CN111669352B - Method and device for preventing denial of service attack - Google Patents
Method and device for preventing denial of service attack Download PDFInfo
- Publication number
- CN111669352B CN111669352B CN201910174174.2A CN201910174174A CN111669352B CN 111669352 B CN111669352 B CN 111669352B CN 201910174174 A CN201910174174 A CN 201910174174A CN 111669352 B CN111669352 B CN 111669352B
- Authority
- CN
- China
- Prior art keywords
- message
- target ecu
- ecu
- sending
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/48—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method and a device for preventing denial of service attack.A vehicle-mounted gateway judges the importance level of a target ECU (electronic control unit) sending an abnormal message when detecting that the currently received message is the abnormal message, if the importance level of the target ECU is low level, the target ECU is prohibited from sending the message to prevent denial of service attack, and if the target ECU is high level, the abnormal message is stopped from being forwarded to prevent denial of service attack. The vehicular gateway prohibits the ECU with low importance level from sending messages, thereby avoiding the attacked ECU from interfering with other ECUs in the same network segment or across network segments due to sending a large number of messages, and greatly enhancing the protection capability of the vehicular gateway against the denial of service attack.
Description
Technical Field
The application relates to the technical field of vehicle-mounted gateway firewalls, in particular to a method and a device for preventing denial of service attacks.
Background
With the development of the automobile towards the direction of intellectualization and networking, the communication between the automobile and the outside world is more and more, and the information security risk is higher and higher. Therefore, it is necessary to protect the vehicle from a plurality of layers such as an extranet, an intranet, and an Electronic Control Unit (ECU) to improve the capability of the vehicle against an attack.
Denial Of Service (DoS) is a common network attack, which means that after an attacker controls an ECU, the attacker injects a large amount Of messages into the network to occupy bandwidth, so that other ECUs cannot perform normal communication. At present, a CAN (controller Area network) bus protocol is mainly used in an in-vehicle network, and the ECUs are connected through a CAN bus type network topology. The CAN bus type network topology determines that the ECU on the bus is easily interfered by other ECUs, and because the CAN bus message does not contain the identity information of a sender, the sender is difficult to judge from the CAN bus message. In the existing DoS protection scheme, when a vehicle-mounted gateway detects that the sending frequency of a certain message forwarded by the vehicle-mounted gateway is too fast, the forwarding of the message is stopped. For example, the ECU01 sends a message with id (identifier) of 0x123 to the CAN1, when the ECU01 is controlled by an attacker, the attacker may accelerate the sending frequency of the message to achieve the purpose of breaking down the CAN network, and when the vehicle-mounted gateway detects that the sending frequency of the message is higher than the normal frequency, it is determined that the attacker is attacking through injecting the message 0x123, and then the vehicle-mounted gateway stops forwarding the message.
However, the existing protection scheme can only prevent the attack of the cross-network segment, but cannot prevent the attack of the same network segment, thereby greatly reducing the anti-denial-of-service attack capability of the automobile.
Disclosure of Invention
Therefore, it is necessary to provide a method and a device for preventing denial of service attack, aiming at the technical problems that the prior protection scheme can only prevent the attack of the cross-network segment and can not prevent the attack of the same network segment, and greatly reducing the capability of preventing denial of service attack of the automobile.
In a first aspect, an embodiment of the present application provides a method for preventing a denial of service attack, where the method includes:
judging the importance level of a target Electronic Control Unit (ECU) sending the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
if the importance level is a low level, the target ECU is prohibited from sending messages;
and if the importance level is high level, stopping forwarding the abnormal message.
In one embodiment, the determining, according to the received abnormal message, the importance level of the target ECU sending the abnormal message includes:
searching the target ECU from a message definition table according to the ID of the abnormal message; the message definition table comprises a corresponding relation between the ID of the message and the ECU;
determining an importance level of the target ECU from an ECU information table; the ECU information table includes a correspondence between ECUs and importance levels.
