A Machine Learning-Based Intrusion Detection Framework with Labeled Dataset Generation for IEEE 802.1 Time-Sensitive Networking

TOPSAKAL M., CEVHER S., Ergenç D.

Journal of Systems Architecture, vol.164, 2025 (SCI-Expanded, Scopus) identifier identifier

  • Publication Type: Article / Article
  • Volume: 164
  • Publication Date: 2025
  • Doi Number: 10.1016/j.sysarc.2025.103408
  • Journal Name: Journal of Systems Architecture
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, ABI/INFORM, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Compendex, Computer & Applied Sciences, INSPEC, DIALNET
  • Keywords: Intrusion detection systems, LDoS attacks, Machine learning, TSN
  • Karadeniz Technical University Affiliated: Yes

Abstract

IEEE 802.1 Time-Sensitive Networking (TSN) technology has been increasingly embraced in mission-critical systems to establish deterministic communication with bounded latency. Since safety and security are of prime importance in such systems, the protection of TSN protocols has also been elevated to one of the highest priorities. In this work, we present a machine learning (ML)-based intrusion detection framework against low-rate denial of service (LDoS) attacks on TSN-based platforms. In LDoS attacks, the message period of victim streams are subtly manipulated, that makes their detection more challenging. Addressing this challenge, we evaluate and compare several ML algorithms within our framework in terms of their attack detection performance and computational cost. We also explore two different mitigation strategies to alleviate the effects of data imbalance, which is imposed by the nature of LDoS. To the best of our knowledge, our work is the first in the literature by presenting an ML-based intrusion detection framework and a TSN dataset that contains simulated LDoS attacks targeting a TSN-based in-vehicle network.