PhD Viva-voce Presentation on In-Vehicle Network Monitoring with Network Tomography PDF

In-Vehicle Network Monitoring with Network Tomography PhD Viva-voce Presentation Author: Amani Ibraheem Supervisor: Dr. Zhengguo Sheng...

In-Vehicle Network Monitoring with Network Tomography PhD Viva-voce Presentation Author: Amani Ibraheem Supervisor: Dr. Zhengguo Sheng School of Engineering and Informatics, University of Sussex November 17, 2023 Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 1 / 50 Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 2 / 50 Introduction Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 3 / 50 Introduction In-Vehicle Networks and Architectures Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 4 / 50 Introduction In-Vehicle Networks and Architectures In-Vehicle Networks and Architectures There are three main in-vehicle networking architectures based on E/E architectures: Fieldbus architecture Central-gateway architecture Ethernet-based architecture CAN bus ECU Gateway/Switch Domain/Zone controller Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 5 / 50 Introduction In-Vehicle Networks and Architectures In-Vehicle Networks and Architectures There are three main in-vehicle networking architectures based on E/E architectures: Fieldbus architecture Central-gateway architecture Ethernet-based architecture CAN bus ECU Gateway/Switch Domain/Zone controller Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 5 / 50 Introduction In-Vehicle Networks and Architectures In-Vehicle Networks and Architectures There are three main in-vehicle networking architectures based on E/E architectures: Fieldbus architecture Central-gateway architecture Ethernet-based architecture CAN bus ECU Gateway/Switch Domain/Zone controller Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 5 / 50 Introduction In-Vehicle Networks and Architectures In-Vehicle Networks and Architectures There are three main in-vehicle networking architectures based on E/E architectures: Fieldbus architecture Central-gateway architecture Ethernet-based architecture CAN bus ECU Gateway/Switch Domain/Zone controller Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 5 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 6 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks I IP-based attacks No authentication/authorization mechanisims Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 7 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks I IP-based attacks No authentication/authorization mechanisims Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 7 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks I IP-based attacks No authentication/authorization mechanisims Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 7 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks I IP-based attacks No authentication/authorization mechanisims Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 7 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks II Overburdening the network Difficulties in accessing internal network Lack of complete monitoring system Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 8 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks II Overburdening the network Difficulties in accessing internal network Lack of complete monitoring system Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 8 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks II Overburdening the network Difficulties in accessing internal network Lack of complete monitoring system Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 8 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks II Overburdening the network Difficulties in accessing internal network Lack of complete monitoring system Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 8 / 50 Introduction Security and Monitoring Challenges in In-Vehicle Networks Security and Monitoring Challenges in In-Vehicle Networks II Overburdening the network Difficulties in accessing internal network Lack of complete monitoring system Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 8 / 50 Research Questions Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 9 / 50 Research Questions Research Questions 1 Given that the only available information about the network is the end-to-end performance, how can the internal performance be inferred? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 10 / 50 Research Questions Research Questions 1 Given that the only available information about the network is the end-to-end performance, how can the internal performance be inferred? 2 Is network tomography applicable to in-vehicle networks? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 10 / 50 Research Questions Research Questions 1 Given that the only available information about the network is the end-to-end performance, how can the internal performance be inferred? 2 Is network tomography applicable to in-vehicle networks? 3 What are the constraints of network tomography and how to handle them? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 10 / 50 Research Questions Research Questions 1 Given that the only available information about the network is the end-to-end performance, how can the internal performance be inferred? 2 Is network tomography applicable to in-vehicle networks? 3 What are the constraints of network tomography and how to handle them? 4 How to design a complete monitoring system that can detect, locate, and mitigate anomalies on in-vehicle networks? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 10 / 50 Research Contributions Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 11 / 50 Research Contributions In-Vehicle Network Tomography Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 12 / 50 Research Contributions In-Vehicle Network Tomography In-Vehicle Network Tomography Network model G = (V , E ) V =E ∩R E := {vi ∈ V (G ) : d(vi ) = 1} R := {vi ∈ V (G ) : d(vi ) ≥ 2} pi = {ei , ej ,... , ek }, where i ̸= j ̸= k and i, j, k ∈ {1, 2,... , γ} P := {p1 , p2 ,... , P } with Pm ⊆ P Notations: G = (V , E ): in-vehicle network as a graph G ; V (G ): set of vertices (nodes) in G ; d(vi ): node degree of vi ∈ V (G ); γ := E (G ) ; pi ∈ P: a path as a set of links it passes through; P: set of all paths in G ; PmAmani ⊆ P: set of (University Ibraheem measured paths in G of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 13 / 50 Research Contributions In-Vehicle Network Tomography In-Vehicle Network Tomography Network tomography model y =A⊗x (1) Assumptions Notations: Nodes’ clocks are synchronised. y : end-to-end measurements Only nodes in E are accessible. x: link-level measurements Nodes in R are inaccessible. A: measurement matrix There is only one single path between any communicating node pair. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 14 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability Definition Let l−identifiability be the number of identifiable links, then we classify network-wide identifiability into three main levels: Fully-identifiable network: an in-vehicle network G is fully-identifiable if the link-level metrics for all links in E (G ) are uniquely determined by solving (1). In this case, l = γ, hence, a fully-identifiable network can also be called γ-identifiable network. l-identifiable network: we say that an in-vehicle network G is l-identifiable if the maximum number of links that can be uniquely identified is l, where l < γ. Unidentifiable network: if no link metrics for any link in E (G ) can be uniquely determined by solving (1), then we say that G is unidentifiable. In this case l = 0. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 15 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability ECU ECU ECU ECU ECU ECU Figure: Fieldbus architecture CAN bus Ethernet Sensor/Actuator Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 16 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability ECU ECU ECU ECU Gateway ECU ECU ECU ECU Figure: Central-gateway architecture CAN bus Ethernet Sensor/Actuator Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 17 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability ECU GW ECU ECU ECU GW Switch GW ECU ECU ECU GW ECU Figure: Ethernet-based architecture CAN bus Ethernet Sensor/Actuator Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 18 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability Topological conidition In order to identify all links’ metrics of in-vehicle network G with γ ≥ 2, the necessary topological condition is that d(vi ) ≥ 3, ∀vi ∈ R. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 19 / 50 Research Contributions In-Vehicle Network Tomography Network Identifiability Topological conidition In order to identify all links’ metrics of in-vehicle network G with γ ≥ 2, the necessary topological condition is that d(vi ) ≥ 3, ∀vi ∈ R. Minimum number of monitors Given that the topological condition is satisfied, the minimum number of monitors required to uniquely identify all γ ≥ 2 links in G is E. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 19 / 50 Research Contributions In-Vehicle Network Tomography Identifiability in In-Vehicle Networks CAN: always identifiable with 2 monitors. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 20 / 50 Research Contributions In-Vehicle Network Tomography Identifiability in In-Vehicle Networks CAN: always identifiable with 2 monitors. Central-gateway: always identifiable as long as |B| ≥ 3 and the min number of monitors is |B|. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 20 / 50 Research Contributions In-Vehicle Network Tomography Identifiability in In-Vehicle Networks CAN: always identifiable with 2 monitors. Central-gateway: always identifiable as long as |B| ≥ 3 and the min number of monitors is |B|. Ethernet-based: can be unidentifiable (depends on the topology). Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 20 / 50 Research Contributions DNN-based Partial Tomography , Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 21 / 50 Research Contributions DNN-based Partial Tomography , Motivation Example 1: γ = 5, κ = 3. Smart sensor v6 e5 Front camera Rear camera e1 e3 e4 v3 v1 v2 v5 Radio interface e2 v4 p1 = {e1 , e2 }, p2 = {e1 , e3 , e4 }, p3 = {e1 , e3 , e5 } p4 = {e2 , e3 , e4 }, p5 = {e2 , e3 , e5 }, p6 = {e4 , e5 } Pm = {p1 , p2 , p6 }. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 22 / 50 Research Contributions DNN-based Partial Tomography , Motivation Example 2: γ = 4, κ = 3 = P , d(v1 ) = 2 < 3. Smart sensor v5 e4 Radio interface Rear camera e1 e2 e3 v3 v1 v2 v4 p1 = {e1 , e2 , e3 }, p2 = {e1 , e2 , e4 }, p3 = {e3 , e4 }. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 23 / 50 Research Contributions DNN-based Partial Tomography , Motivation Example 3: γ = 5, κ = 5. Smart sensor v6 Radio interface Rear camera e1 e3 v2 e5 v4 v1 Front camera Smart sensor e2 e4 v3 v5 p1 = {e1 , e2 }, p2 = {e1 , e3 }, p3 = {e1 , e4 }, p4 = {e1 , e5 }, p5 = {e2 , e3 } p6 = {e2 , e4 }, p7 = {e2 , e5 }, p8 = {e3 , e4 }, p9 = {e3 , e5 }, p10 = {e4 , e5 } Pm = {p3 , p4 , p5 , p8 , p9 }. Dependent: p9 = p8 + p4 − p3. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 24 / 50 Research Contributions DNN-based Partial Tomography , Partial Network Tomography Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 25 / 50 Research Contributions DNN-based Partial Tomography , Deep Neural Network (DNN) Hidden layers h11... 1 hm DNN-based Algebraic θ1 ŷ1 Tomography: Output layer h12... 2 hm Neural Network Delay Input layer Estimation (NNDE)....... h13... 3 hm Neural Network Delay Tomography (NNDT)....... θj ŷk DNN-based Tomography. h1n... n hm Figure: Deep neural network structure. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 26 / 50 Research Contributions DNN-based Partial Tomography , DNN-based Algebraic Tomography - Neural Network Delay Estimation (NNDE) Hidden layers h11... 1 hm y1 ŷρ Output layer h12... 2 hm Input layer...... h13... 3 hm...... yκ ŷγ h1n... n hm Figure: DNN structure in NNDE. ρ = κ + 1. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 27 / 50 Research Contributions DNN-based Partial Tomography , DNN-based Algebraic Tomography - Neural Network Delay Tomography (NNDT) Hidden layers y1 h11... 1 hm... ŷρ Output layer yκ h12... 2 hm Input layer... h13... 3 hm x1...... ŷγ... h1n... n hm xj Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 28 / 50 Research Contributions DNN-based Partial Tomography , DNN-based Tomography Hidden layers h11... 1 hm y1 x̂1 Output layer h12... 2 hm Input layer...... h13... 3 hm...... yκ x̂γ h1n... n hm Figure: DNN structure in DNN-based tomography. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 29 / 50 Research Contributions Anomaly Detection and Localisation using Network Tomography Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 30 / 50 Research Contributions Anomaly Detection and Localisation using Network Tomography Anomaly Detection and Localisation using Network Tomography Network Status ( 0, if S(pi ) = 0, ∀pi ∈ P S(G ) = 1, if S(pi ) = 1, ∃pi ∈ P Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 31 / 50 Research Contributions Anomaly Detection and Localisation using Network Tomography Anomaly Detection and Localisation using Network Tomography Network Status ( 0, if S(pi ) = 0, ∀pi ∈ P S(G ) = 1, if S(pi ) = 1, ∃pi ∈ P Path Status ( 0, if S(ej ) = 0, ∀ej ∈ pi S(pi ) = 1, if S(ej ) = 1, ∃ej ∈ pi Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 31 / 50 Research Contributions Anomaly Detection and Localisation using Network Tomography Anomaly Detection and Localisation using Network Tomography Network Status ( 0, if S(pi ) = 0, ∀pi ∈ P S(G ) = 1, if S(pi ) = 1, ∃pi ∈ P Path Status Link Status ( ( 0, if S(ej ) = 0, ∀ej ∈ pi 0, if αej ≤ xj ≤ βej S(pi ) = S(ej ) = 1, if S(ej ) = 1, ∃ej ∈ pi 1, if xj < αej or xj > βej Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 31 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Procedure: Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. 