a
(1) The proposed IDS constructs time series of traffic trust relationship with other vehicles. The trust-based scheme
parameters of all the vehicles within a certain range of is useful but it’s not suitable for delay-sensitive applications
the warning vehicle, to comprehensively describe the traffic (e.g. false emergency message detection) as trust is built over
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23908 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
a period of time. Moreover, false messages from vehicles with improved to nonlinear models in several studies that fol-
high reputation cannot be identified. lowed. Greenberg [26] hypothesizes a logarithmic relationship
Data-centric schemes have been proposed to tackle these between speed and density, while Underwood [27] establishes
problems. It directly evaluates the reliability of the message an exponential model. It is observed that the Greenberg model
itself, rather than identifying malicious nodes. Each vehicle has a better fit for congested conditions, while the Under-
collects evidence to verify received messages locally or with wood model behaves well under uncongested conditions [28].
the help of neighboring vehicles. Gurung et al. [22] propose Wang et al. [16] propose a logistic model of the equilibrium
the Real-time Message Content Validation (RMCV) scheme speed-density relationship. The empirical validation shows
in VANETs to estimate the trustworthiness of messages based that the proposed five-parameter logistic model matches the
on content similarity, content conflict, and route similarity. empirical observation data better than the previously proposed
But this scheme dose not perform well when the propor- models. It can be seen that the linear Greenshields model
tion of false messages in the network is high. To overcome is insufficient for matching actual traffic data. With strong
this shortcoming, Sun et al. [23] designs a data trust frame- nonlinear fitting ability, machine learning or deep learning can
work based on the idea of verifying the implied effect of establish the mapping between traffic parameters and real traf-
a vehicle’s reported data by using secure wireless physical fic conditions more effectively. Some machine learning-based
layer measurements. In the heartbeat-based scheme [7], each approaches for false message detection in VANETs have been
vehicle continuously collects beacon messages (contain speed, proposed, such as support vector machine (SVM) [29], [30],
position, and steering angle of senders) from its neighboring back propagation neural network (BPNN) [31], random forest
vehicles, and calculates the expected position of senders at the (RF) [32], etc. However, few studies consider the fact that
next sampling time. If the predicted position is inconsistent traffic parameters are highly correlated with time, so the
with the reported position, the suspicion index of the sender pattern of traffic parameters changing over time cannot be
increases. When the suspicion index exceeds the threshold, the accurately extracted.
sender is regarded as a malicious vehicle. In the threshold- To address the challenging problems mentioned above, this
based scheme [10], [11], a vehicle accepts an emergency work proposes a novel IDS based on deep learning and time
message only if the number of received messages reporting series classification. Comparisons are made between the pro-
the identical information exceeds a predefined threshold. It’s posed scheme and the main existing VANET security schemes
easy to implement but it’s hard to determine the optimal as shown in Table I. As a data-centric scheme, the proposed
threshold. The above schemes focus on how the evidence scheme can detect false messages from internal attackers and
is collected from the communication process of messages, those with a high reputation, which make up for the weakness
and the inherent characteristics of traffic data have not been of authentication-based schemes and node-centric schemes,
analyzed to estimate actual traffic conditions. respectively. Different from traditional data-centric schemes,
In realistic traffic scenarios, the occurrence of traffic inci- our scheme detects false messages based on the effect of traffic
dents will cause abnormal fluctuations in traffic parameters. incidents on traffic parameters, which can judge whether the
By observing the changes in traffic parameters, whether traffic incidents happen. Unlike the existing traffic flow-based
the traffic incident actually happened can be judged. Traffic schemes that evaluate the traffic condition only by stationary
flow-based schemes [12]–[14] choose traffic flow as obser- traffic statistics and thus the pattern of traffic flow is not well
vations of macroscopic traffic conditions. Zaidi et al. [12] revealed, our proposed scheme constructs time series of traffic
propose a host-based IDS to detect false emergency messages parameters to comprehensively describe the traffic condition
using a traffic model, in which vehicles share their observation and can extract the pattern of traffic parameters changing over
data on the traffic condition, and a hypothesis test method is time using deep learning. In order to successfully launch an
used to identify the changes in traffic flow and decide to accept attack, the attackers need to evaluate the current traffic trend
or reject the emergency message. Liu et al. [13] extract two over a period of time, and cooperatively forge their beacon
typical traffic patterns, i.e. lane-blocking and blocking-free, messages to precisely affect the statistical time series, which
and establish a traffic model to estimate the probability density is very difficult to realize.
