An ai-based intrusion detection system for identity-based advanced persistent threats in IoV networks.

Abstract

As vehicular networks evolve, so do the threats targeting them, particularly those that exploit identity mechanisms in subtle, persistent ways. This study addresses identity-based attacks in the Internet of Vehicles (IoV), focusing on Advanced Persistent Threat (APT)- like behaviors such as Sybil and replay attacks, which manipulate identity systems to evade detection. Using the Vehicular Misbehavior Detection (VeReMi) dataset, which simulates vehicular attack scenarios, we preprocess and reinterpret its attacks to align with identity misuse patterns, despite the dataset's lack of explicit long-term APT stages or real identity data. We propose a hybrid deep learning model that combines Temporal Convolutional Network (TCN)s, Transformers, Bidirectional Gated Recurrent Unit (BiGRU)s, and Squeeze-and-Excitation (SE) blocks to capture both short-term and long-term behavioral anomalies. The model is evaluated against benchmark architectures, with emphasis on minimizing false negatives, a critical requirement for IoV security. Experimental results demonstrate strong performance, achieving a 98.0% accuracy and a 0.9% false negative rate, highlighting its effectiveness in detecting identity-based threats. This work contributes practical insights for deploying adaptive, identity-aware Intrusion Detection System (IDS) in vehicular networks, bridging the gap between theoretical research and real-world applications.