Cybersecurity Model
The basic principles of IDS in this approach is to train the Artificial Intelligence (AI) model to get the features of normal CAN messages first, and then by monitoring the exchanging message and comparing it with the artificial intelligence model to distinguish between normal and abnormal messages. It consists of a Transformers architecture to detect malicious software automatically. A pretrained model is to be generated to capture various characteristics of both malicious and benign assembly codes. That improves the model’s detection performance. In this study, DL models learn representations (i.e., embeddings) from assembly instructions by encoding opcodes and operands. Then they identify the distance between the embeddings of two instructions to compute their similarity. The smaller the distance, the more similar functions are to each other. The transformer processes data on short-text, i.e sentence-level tasks such as paraphrase detection and sentiment analysis, or on short document texts such as reading comprehension and automatic summarization of news articles, and defines a new state-of-the-art with an attention mechanism that provides global dependencies between input and output. A random forest classification model can be designed that uses pre-processed features to characterize existing malicious and benign code pieces. It consists of a large number of individual decision trees that operate as an ensemble. Each individual tree in the random forest spits out a class prediction and the class with the most votes becomes our model’s prediction. The resulting random forest classification model can then distinguish between those code pieces by recognizing novel malware or benign assembly codes and also classifying malware into known types such as virus, worm, and trojan. For confidentiality protection of in-vehicle networks, the work of Munir and Koushanfar have been considered where the integrated design of secure and dependable CAN has been taken into account using a case study of steer-by-wire application, where an iterated block ciphers based symmetric encryption method (AES) is employed for confidentiality protection and HMAC is employed for integrity and authentication protection.