2 Solve y D = AD x D for x D. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. Link Status 2 Solve y D = AD x D for x D. ( 0, if αej ≤ xj ≤ βej 3 Determine status of ei ∈ E (G ) using S(ej ) = link status. 1, if xj < αej or xj > βej Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Delay Network Tomography (DNT) Delay Network Tomography (DNT) y D = AD x D Real values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. Link Status 2 Solve y D = AD x D for x D. ( 0, if αej ≤ xj ≤ βej 3 Determine status of ei ∈ E (G ) using S(ej ) = link status. 1, if xj < αej or xj > βej 4 If xi = 1, then S(G ) = 1 and link ei ∈ E (G ) is the anomalous link. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 32 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Procedure: Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. 2 Determine ( path-level status as 0, if αpi ≤ yiD ≤ βpi yiS =. 1, if yiD < αpi or yiD > βpi Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. 2 Determine ( path-level status as 0, if αpi ≤ yiD ≤ βpi yiS =. 1, if yiD < αpi or yiD > βpi 3 If yiD = 1, ∃pi ∈ Pm , then solve y S = AS ⊙ x S. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Binary Network Tomography (BNT) Binary Network Tomography (BNT) y S = AS ⊙ x S yiS = ∨j (aijS ∧ xjS ) Binary values Procedure: 1 Collect y D for paths in Pm using yiD = trecv − ttrans. 2 Determine ( path-level status as 0, if αpi ≤ yiD ≤ βpi yiS =. 1, if yiD < αpi or yiD > βpi 3 If yiD = 1, ∃pi ∈ Pm , then solve y S = AS ⊙ x S. 4 If xi = 1, then link ei ∈ E (G ) is the anomalous link. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 33 / 50 Research Contributions Deep Neural Network (DNN)-based Tomography Deep Neural Network (DNN)-based Tomography As the measurement matrix A is not guaranteed to be a full-rank matrix, DNN can be used to compensate for the rank deficiency A. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 34 / 50 Research Contributions Deep Neural Network (DNN)-based Tomography Deep Neural Network (DNN)-based Tomography As the measurement matrix A is not guaranteed to be a full-rank matrix, DNN can be used to compensate for the rank deficiency A. Hidden layers h11... 1 hm y1 ŷρ Output layer h12... 2 hm Input layer...... h13... 3 hm...... yκ ŷγ h1n... n hm Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 34 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 35 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , A New SDN-enabled In-Vehicle Network Topology Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 36 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , Transformation into Identifiable Topology Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 37 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , Transformation into Redundant Topology Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 38 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , Identifiable, Redundant and SDN-enabled Topology Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 39 / 50 Research Contributions A New SDN-enabled In-Vehicle Network Topology , Proposed Monitoring Framework Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 40 / 50 Results Results Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Network tomography-based monitoring solution achieves lower monitoring overhead than the existing solutions. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Network tomography-based monitoring solution achieves lower monitoring overhead than the existing solutions. If the matrix is rank deficient, partial tomography and DNN-based solutions can be used. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Network tomography-based monitoring solution achieves lower monitoring overhead than the existing solutions. If the matrix is rank deficient, partial tomography and DNN-based solutions can be used. Network tomography can be used to detect and locate anomalies in in-vehicle networks with 100% accuracy using BNT. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Network tomography-based monitoring solution achieves lower monitoring overhead than the existing solutions. If the matrix is rank deficient, partial tomography and DNN-based solutions can be used. Network tomography can be used to detect and locate anomalies in in-vehicle networks with 100% accuracy using BNT. When possible, algebraic network tomography is better to use than the other tomographic approaches (e.g., DNN-based tomography). However, the topological and monitor conditions have to be satisfied. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Results Results Algebraic network tomography is applicable for in-vehicle networks as long as the measurement matrix is full rank. Network tomography-based monitoring solution achieves lower monitoring overhead than the existing solutions. If the matrix is rank deficient, partial tomography and DNN-based solutions can be used. Network tomography can be used to detect and locate anomalies in in-vehicle networks with 100% accuracy using BNT. When possible, algebraic network tomography is better to use than the other tomographic approaches (e.g., DNN-based tomography). However, the topological and monitor conditions have to be satisfied. Transformation into identifiable and redundant in-vehicle networks can be achieved with a maximum added weight of 17.17%. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 41 / 50 Discussion Research Questions Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 42 / 50 Discussion Research Questions Discussion I Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 43 / 50 Discussion Research Questions Discussion I ✓ Given only the end-to-end performance, how can the internal performance be inferred? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 43 / 50 Discussion Research Questions Discussion I ✓ Given only the end-to-end −→ Using network tomography. performance, how can the internal performance be inferred? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 43 / 50 Discussion Research Questions Discussion I ✓ Given only the end-to-end −→ Using network tomography. performance, how can the internal performance be inferred? ✓ Is network tomography applicable to in-vehicle networks? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 43 / 50 Discussion Research Questions Discussion I ✓ Given only the end-to-end −→ Using network tomography. performance, how can the internal performance be inferred? ✓ Is network tomography applicable to −→ Yes, given that the topology, in-vehicle networks? monitors’ number and placement conditions are satisfied. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 43 / 50 Discussion Research Questions Discussion II ✓ What are the constraints of network tomography and how to handle them? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 44 / 50 Discussion Research Questions Discussion II ✓ What are the constraints of network −→ r (A) = γ: κ = γ, independent Pm , tomography and how to handle identifiable topology. DNN, PNT and them? identifiable topology could handle these constraints. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 44 / 50 Discussion Research Questions Discussion II ✓ What are the constraints of network −→ r (A) = γ: κ = γ, independent Pm , tomography and how to handle identifiable topology. DNN, PNT and them? identifiable topology could handle these constraints. ✓ How to design a complete monitoring system that can detect, locate, and mitigate anomalies on in-vehicle networks? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 44 / 50 Discussion Research Questions Discussion II ✓ What are the constraints of network −→ r (A) = γ: κ = γ, independent Pm , tomography and how to handle identifiable topology. DNN, PNT and them? identifiable topology could handle these constraints. ✓ How to design a complete monitoring −→ By leveraging the proposed NT, SDN system that can detect, locate, and and redundant topology, a monitoring mitigate anomalies on in-vehicle framework was proposed. networks? Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 44 / 50 Conclusion and Future Work Outline 1 Introduction In-Vehicle Networks and Architectures Security and Monitoring Challenges in In-Vehicle Networks 2 Research Questions 3 Research Contributions In-Vehicle Network Tomography DNN-based Partial Tomography , Anomaly Detection and Localisation using Network Tomography A New SDN-enabled In-Vehicle Network Topology , 4 Results 5 Discussion 6 Conclusion and Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 45 / 50 Conclusion and Future Work Summary Conclusion Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 46 / 50 Conclusion and Future Work Summary Conclusion This thesis presented a novel and complete monitoring approach for in-vehicle networks, where there is no need to access any internal element of the network. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 46 / 50 Conclusion and Future Work Summary Conclusion This thesis presented a novel and complete monitoring approach for in-vehicle networks, where there is no need to access any internal element of the network. This monitoring approach leveraged a network tomography-based solution as a vehicular monitoring application. The proposed approach is lightweight and does not incur heavy monitoring overhead. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 46 / 50 Conclusion and Future Work Summary Conclusion This thesis presented a novel and complete monitoring approach for in-vehicle networks, where there is no need to access any internal element of the network. This monitoring approach leveraged a network tomography-based solution as a vehicular monitoring application. The proposed approach is lightweight and does not incur heavy monitoring overhead. It supports three main tasks of robust monitoring systems, in which it can detect, locate and mitigate anomalies in in-vehicle networks. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 46 / 50 Conclusion and Future Work Future Work Future Work Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Asymmetrical behaviour of CAN, when delay tomography is employed, can be further investigated. E.g., employing RL to set the transmission time. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Asymmetrical behaviour of CAN, when delay tomography is employed, can be further investigated. E.g., employing RL to set the transmission time. Transformation of existing topologies can further be improved by minimising the overall weight. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Asymmetrical behaviour of CAN, when delay tomography is employed, can be further investigated. E.g., employing RL to set the transmission time. Transformation of existing topologies can further be improved by minimising the overall weight. AI solutions can be used so that the SDN controller can promptly and intelligently assign the redundant paths in case of anomalies. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Asymmetrical behaviour of CAN, when delay tomography is employed, can be further investigated. E.g., employing RL to set the transmission time. Transformation of existing topologies can further be improved by minimising the overall weight. AI solutions can be used so that the SDN controller can promptly and intelligently assign the redundant paths in case of anomalies. The proposed NT approach can further be used for different applications such as load-balancing and optimisation applications. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 Conclusion and Future Work Future Work Future Work Other metrics can be used, such as loss/success rate, bandwidth consumption, and throughput. Asymmetrical behaviour of CAN, when delay tomography is employed, can be further investigated. E.g., employing RL to set the transmission time. Transformation of existing topologies can further be improved by minimising the overall weight. AI solutions can be used so that the SDN controller can promptly and intelligently assign the redundant paths in case of anomalies. The proposed NT approach can further be used for different applications such as load-balancing and optimisation applications. Applying the proposal on a larger scale e.g., VANETs, is another interesting direction. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 47 / 50 References References I A. Ibraheem, Z. Sheng, G. Parisis, and D. Tian, “In-vehicle network delay tomography,” in GLOBECOM 2022-2022 IEEE Global Communications Conference, IEEE, 2022, pp. 5528–5533. A. Ibraheem, Z. Sheng, G. Parisis, and D. Tian, “Neural network based partial tomography for in-vehicle network monitoring,” in 2021 IEEE International Conference on Communications Workshops (ICC Workshops), IEEE, 2021, pp. 1–6. A. Ibraheem, Z. Sheng, G. Parisis, J. Zhou, and D. Tian, “Internal network monitoring with dnn and network tomography for in-vehicle networks,” in 2022 IEEE International Conference on Unmanned Systems (ICUS), IEEE, 2022, pp. 928–933. A. Ibraheem, Z. Sheng, G. Parisis, and D. Tian, “Network tomography-based anomaly detection and localisation in centralised in-vehicle network,” in 2023 IEEE International Conference on Omni-layer Intelligent Systems (COINS), IEEE, 2023, pp. 1–6. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 48 / 50 References References II A. Ibraheem, “Cross network slicing in vehicular networks,” in Intelligent Technologies for Internet of Vehicles, Springer, 2021, pp. 151–189. A. Ibraheem, Z. Sheng, G. Parisis, and D. Tian, “New identifiable and redundant sdn-based measurement for in-vehicle networks,”, submitted, 2023. Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 49 / 50 Thank You! Amani Ibraheem (University of Sussex) In-Vehicle Network Monitoring with Network Tomography November 17, 2023 50 / 50

PhD Viva-voce Presentation on In-Vehicle Network Monitoring with Network Tomography PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue