{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T21:23:39Z","timestamp":1743110619241,"version":"3.40.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031434297"},{"type":"electronic","value":"9783031434303"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-43430-3_12","type":"book-chapter","created":{"date-parts":[[2023,9,16]],"date-time":"2023-09-16T06:02:16Z","timestamp":1694844136000},"page":"192-209","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["RulEth: Genetic Programming-Driven Derivation of\u00a0Security Rules for\u00a0Automotive Ethernet"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5735-0787","authenticated-orcid":false,"given":"Felix Clemens","family":"Gail","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3461-0520","authenticated-orcid":false,"given":"Roland","family":"Rieke","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2707-2763","authenticated-orcid":false,"given":"Florian","family":"Fenzl","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,9,17]]},"reference":[{"key":"12_CR1","unstructured":"Upstream: 2023 global automotive cybersecurity report (2023). https:\/\/upstream.auto\/reports\/global-automotive-cybersecurity-report\/. Accessed 19 June 2023"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy 2010, pp. 305\u2013316 (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"12_CR3","unstructured":"Lundberg, H.: Increasing the trustworthiness of AI-based in-vehicle ids using explainable AI. Master\u2019s thesis, Mid Sweden University (2022)"},{"key":"12_CR4","unstructured":"Rastogi, N., Rampazzi, S., Clifford, M., Heller, M., Bishop, M., Levitt, K.: Explaining radar features for detecting spoofing attacks in connected autonomous vehicles (2022). https:\/\/arxiv.org\/abs\/2203.00150"},{"key":"12_CR5","unstructured":"European Commission: Directorate-General for Communications Networks, Content and Technology, Ethics guidelines for trustworthy AI. Publications Office (2019)"},{"key":"12_CR6","doi-asserted-by":"publisher","DOI":"10.1017\/9781108895248","volume-title":"Automotive Ethernet","author":"K Matheus","year":"2021","unstructured":"Matheus, K., K\u00f6nigseder, T.: Automotive Ethernet. Cambridge University Press, Cambridge (2021)"},{"key":"12_CR7","unstructured":"AUTOSAR: Some\/IP protocol specification (2016). https:\/\/www.autosar.org\/fileadmin\/standards\/foundation\/1-4\/AUTOSAR_PRS_SOMEIPProtocol.pdf. Accessed 31 Mar 2023"},{"key":"12_CR8","unstructured":"AUTOSAR: Autosar partnership (2022). https:\/\/www.autosar.org\/. Accessed 31 Mar 2023"},{"issue":"3","key":"12_CR9","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1109\/MVT.2020.2980444","volume":"15","author":"M Iorio","year":"2020","unstructured":"Iorio, M., Buttiglieri, A., Reineri, M., Risso, F., Sisto, R., Valenza, F.: Protecting in-vehicle services: security-enabled some\/IP middleware. IEEE Veh. Technol. Mag. 15(3), 77\u201385 (2020)","journal-title":"IEEE Veh. Technol. Mag."},{"key":"12_CR10","unstructured":"Kreissl, J.: Absicherung der some\/IP kommunikation bei adaptive autosar. Master\u2019s thesis, University of Stuttgart (2017)"},{"issue":"2","key":"12_CR11","first-page":"2","volume":"5","author":"A Perrig","year":"2002","unstructured":"Perrig, A., Canetti, R., Tygar, J.D., Song, D.: The tesla broadcast authentication protocol. RSA Cryptobytes 5(2), 2\u201313 (2002)","journal-title":"RSA Cryptobytes"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Zelle, D., Kern, D., Lauser, T., Kraus, C.: Analyzing and securing some\/IP automotive services with formal and practical methods. In: 4th International Conference on Availability, Reliability and Security (ARES). ACM (2021)","DOI":"10.1145\/3465481.3465748"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Yu, J., Wagner, S., Wang, B., Luo, F.: A systematic mapping study on security countermeasures of in-vehicle communication systems, arXiv preprint arXiv:2105.00183 (2021)","DOI":"10.4271\/11-04-02-0005"},{"key":"12_CR14","unstructured":"Herold, N.: Incident handling systems with automated intrusion response. Ph.D. dissertation, Technische Universit\u00e4t M\u00fcnchen (2017)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Gehrmann, T., Duplys, P.: Intrusion detection for some\/IP: challenges and opportunities. In: 2020 23rd Euromicro Conference on Digital System Design (DSD), pp. 583\u2013587. IEEE (2020)","DOI":"10.1109\/DSD51259.2020.00096"},{"key":"12_CR16","unstructured":"Li, W.: Using genetic algorithm for network intrusion detection. In: Proceedings of the United States Department of Energy Cyber Security Group, vol. 1, pp. 1\u20138 (2004)"},{"key":"12_CR17","unstructured":"Gong, R.H., Zulkernine, M., Abolmaesumi, P.: A software implementation of a genetic algorithm based approach to network intrusion detection. In: Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network, pp. 246\u2013253 (2005)"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"2325","DOI":"10.1007\/3-540-45110-2_125","volume-title":"Genetic and Evolutionary Computation \u2014 GECCO 2003","author":"D Song","year":"2003","unstructured":"Song, D., Heywood, M.I., Zincir-Heywood, A.N.: A linear genetic programming approach to intrusion detection. In: Cant\u00fa-Paz, E., et al. (eds.) GECCO 2003. LNCS, vol. 2724, pp. 2325\u20132336. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-45110-2_125"},{"issue":"2","key":"12_CR19","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/s00500-012-0890-9","volume":"17","author":"J G\u00f3mez","year":"2013","unstructured":"G\u00f3mez, J., Gil, C., Ba\u00f1os, R., M\u00e1rquez, A.L., Montoya, F.G., Montoya, M.G.: A pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems. Soft Comput. 17(2), 255\u2013263 (2013)","journal-title":"Soft Comput."},{"key":"12_CR20","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1016\/j.asoc.2015.04.041","volume":"33","author":"S Rastegari","year":"2015","unstructured":"Rastegari, S., Hingston, P., Lam, C.-P.: Evolving statistical rulesets for network intrusion detection. Appl. Soft Comput. 33, 348\u2013359 (2015)","journal-title":"Appl. Soft Comput."},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Buschlinger, L., Rieke, R., Sarda, S., Krau\u00df, C.: Decision tree-based rule derivation for intrusion detection in safety-critical automotive systems. In: 2022 30th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 246\u2013254 (2022)","DOI":"10.1109\/PDP55904.2022.00046"},{"issue":"1","key":"12_CR22","first-page":"229","volume":"99","author":"M Roesch","year":"1999","unstructured":"Roesch, M., et al.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229\u2013238 (1999)","journal-title":"Lisa"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Alkhatib, N., Ghauch, H., Danger, J.-L.: Some, IP intrusion detection using deep learning-based sequential models in automotive ethernet networks. In: IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) 2021, pp. 0954\u20130962 (2021)","DOI":"10.1109\/IEMCON53756.2021.9623129"},{"issue":"2","key":"12_CR24","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198\u2013208 (1983)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Hussain, A., Heidemann, J., Papadopoulos, C.: A framework for classifying denial of service attacks. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 99\u2013110 (2003)","DOI":"10.1145\/863955.863968"},{"key":"12_CR26","unstructured":"Zdun, U., Strembeck, M.: Reusable architectural decisions for DSL design: foundational decisions in DSL development. In: 14th European Conference on Pattern Languages of Programs (EuroPLoP) (2009)"},{"key":"12_CR27","unstructured":"Anonimized: Additional paper resources (2023). https:\/\/anonymous.4open.science\/r\/ruleth-paper-resources-8D62. Accessed 30 Mar 2023"},{"key":"12_CR28","unstructured":"UN Regulation No. 156: Uniform provisions concerning the approval of vehicles with regards to software update and software updates management system. United Nations (2021). https:\/\/unece.org\/sites\/default\/files\/2021-03\/R156e.pdf. Accessed 31 Mar 2023"},{"key":"12_CR29","unstructured":"Koza, J.R.: Non-linear genetic algorithms for solving problems. United States Patent 4935877, 19 June 1990, filed may 20, 1988, issued June 19, 1990, 4,935,877. Australian patent 611,350 issued 21 September 1991. Canadian patent 1,311,561 issued 15 December 1992"},{"key":"12_CR30","unstructured":"Python Software Foundation: Python3 (2022). https:\/\/www.python.org\/. Accessed 31 Mar 2023"},{"key":"12_CR31","unstructured":"De Rainville, F.-M., Fortin, F.-A., Gardner, M.-A., Parizeau, M., Gagn\u00e9, C.: Deap: a python framework for evolutionary algorithms. In: Proceedings of the 14th Annual Conference Companion on Genetic and Evolutionary Computation, pp. 85\u201392 (2012)"},{"key":"12_CR32","volume-title":"Genetic Programming: On the Programming of Computers by Means of Natural Selection","author":"JR Koza","year":"1992","unstructured":"Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection, vol. 1. MIT Press, Cambridge (1992)"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Fenzl, F., Rieke, R., Dominik, A.: In-vehicle detection of targeted can bus attacks. In: The 16th International Conference on Availability, Reliability and Security, pp. 1\u20137 (2021)","DOI":"10.1145\/3465481.3465755"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Eclipse: Xtend (2022). https:\/\/www.eclipse.org\/xtend. Accessed 31 Mar 2023","DOI":"10.2307\/j.ctv1hggk96.10"},{"key":"12_CR35","unstructured":"seladb. Pcapplusplus (2022). https:\/\/pcapplusplus.github.io\/. Accessed 31 Mar 2023"},{"key":"12_CR36","unstructured":"Granberg, N.: Evaluating the effectiveness of free rule sets for snort. Master\u2019s thesis, Link\u00f6ping University, Department of Computer and Information Science, Database and Information Techniques (2022)"},{"key":"12_CR37","unstructured":"Independent High-Level Expert Group on Artificial Intelligence: Ethics guidelines for trustworthy AI. European Commission (2019). https:\/\/ec.europa.eu\/newsroom\/dae\/document.cfm?doc_id=60419. Accessed 31 Mar 2023"}],"container-title":["Lecture Notes in Computer Science","Machine Learning and Knowledge Discovery in Databases: Applied Data Science and Demo Track"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-43430-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T21:32:09Z","timestamp":1701034329000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-43430-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031434297","9783031434303"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-43430-3_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"17 September 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"In this paper we present RulEth, a Genetic Programming based solution to generate security rules with the ability to detect attacks based on the packet flow. During the design process, we followed the seven key requirements derived by the European ethics guidelines for trustworthy AI\u00a0[], namely (1)\u00a0human agency and oversight, (2)\u00a0technical robustness and safety, (3)\u00a0privacy and data governance, (4)\u00a0transparency, (5)\u00a0diversity, non-discrimination and fairness, (6)\u00a0environmental and societal well-being and (7)\u00a0accountability. In fact, one major research goal was to improve the current state of human agency, transparency, and accountability in intrusion detection systems.<i>Human Agency and Oversight.<\/i> Human Agency is coupled tightly with the developed architecture, as a human-in-the-loop can interact with each step of the rule generation process, and hold back, improve or generate self-written rules as measures of quality control for the generated model.<i>Technical Robustness and Safety.<\/i> In order to maintain the confidentiality and safety of the system, adherence to UN regulation R156\u00a0[] is required for uploading logs to the backend and provisioning new rules. The traffic logging module within the vehicle must be secured using trusted computing and authenticated with the backend. Furthermore, the backend must operate within a secure environment.<i>Privacy and Data Governance.<\/i> In order to ensure data governance, we envision the sharing of logs from a users vehicle to be optional, verifying informed consent. Additionally, the privacy of shared data is reached during the aggregation phase. Attacks should not depend on personal information like GPS coordinates, therefore the data can be anonymized.<i>Transparency.<\/i> The design focuses around transparency, as rules are explainable and easy to understand through the use of a Domain Specific Language. Alerts generated by the system contain the rule and packets responsible for the decision, ensuring traceability.<i>Diversity, Non-Discrimination and Fairness.<\/i> We try to mitigate unfair bias by using a blacklist approach, denying only communications that exactly match an anomaly pattern.<i>Environmental and Societal Well-Being.<\/i> The goal of the system is to detect anomalies in the packet flow, we do not see the risk of a negative impact on the society. The detection of anomalies using rules is lightweight, minimizing a negative environmental impact.<i>Accountability.<\/i> The proposed rule-generation mechanism together with the human approval of the rules facilitate the system\u2019s auditability and traceability, as well as logging and documentation of the AI system\u2019s processes and outcomes.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Discussion"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2023.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CMT","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"829","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"196","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.63","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Applied Data Science Track: 239 submissions, 58 accepted papers; Demo Track: 31 submissions, 16 accepted papers.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}