A Machine Learning-Based Intrusion Detection Framework with Labeled Dataset Generation for IEEE 802.1 Time-Sensitive Networking

TOPSAKAL M., CEVHER S., Ergenç D.

Journal of Systems Architecture, cilt.164, 2025 (SCI-Expanded) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 164
  • Basım Tarihi: 2025
  • Doi Numarası: 10.1016/j.sysarc.2025.103408
  • Dergi Adı: Journal of Systems Architecture
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, ABI/INFORM, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Compendex, Computer & Applied Sciences, INSPEC, DIALNET
  • Anahtar Kelimeler: Intrusion detection systems, LDoS attacks, Machine learning, TSN
  • Karadeniz Teknik Üniversitesi Adresli: Evet

Özet

IEEE 802.1 Time-Sensitive Networking (TSN) technology has been increasingly embraced in mission-critical systems to establish deterministic communication with bounded latency. Since safety and security are of prime importance in such systems, the protection of TSN protocols has also been elevated to one of the highest priorities. In this work, we present a machine learning (ML)-based intrusion detection framework against low-rate denial of service (LDoS) attacks on TSN-based platforms. In LDoS attacks, the message period of victim streams are subtly manipulated, that makes their detection more challenging. Addressing this challenge, we evaluate and compare several ML algorithms within our framework in terms of their attack detection performance and computational cost. We also explore two different mitigation strategies to alleviate the effects of data imbalance, which is imposed by the nature of LDoS. To the best of our knowledge, our work is the first in the literature by presenting an ML-based intrusion detection framework and a TSN dataset that contains simulated LDoS attacks targeting a TSN-based in-vehicle network.