IoV-BERT-IDS: Hybrid Network Intrusion Detection System in IoV Using Large Language Models

Abstract

The traditional vehicular ad hoc network (VANET) gradually evolved into the Internet of Vehicles (IoV), which has also become a potential target for attacks and faces security challenges in an open network environment. Intrusion detection systems (IDS) based on machine learning (ML) and deep learning (DL) are introduced to mitigate security threats. However, existing ML/DL-based IDS suffer from challenges in IoV environments. First, due to the limitations of ML/DL-based methods, classification performance is unsatisfactory when they extract only unidirectional contextual features or spatial characteristics. Second, existing research on in-vehicle network IDS often limits validation and testing to a static dataset of a single vehicle model. This approach may not adequately address diverse potential attacks in a dynamic environment. Third, few studies of hybrid IDS can simultaneously implement in-vehicle and extra-vehicle network intrusion detection. Large language models (LLM) have shown outstanding applications in fields such as natural language processing (NLP) and computer vision (CV). In particular, bidirectional encoder representations from transformers (BERT) obtain new state-of-the-art results on eleven famous NLP tasks. Consequently, this paper introduces a hybrid network IDS in IoV utilising LLM, denoted as IoV-BERT-IDS. This framework encompasses four modules: semantic extractor (SE), input embedding, IoV-BERT-IDS pre-training, and IoV-BERT-IDS fine-tuning. To conform to the BERT model, the semantic extractor is introduced to transform traffic data devoid of apparent semantics into contextual semantics, comprising bidirectional and unidirectional SE. Through SE, controller area network (CAN) data is transformed into a CAN byte sentence (CBS), while extra-vehicle network traffic data is transformed into a traffic byte sentence (TBS). Additionally, two pre-training tasks, the masked byte word model (MBWM) and next byte sentence prediction (NBSP) are proposed to acquire bidirectional contextual features from contextual semantics. These features can be adapted to downstream tasks in both in-vehicle and extra-vehicle networks through fine-tuning. Experiments demonstrate that IoV-BERT-IDS outperforms in CICIDS, BoT-IoT, Car-Hacking, and In-vehicle network intrusion detection challenge (IVN-IDS) datasets and shows good generalisation capabilities to in-vehicle networks of different vehicles.