In one embodiment, before the stopping of forwarding the exception packet, the method includes:
detecting whether the abnormal message needs to be forwarded through a vehicle-mounted gateway or not;
and if the abnormal message needs to be forwarded through the vehicle-mounted gateway, stopping forwarding the abnormal message.
In one embodiment, the method further comprises:
and controlling the target ECU to recover to a normal working state.
In one embodiment, the controlling the target ECU to resume a normal operating state includes:
if the target ECU is in a low level, controlling the target ECU to resume sending messages according to a reset signal sent by a timing resetter; the reset signal carries the identification of the target ECU;
and if the target ECU is of a high grade, forwarding the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of a normal time timer.
In one embodiment, the forwarding the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of the normal time timer includes:
acquiring the sending frequency of a new message sent by the target ECU;
judging whether the sending frequency of the new message is smaller than a preset frequency threshold corresponding to the new message;
if the sending frequency of the new message is smaller than the preset frequency threshold of the new message, judging whether the value of the normal time timer is larger than a preset interval time threshold or not;
and if the value of the normal time timer is greater than the preset interval time threshold value, forwarding a new message sent by the target ECU.
In one embodiment, the method further comprises:
and if the sending frequency of the new message is greater than or equal to the preset frequency threshold of the new message, resetting the normal time timer to be 0.
In one embodiment, the controlling the target ECU to resume sending the message according to the reset signal sent by the timing resetter includes:
receiving a reset signal sent by the timing resetter;
and calling an electronic control unit reset service of the unified diagnostic service UDS to control the target ECU to recover sending messages according to the reset signal.
In one embodiment, the method further comprises:
acquiring the sending frequency of a received current message;
judging whether the sending frequency of the current message is greater than a preset frequency threshold corresponding to the current message;
and if the sending frequency of the current message is greater than the preset frequency threshold corresponding to the current message, determining that the current message is an abnormal message.
In one embodiment, the prohibiting the target ECU from sending a message includes:
disabling the target ECU from sending messages by invoking a communication control service of the UDS.
In a second aspect, an embodiment of the present application provides an apparatus for preventing a denial of service attack, where the apparatus includes:
the important grade judging module is used for judging the important grade of the target electronic control unit ECU which sends the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
the message sending forbidding module is used for forbidding the target ECU to send a message if the importance level is a low level;
and the message forwarding stopping module is used for stopping forwarding the abnormal message if the importance level is a high level.
In a third aspect, an embodiment of the present application provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the method in any one of the embodiments of the first aspect when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method described in any one of the embodiments of the first aspect.
According to the method and the device for preventing the denial of service attack, when the vehicle-mounted gateway detects that a currently received message is an abnormal message, the important level of a target ECU sending the abnormal message is judged firstly, if the important level of the target ECU is a low level, the target ECU is forbidden to send the message to prevent the denial of service attack, and if the target ECU is a high level, the abnormal message is stopped to be forwarded to prevent the denial of service attack. Because the key point of the denial of service attack in the vehicle is the ECU bearing the external communication function, and the grades of the ECUs bearing the external communication function are generally low, in the method, the vehicle-mounted gateway prohibits the ECU with low importance grade from sending messages, so that the attacked ECU is prevented from interfering with other ECUs in the same network segment or across network segments due to sending of a large number of messages, and for the ECU with high grade, the vehicle-mounted gateway can stop the denial of service attack by stopping forwarding, and the protection capability of the vehicle-mounted gateway on the denial of service attack is greatly enhanced.
Drawings
FIG. 1 is a diagram of an application environment of a method for preventing denial of service attacks according to an embodiment;
fig. 2 is a flowchart illustrating a method for preventing denial of service attack according to an embodiment;
fig. 3 is a flowchart illustrating a method for preventing denial of service attack according to an embodiment;
fig. 4 is a flowchart illustrating a method for preventing denial of service attack according to an embodiment;
fig. 5 is a flowchart illustrating a method for preventing denial of service attack according to an embodiment;
FIG. 5a is a complete diagram of a method for preventing denial of service attacks according to an embodiment;
fig. 6 is a flowchart illustrating a method for preventing denial of service attack according to an embodiment;
fig. 7 is a flowchart illustrating a method for preventing denial of service attacks according to an embodiment;
FIG. 7a is a schematic diagram of an embodiment of a low-level ECU resuming normal operation;
fig. 8 is a flowchart illustrating a method for preventing denial of service attacks according to an embodiment;
FIG. 8a is a schematic diagram illustrating an embodiment of a high-level ECU resuming normal operation;
fig. 9 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 10 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 11 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 12 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 13 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 14 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
fig. 15 is a block diagram illustrating an apparatus for preventing denial of service attack according to an embodiment;
FIG. 16 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The method for preventing denial of service attack provided by the present application may be applied to an application environment shown in fig. 1, where fig. 1 is a schematic diagram of each Electronic Control Unit (ECU) of a vehicle performing topology connection through a bus-type network, where a vehicle-mounted gateway is a core of a communication local area network in the vehicle, and is used to implement sharing of information on each bus and implement network management and fault diagnosis functions in the vehicle, where each ECU of the vehicle may be, for example, an ECU that carries functions of communicating externally, such as a remote information processor (T-Box) of the vehicle, or an ECU that is responsible for other functions, such as a vehicle-mounted dedicated central processing Unit (IVI), and this embodiment is not limited thereto.
Embodiments of the present application provide a method and an apparatus for preventing denial of service attack, which aim to solve the technical problems that the existing protection scheme can only prevent cross-network segment attacks but cannot prevent the same network segment attacks, thereby greatly reducing the capability of preventing denial of service attacks of automobiles. The following describes in detail the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems by embodiments and with reference to the drawings. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. It should be noted that, in the method for preventing denial of service attack provided by the present invention, the execution main bodies in fig. 2 to fig. 8 are computer devices, and the execution main bodies in fig. 2 to fig. 8 may also be apparatuses for preventing denial of service attack, where the apparatuses may be implemented as part or all of the apparatuses for preventing denial of service attack by software, hardware, or a combination of software and hardware.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention.
In an embodiment, fig. 2 provides a method for preventing denial of service attack, and the embodiment relates to a specific process of preventing denial of service attack in different ways according to the importance level of an ECU sending an abnormal message after an in-vehicle gateway receives the abnormal message. As shown in fig. 2, the method includes:
s101, judging the importance level of a target Electronic Control Unit (ECU) sending the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency.
In this embodiment, the message represents a message sent by each ECU in the vehicle through the CAN bus, where the abnormal message represents a message with an abnormal sending frequency, where the abnormal message is determined by detecting the sending frequency of the message after the vehicle gateway receives a message sent by one ECU, and it CAN be understood that, if the vehicle gateway detects that the current message is an abnormal message, the ECU sending the abnormal message is attacked by denial of service. In practical application, after determining that the received current message is an abnormal message, the vehicle-mounted gateway judges the importance level of the abnormal message, which is sent to the ECU, wherein the importance levels of the vehicle include two types: the vehicle-mounted gateway comprises a low grade and a high grade, wherein the two grades are predefined and stored in an ECU information table, and the vehicle-mounted gateway can directly inquire the ECU information table when needing to be used. For example, the in-vehicle gateway may determine the importance level of the ECU that sends the abnormal message by determining the sending ECU (target ECU) of the abnormal message and then determining the importance level of the target ECU. It should be noted that, the messages sent by the ECUs in the vehicle are generally predefined, each message has a fixed ID, and correspondingly, the ECUs in the vehicle also have identifiers for distinguishing and identifying the ECUs, and the identifiers of the messages and the identifiers of the ECUs may be numbers, letters, or a combination of the numbers and the letters, which is not limited in this embodiment. It should be noted that, the sending ECU of each message in the vehicle and the importance level of each ECU are already defined, and the content of the definition is stored in the on-board gateway in advance, and when the on-board gateway executes the step S101, the on-board gateway can directly call and inquire.
And S102, if the importance level is a low level, prohibiting the target ECU from sending a message.
Based on the step S101, if the importance level of the target ECU determined by the vehicle-mounted gateway is a low level, the vehicle-mounted gateway prohibits the target ECU from sending the message. In practical application, once the vehicle-mounted gateway finds that the target ECU is attacked by denial of service, the function of sending the message by the target ECU is prohibited, so that the target ECU is prevented from being interfered by normal work of other ECUs due to denial of service attack.
Optionally, one implementation manner for the vehicle-mounted gateway to prohibit the target ECU from sending the message includes: disabling the target ECU from sending messages by invoking a communication control service of a Universal Diagnostic Services (UDS). In practical application, the on-board gateway may prohibit the ECU with the low importance level from sending the message by calling the 0x28 service in the existing UDS function. Therefore, the vehicle-mounted gateway realizes the conditional protection of the CAN bus and the network segment against the denial of service attack by using the existing UDS function without increasing extra development workload, and enhances the protection capability of the firewall of the vehicle-mounted gateway against the denial of service attack. Optionally, in this step, the vehicle-mounted gateway sends an open signal to the timing resetter while prohibiting the target ECU from sending the message, so that the timing resetter records the prohibited time of the target ECU.
S103, if the importance level is high level, the abnormal message is stopped to be forwarded.
Based on the above step S101, if the in-vehicle gateway determines that the importance level of the target ECU is the high level, the in-vehicle gateway stops forwarding the abnormal message, and it can be understood that if the importance level of the ECU in the vehicle belongs to the high level, the in-vehicle gateway indicates that the ECU plays a significant role in the safe operation of the vehicle, so that the in-vehicle gateway stops forwarding the current abnormal message for the ECU in the high level so as not to affect the safety of the vehicle, thereby preventing the denial of service attack.
In the method for preventing denial of service attack provided in this embodiment, when detecting that a currently received message is an abnormal message, a vehicle-mounted gateway first determines an importance level of a target ECU that sends the abnormal message, and if the importance level of the target ECU is a low level, the vehicle-mounted gateway prohibits the target ECU from sending the message to prevent denial of service attack, and if the importance level of the target ECU is a high level, the vehicle-mounted gateway stops forwarding the abnormal message to prevent denial of service attack. Because the key point of the denial of service attack in the vehicle is the ECU bearing the external communication function, and the grades of the ECUs bearing the external communication function are generally low, in the method, the vehicle-mounted gateway prohibits the ECU with low importance grade from sending messages, so that the attacked ECU is prevented from interfering with other ECUs in the same network segment or across network segments due to sending of a large number of messages, and for the ECU with high grade, the vehicle-mounted gateway can stop the denial of service attack by stopping forwarding, and the protection capability of the vehicle-mounted gateway on the denial of service attack is greatly enhanced.
On the basis of the foregoing embodiment, as for a process in which the vehicle-mounted gateway determines, according to the received abnormal packet, the importance level of the target ECU that sends the abnormal packet, an embodiment of the present application provides a method for preventing a denial of service attack, as shown in fig. 3, where the foregoing step S101 includes:
s201, searching the target ECU from a message definition table according to the ID of the abnormal message; the message definition table includes a correspondence between the ID of the message and the ECU.
In this embodiment, the message definition table is used to store a data table of predefined message-related information, where the message definition table includes a correspondence between an ID of a message and an ECU, and may also include a predefined message sending period, an ECU for sending the message, and other information, which is not limited in this embodiment.
In practical application, the vehicle-mounted gateway may search the target ECU from the message definition table according to the ID of the abnormal message by first obtaining the ID of the abnormal message, then searching the ECU corresponding to the ID from the message definition table, and determining the searched ECU as the target ECU.
S202, determining the importance level of the target ECU from an ECU information table; the ECU information table includes a correspondence between ECUs and importance levels.
Based on the target ECU determined by the in-vehicle gateway in the step S201, the importance level of the target ECU is determined from an ECU information table, where the ECU information table is a data table storing information related to each ECU of the vehicle, and may include information such as a correspondence between the ECU and the importance level (high level or low level), a UDS request message ID of the ECU, a response message ID, and other information, and this embodiment is not limited thereto.
In the method for preventing denial of service attack provided by this embodiment, the vehicle-mounted gateway searches the target ECU from the message definition table according to the ID of the abnormal message, and then determines the importance level of the target ECU from the ECU information table, so as to execute different methods for preventing denial of service attack after determining the importance level of the target ECU, subtract the interference of the attacked ECU to other ECUs, and enhance the protection capability of the firewall of the vehicle-mounted gateway to denial of service attack.
Since in the step S103, when the importance degree of the attacked target ECU is high, the vehicle-mounted gateway stops forwarding the current abnormal packet, so that the precondition is that the abnormal packet needs to be forwarded by the vehicle-mounted gateway, and the vehicle-mounted gateway will execute the process of stopping forwarding, in an embodiment, the embodiment of the present application further provides a method for preventing denial of service attack, where the embodiment relates to a process in which the vehicle-mounted gateway determines whether the abnormal packet needs to pass through the vehicle-mounted gateway, as shown in fig. 4, the method includes:
s301, detecting whether the abnormal message needs to be forwarded through the vehicle-mounted gateway.
In this embodiment, the vehicle-mounted gateway may detect whether the abnormal packet needs to be forwarded through the vehicle-mounted gateway, where the vehicle-mounted gateway detects positions of a sending ECU and a receiving ECU of the abnormal packet, and then determines whether the positions of the sending ECU and the receiving ECU belong to the same network segment, if not, it indicates that the abnormal packet needs to be forwarded through the vehicle-mounted gateway, otherwise, the abnormal packet does not need to be forwarded through the vehicle-mounted gateway.
S302, if the abnormal message needs to be forwarded through the vehicle-mounted gateway, the abnormal message is stopped being forwarded.
Based on the step S301, after the vehicle-mounted gateway detects that the abnormal packet needs to be forwarded by the vehicle-mounted gateway, the step S103 is executed, that is, the forwarding of the abnormal packet is stopped.
In the method for preventing denial of service attack provided by this embodiment, the vehicle-mounted gateway first detects whether the abnormal packet needs to be forwarded by the vehicle-mounted gateway, and then stops forwarding the abnormal packet when it is detected that the abnormal packet needs to be forwarded by the vehicle-mounted gateway, so as to avoid interference of an attacked ECU to ECUs in other network segments, and enhance the protection capability of a firewall of the vehicle-mounted gateway to denial of service attack.
As for a detailed process of determining whether a current packet is an abnormal packet by a vehicle-mounted gateway, an embodiment of the present application provides a method for preventing a denial of service attack, where the embodiment relates to a specific process of determining whether the current packet is an abnormal packet by the vehicle-mounted gateway according to a sending frequency of the current packet, and as shown in fig. 5, the method includes:
s401, obtaining the sending frequency of the received current message.
In this embodiment, after receiving a message, the vehicle-mounted gateway first obtains the sending frequency of the currently received message, where the way for the vehicle-mounted gateway to obtain the sending frequency of the current message may be to calculate the sending times of the current message in a period, or may be other ways, and this embodiment does not limit this.
S402, judging whether the sending frequency of the current message is larger than a preset frequency threshold corresponding to the current message.
Based on the sending frequency of the current packet obtained by the vehicle-mounted gateway in the step S401, it is determined whether the sending frequency of the current packet is greater than a preset frequency threshold corresponding to the current packet, where the preset frequency threshold is predefined and stored in the packet definition table, and a specific value of the preset frequency threshold is not limited in this embodiment and may be determined according to an actual situation. It should be noted that, because the defined sending periods of each message are different, each message has a corresponding preset frequency threshold.
And S403, if the sending frequency of the current message is greater than the preset frequency threshold corresponding to the current message, determining that the current message is an abnormal message.
Based on the step S402, if the determination result of the vehicle-mounted gateway is that the sending frequency of the current message is greater than the preset frequency threshold of the current message, it is determined that the current message is an abnormal message.
In the method for preventing denial of service attack provided by this embodiment, the vehicle-mounted gateway compares the sending frequency of the current message with the preset frequency threshold corresponding to the current message, and determines that the current message is an abnormal message when the sending frequency of the current message is greater than the preset frequency threshold corresponding to the current message, so that after the received message is determined to be an abnormal message, the subsequent judgment of the importance level of the ECU sending the abnormal message and the execution of different methods for preventing denial of service attack according to different importance levels are performed, thereby avoiding the step of preventing denial of service attack being performed by mistake when the current message is a normal message, and improving the accuracy and effectiveness of preventing denial of service attack.
Exemplarily, in combination with the embodiments of fig. 2 to fig. 5, as shown in fig. 5a, the embodiment of the present application provides a complete flowchart for preventing a denial of service attack, where the execution steps in this example are as follows:
s01: after the vehicle-mounted gateway receives the message;
s02: calculating the sending frequency of the wireless communication device;
s03: comparing the transmit frequency to a predefined transmit frequency threshold;
s04: if the transmission frequency exceeds the predefined frequency threshold, performing S04; if the sending frequency does not exceed the predefined frequency threshold, the process ends;
s05: searching the sending ECU of the message from the message definition table, and if the searching is successful, executing S06; otherwise, the flow is ended;
s06: searching the importance level of the ECU from an ECU information table;
s07: judging that the importance level of the ECU is a low-level ECU, executing S08; otherwise, go to S11;
s08: the ECU is prohibited from sending messages by 28 service (communication control service) of the UDS;
s09: after the ECU is forbidden to send the message, a reset timer is started;
s10: the flow is finished;
s11: if the ECU is the ECU with the high importance level, whether the message is forwarded by the gateway is checked, if so, S12 is executed, otherwise, the process is ended;
s12: and stopping forwarding the message.
After the vehicle-mounted gateway prevents the attacked target ECU from being attacked by the denial of service attack through the above embodiments, the vehicle-mounted gateway also needs to control the target ECU to recover to a normal working state. The recovery operation is performed to avoid the problem that the function of the target ECU cannot be recovered after the denial of service attack is stopped. After the function of the target ECU for sending the message is forbidden, the vehicle-mounted gateway cannot confirm whether the attack is stopped, so that the target ECU is reset and the message sending is resumed only after a certain time interval, and whether the attack is stopped is confirmed.
In one embodiment, the method further comprises: and controlling the target ECU to recover to a normal working state. As shown in fig. 6, optionally, one implementation manner of the vehicle-mounted gateway controlling the target ECU to recover the normal operating state includes:
s501, if the target ECU is in a low grade, controlling the target ECU to resume sending messages according to a reset signal sent by a timing resetter; the reset signal carries an identification of the target ECU.
In this embodiment, when the target ECU is in a low level, the vehicle-mounted gateway may control the target ECU to resume the normal operating state according to a reset signal sent by the timing resetter, where the reset signal sent by the timing resetter carries an identifier of the target ECU. It should be noted that, at the beginning, when the vehicle-mounted gateway determines that the target ECU is of a low level, the timing resetter is started while the target ECU is prohibited from sending the message, so that the timing resetter records the prohibited time of the target ECU, and meanwhile, a predefined time interval is set according to experience in advance, so that the timing resetter sends out a reset signal after the recorded time reaches the predefined time interval.
Optionally, as shown in fig. 7, the controlling, by the vehicle-mounted gateway, the target ECU to resume sending the message according to the reset signal sent by the timing resetter includes:
and S601, receiving a reset signal sent by the timing resetter.