function of traffic parameters. Based on Bayesian inference,
III. S YSTEM M ODEL
the likelihood of each traffic pattern is calculated to determine
whether the accident reported by the emergency message has A. VANETs Model
occurred. In [14], an IDS for VANETs is proposed to detect As shown in Fig. 1, we consider a road safety application
false information attacks and Sybil attacks. It’s able to extract where a vehicle broadcast an emergency message to report
more distinct traffic flow features by taking the range of a traffic incident, and a VANETs model on a highway is
distance between vehicles into account. provided. There are three roles, i.e. warning vehicle, own
The above schemes based on traffic flow consider the impact vehicle, and neighboring vehicle. The own vehicle refers to the
of traffic incidents on traffic parameters, and the calculation considered vehicle that receives an emergency message and is
of traffic flow is based on the oversimplified Greenshields about to run IDS’s algorithm to detect false messages. The
model [24], in which speed and vehicle density obey a negative warning vehicle is the witness of the traffic incident and the
correlation linear relationship. Due to the nonlinear nature sender of the emergency message. The neighboring vehicles
of traffic flow [25], the Greenshields model is not accurate are within the communication range of the own vehicle and
to fit real traffic data. This linear speed-density model was can directly communicate with the own vehicle.
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23909
TABLE I
C OMPARISON B ETWEEN THE P ROPOSED S CHEME AND E XISTING VANET S ECURITY S CHEMES
In this model, each vehicle broadcasts a beacon message time. In addition, we assume that each vehicle is equipped
every time tbeacon . The own vehicle (V0 ) stores beacon mes- with a GPS device that can accurately obtain its position
sages of neighboring vehicles (V1 to V6 ) for the latest observa- Pos(X pos , Ypos ).
tion time tobserve in a table called Current Neighbor List (CNL)
(which will be elaborated in Chapter 4). Suppose that at time B. Message Format
t0 , V1 senses a traffic incident (e.g. an accident), and it will
1) Beacon Message: To communicate with the neighbor-
broadcast an emergency message to vehicles behind. When
ing vehicles, each vehicle continuously broadcasts a beacon
V0 receives the emergency message, its CNL stores beacon
message (Beacon Msg) with a period tbeacon . The beacon
messages of neighboring vehicles within [t0 − tobserve , t0 ].
message mainly contains the information of the vehicle motion
To verify the authenticity of the emergency message, V0 col-
state [33], and we define its format as:
lects evidence related to vehicles in the observation area
(V1 , V2 , and V3 ) from CNL and runs the IDS algorithm. The Beacon Msg(I D, v, a, Pos),
observation area is near the warning vehicle and is included
in the communication range of the own vehicle. This area is where I D, v, a, and Pos represent the vehicle’s identity,
closer to the traffic incident, so it can better reflect the current speed, acceleration, and position, respectively.
traffic situation. 2) Emergency Message: Emergency messages are driven by
Each vehicle can get the number of its neighboring vehicles traffic incidents. When a vehicle senses the occurrence of a
by checking their IDs in messages received at a certain road traffic incident, it will broadcast an emergency message
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23910 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23911
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23912 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
TABLE IV
T YPICAL C RITICAL VALUES (N,α) OF G RUBBUS ’ S T EST
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23913
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23914 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
TABLE VI
LSTM N ETWORK T RAINING PARAMETERS
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23915
TABLE VII
P ERFORMANCE OF THE LSTM-BASED C LASSIFIER
TABLE VIII
P ERFORMANCE OF IDS S W ITH N O C OLLUSION ATTACKER
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23916 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
Fig. 8. Performance of three IDSs when actual traffic condition is normal. Fig. 9. Performance of three IDSs when false traffic condition is normal.
The results also show that the performance of the proposed Secondly, the time series feature vectors combine the impact
scheme is better than other schemes under different ratios of traffic incidents on traffic parameters in time and space,
of collusion attackers. The effective detection of collusion and they are hard to be forged by collusion attackers. Thirdly,
attacks by the proposed LSTM-based IDS can be attributed the LSTM-based classifier can accurately identify the pattern
to the following reasons. Firstly, numerous traffic parameters of traffic parameters changing over time. Finally, using data
collected from vehicles near the reported traffic incidents under varying collusion attackers ratios to train the classifier
can mitigate the impact of partial false beacon messages. improves the robustness of the proposed LSTM-based IDS.
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
YU et al.: LSTM-BASED IDS FOR VANETs 23917
VI. C ONCLUSION [14] J. Liang, J. Chen, Y. Zhu, and R. Yu, “A novel intrusion detection system
for vehicular ad hoc networks (VANETs) based on differences of traffic
In this paper, an LSTM-based IDS for false emergency flow and position,” Appl. Soft Comput., vol. 75, pp. 712–727, Feb. 2019.
message detection is proposed and tested. Time series of traffic [15] X. Liu, J. Xu, M. Li, L. Wei, and H. Ru, “General-logistic-based speed-
parameters closely related to traffic incidents are collected density relationship model incorporating the effect of heavy vehicles,”
Math. Problems Eng., vol. 2019, pp. 1–10, Feb. 2019.
and calculated as time series feature vectors. An LSTM-based [16] H. Wang, J. Li, Q.-Y. Chen, and D. Ni, “Logistic modeling of the
classifier is designed and trained to identify current traffic equilibrium speed–density relationship,” Transp. Res. A, Policy Pract.,
incidents based on time series feature vectors from both nor- vol. 45, no. 6, pp. 554–566, Jul. 2011.
[17] Y. LeCun, Y. Bengio, and G. E. Hinton, “Deep learning,” Nature,
mal and collusion attack scenarios. Based on the classification vol. 521, pp. 436–444, Dec. 2015.
result of time series feature vectors, the authenticity of the [18] Z. Lu, G. Qu, and Z. Liu, “A survey on recent advances in vehicular
emergency message can be judged. We conduct extensive network security, trust, and privacy,” IEEE Trans. Intell. Transp. Syst.,
vol. 20, no. 2, pp. 760–776, Feb. 2019.
simulations to evaluate the performance of the proposed IDS [19] L. Zhang, Q. Wu, J. Domingo-Ferrer, B. Qin, and C. Hu, “Distributed
using SUMO, OMNET++, and Veins. The simulation results aggregate privacy-preserving authentication in VANETs,” IEEE Trans.
show that the proposed IDS exhibits better performance under Intell. Transp. Syst., vol. 18, no. 3, pp. 516–526, Mar. 2017.
[20] R. Lu, X. Lin, T. Luan, X. Liang, and X. Shen, “Pseudonym changing
false message attacks and collusion attacks compared with the at social spots: An effective strategy for location privacy in VANETs,”
BPNN-based scheme and RF-based scheme. Equipped with IEEE Trans. Veh. Technol., vol. 61, no. 1, pp. 86–96, Jan. 2012.
the proposed LSTM-based IDS, vehicles can accurately infer [21] R. Hussain, J. Lee, and S. Zeadally, “Trust in VANET: A survey of
current solutions and future research opportunities,” IEEE Trans. Intell.
the actual traffic incident and effectively resist false message Transp. Syst., vol. 22, no. 5, pp. 2553–2571, May 2021.
attacks and collusion attacks. [22] S. Gurung, D. Lin, A. Squicciarini, and E. Bertino, “Information-
In the near future, the work can be extended by utilizing big oriented trustworthiness evaluation in vehicular ad-hoc networks,” in
Proc. Int. Conf. Netw. Syst. Secur. Berlin, Germany: Springer, Jun. 2013,
data collected from real traffic scenarios. Furthermore, we plan pp. 94–108.
to incorporate more accurate deep learning algorithms within [23] M. Sun, M. Li, and R. Gerdes, “A data trust framework for VANETs
IDS to detect new types of attacks in VANETs, such as Sybil enabling false data detection and secure vehicle tracking,” in Proc. IEEE
Conf. Commun. Netw. Secur. (CNS), Oct. 2017, pp. 1–9.
attacks and denial of service attacks. [24] B. D. Greenshields, “A study of traffic capacity,” in Highway Research
Board Proceeding. Washington, DC, USA: Highway Research Board,
R EFERENCES 1935, pp. 448–477.
[25] D. Kang, Y. Lv, and Y.-Y. Chen, “Short-term traffic flow prediction with
[1] H. Al-Omaisi, E. A. Sundararajan, R. Alsaqour, N. F. Abdullah, and LSTM recurrent neural network,” in Proc. IEEE 20th Int. Conf. Intell.
M. Abdelhaq, “A survey of data dissemination schemes in vehic- Transp. Syst. (ITSC), Oct. 2017, pp. 1–6.
ular named data networking,” Veh. Commun., vol. 30, Aug. 2021, [26] H. Greenberg, “An analysis of traffic flow,” Oper. Res., vol. 7, no. 1,
Art. no. 100353. pp. 79–85, Feb. 1959.
[2] H. Li, G. Zhao, L. Qin, H. Aizeke, X. Zhao, and Y. Yang, “A survey [27] R. T. Underwood, “Speed, volume and density relationship,” Qual.
of safety warnings under connected vehicle environments,” IEEE Trans. Theory Traffic Flow, Yale Bureau Highway Traffic, New Haven, CT,
Intell. Transp. Syst., vol. 22, no. 5, pp. 2572–2588, May 2021. USA, 2008, pp. 141–188.
[3] M. Arshad, Z. Ullah, N. Ahmad, M. Khalid, H. Criuckshank, and [28] S. Ardekani, M. Ghandehari, and S. Nepal, “Macroscopic speed-flow
Y. Cao, “A survey of local/cooperative-based malicious information models for characterization of freeway and managed lanes,” Institutul
detection techniques in VANETs,” EURASIP J. Wireless Commun. Netw., Politehnic Din Iasi. Buletinul. Sectia Construct. Arhitectura, vol. 57,
vol. 2018, no. 1, pp. 1–17, Dec. 2018. no. 1, p. 149, 2011.
[4] D. Manivannan, S. S. Moni, and S. Zeadally, “Secure authentication and [29] O. A. Wahab, A. Mourad, H. Otrok, and J. Bentahar, “CEAP: SVM-
privacy-preserving techniques in vehicular ad-hoc networks (VANETs),” based intelligent detection model for clustered vehicular ad hoc net-
Veh. Commun., vol. 25, Oct. 2020, Art. no. 100247. works,” Expert Syst. Appl., vol. 50, pp. 40–54, May 2016.
[5] Q. Li, A. Malip, K. M. Martin, S.-L. Ng, and J. Zhang, [30] A. Alsarhan, M. Alauthman, E. Alshdaifat, A.-R. Al-Ghuwairi, and
“A reputation-based announcement scheme for VANETs,” IEEE Trans. A. Al-Dubai, “Machine learning-driven optimization for SVM-based
Veh. Technol., vol. 61, no. 9, pp. 4095–4108, Nov. 2012. intrusion detection system in vehicular ad hoc networks,” J. Ambient
[6] R. Sugumar, A. Rengarajan, and C. Jayakumar, “Trust based authentica- Intell. Humanized Comput., pp. 1–10, Feb. 2021.
tion technique for cluster based vehicular ad hoc networks (VANET),” [31] J. Zhang, L. Huang, H. Xu, M. Xiao, and W. Guo, “An incremental BP
Wireless Netw., vol. 24, no. 2, pp. 373–382, Feb. 2018. neural network based spurious message filter for vanet,” in Proc. IEEE
[7] R. P. Barnwal and S. K. Ghosh, “Heartbeat message based misbehavior Int. Conf. Cyber-Enabled Distrib. Comput. Knowl. Discovery, Oct. 2012,
detection scheme for vehicular ad-hoc networks,” in Proc. Int. Conf. pp. 360–367.
Connected Vehicles Exp. (ICCVE), Dec. 2012, pp. 29–34. [32] S. Gyawali, Y. Qian, and R. Q. Hu, “Machine learning and reputation
[8] R. van der Heijden, S. Dietzel, and F. Kargl, “Misbehavior detection based misbehavior detection in vehicular communication networks,”
in vehicular ad-hoc networks,” in Proc. 1st GI/ITG KuVS Fachgespräch IEEE Trans. Veh. Technol., vol. 69, no. 8, pp. 8871–8885, Aug. 2020.
Inter-Vehicle Commun. Univ. Innsbruck, Feb. 2013, pp. 23–25. [33] R. Molina-Masegosa, M. Sepulcre, J. Gozalvez, F. Berens, and
[9] T. Yang, W. Xin, L. Yu, Y. Yang, J. Hu, and Z. Chen, “Misdis: V. Martinez, “Empirical models for the realistic generation of coop-
An efficent misbehavior discovering method based on accountability erative awareness messages in vehicular networks,” IEEE Trans. Veh.
and state machine in VANET,” in Proc. Asia–Pacific Web Conf. Berlin, Technol., vol. 69, no. 5, pp. 5713–5717, May 2020.
Germany: Springer, Apr. 2013, pp. 583–594. [34] ETSI, Intelligent Transport Systems (Its); Vehicular Communications;
[10] L. Chen, S.-L. Ng, and G. Wang, “Threshold anonymous announcement Basic Set of Applications; Part 3: Specifications of Decentralized Envi-
in VANETs,” IEEE J. Sel. Areas Commun., vol. 29, no. 3, pp. 605–615, ronmental Notification Basic Service, document ETSI TS 102 637-3,
Mar. 2011. 2010.
[11] J. Shao, X. Lin, R. Lu, and C. Zuo, “A threshold anonymous authenti- [35] S. Sharma and B. Kaushik, “A survey on internet of vehicles: Applica-
cation protocol for VANETs,” IEEE Trans. Veh. Technol., vol. 65, no. 3, tions, security issues & solutions,” Veh. Commun., vol. 20, Dec. 2019,
pp. 1711–1720, Mar. 2016. Art. no. 100182.
[12] K. Zaidi, M. B. Milojevic, V. Rakocevic, A. Nallanathan, and [36] M. Urvoy, D. Goudia, and F. Autrusseau, “Perceptual DFT watermarking
M. Rajarajan, “Host-based intrusion detection for VANETs: A statistical with improved detection and robustness to geometrical distortions,”
approach to rogue node detection,” IEEE Trans. Veh. Technol., vol. 65, IEEE Trans. Inf. Forensics Security, vol. 9, no. 7, pp. 1108–1119,
no. 8, pp. 6703–6714, Aug. 2016. Jul. 2014.
[13] J. Liu, W. Yang, J. Zhang, and C. Yang, “Detecting false messages in [37] Z. Chen, T. Yin, and T. Liu, “3G mobile map service publishing and
vehicular ad hoc networks based on a traffic flow model,” Int. J. Distrib. data flow testing,” in Proc. 1st Int. Conf. Agro, Geoinform. (Agro-
Sensor Netw., vol. 16, no. 2, Feb. 2020, Art. no. 1550147720906390. Geoinformatics), Aug. 2012, pp. 1–4.
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.
23918 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 23, NO. 12, DECEMBER 2022
[38] J. Kamel, M. R. Ansari, J. Petit, A. Kaiser, I. B. Jemaa, and P. Urien, Xiaoping Xue (Member, IEEE) received the B.S.
“Simulation framework for misbehavior detection in vehicular net- degree in wired communication from Tongji Uni-
works,” IEEE Trans. Veh. Technol., vol. 69, no. 6, pp. 6631–6643, versity (formerly Shanghai Railway University),
Jun. 2020. Shanghai, China, in 1987, and the Ph.D. degree
[39] M. Sepulcre, J. Gozalvez, and B. Coll-Perales, “Why 6 Mbps is not in communication and information systems from
(always) the optimum data rate for beaconing in vehicular networks,” Beijing Jiaotong University, Beijing, China, in 2009.
IEEE Trans. Mobile Comput., vol. 16, no. 12, pp. 3568–3579, Apr. 2017. He is currently a Professor and the Director of
[40] K. Abboud, H. A. Omar, and W. Zhuang, “Interworking of DSRC the Department of Information and Communication
and cellular network technologies for V2X communications: A survey,” Engineering, Tongji University. His research inter-
IEEE Trans. Veh. Technol., vol. 65, no. 12, pp. 9457–9470, Dec. 2016. ests include secure broadband wireless communi-
cation theory under high-speed moving conditions,
safe computing theory and methods, formal software and security evaluation
theory and methods, and security and privacy in vehicular networks.
Yantao Yu (Graduate Student Member, IEEE)
received the B.S. degree in communication engi-
neering from Dalian Maritime University, Dalian,
China, in 2019. He is currently pursuing the Ph.D.
degree in information and communication engineer-
ing with Tongji University, Shanghai, China. His
main research interests are security and privacy in
vehicular networks.
Authorized licensed use limited to: Universidad Tecnica Federico Santa Maria. Downloaded on May 22,2023 at 19:49:44 UTC from IEEE Xplore. Restrictions apply.