In the above S501, the timing restorer sends the reset signal to the vehicle gateway after the recording duration reaches the predefined time interval, please refer to step S21 in fig. 7a, where the vehicle gateway receives the reset signal sent by the timing restorer. It will be appreciated that the reset timer trigger in fig. 7a indicates that the time value on the reset timer has reached a predefined time interval, and a reset signal is issued.
And S602, calling an electric control unit reset service of the UDS to control the target ECU to resume sending the message according to the reset signal.
Based on the above step S601, since the reset signal sent by the timing resetter carries the identifier of the target ECU, please refer to step S22 of fig. 7a, the onboard gateway invokes the reset service (0X11 service) of the electronic control unit of the UDS to control the target ECU to resume the function of sending the message, that is, to reset the disabled ECU. Therefore, after the target ECU obtains the message sending function again, the vehicle-mounted gateway rechecks whether the attack still exists in the denial of service attack, and if the attack still exists in the denial of service attack, the vehicle-mounted gateway repeats the stopping process.
And S502, if the target ECU is of a high grade, forwarding the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of a normal time timer.
In this step, when the target ECU is of a low level, the vehicle-mounted gateway may forward the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of a normal time timer, where the normal time timer is started when the vehicle-mounted gateway determines that the target ECU is of a high level and stops forwarding the current abnormal message, and is used to record the time length after the vehicle-mounted gateway stops forwarding the abnormal message. The method for forwarding the new message sent by the target ECU by the vehicle-mounted gateway according to the sending frequency of the new message sent by the target ECU and the value of the normal time timer may be that the new message sent by the target ECU is forwarded when the sending frequency of the new message is normal and the value of the normal time timer is greater than a predefined time interval.
According to the method for preventing denial of service attack, the vehicle-mounted gateway executes different sending for recovering normal work according to different importance levels of the target ECU, so that the normal work of the vehicle ECU is ensured, and the execution of the step for subsequently checking whether the denial of service attack exists is facilitated. And after a predefined time interval, the vehicle-mounted gateway utilizes 11 services in the existing UDS function of the automobile ECU to reset the ECU and recover the message sending function of the automobile ECU so as to avoid the condition that the ECU function cannot be used after the denial of service attack is stopped.
For a detailed process that the vehicle-mounted gateway forwards the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of the normal time timer, as in the embodiment provided in fig. 8, S502 includes:
s701, acquiring the transmission frequency of the new message transmitted by the target ECU.
In this embodiment, please refer to steps S31 and S32 of fig. 8a, when receiving a new message sent by a target ECU, the vehicle-mounted gateway obtains the sending frequency of the new message, where the way for the vehicle-mounted gateway to obtain the sending frequency of the new message may be to calculate the sending times of the new message in one period.
S702, judging whether the sending frequency of the new message is smaller than a preset frequency threshold corresponding to the new message.
Based on the sending frequency of the new message sent by the target ECU obtained by the vehicle gateway in the step S701, please refer to S33 in fig. 8a, the vehicle gateway determines whether the sending frequency of the new message is less than a preset frequency threshold corresponding to the new message, where the preset frequency threshold corresponding to the new message is the same as the rule described in the above embodiment, and is preset and stored in the message definition table, and the vehicle gateway directly queries from the message definition table according to the ID of the new message when it needs to be used.
S703, if the sending frequency of the new message is less than the preset frequency threshold of the new message, judging whether the value of the normal time timer is greater than a preset interval time threshold.
In the step S702, if the determination result of the vehicle-mounted gateway is that the sending frequency of the new packet is less than the preset frequency threshold of the new packet, the vehicle-mounted gateway continues to determine whether the value of the normal time timer is greater than the preset interval time threshold, for example, the specific determination method may be that the vehicle-mounted gateway respectively obtains the time value on the normal time timer and the preset interval time threshold, and then compares the value of the normal time timer with the preset interval time threshold. The preset interval time threshold is defined by the user according to the actual situation, which is not limited in this embodiment.
S704, if the value of the normal time timer is larger than the preset interval time threshold, forwarding a new message sent by the target ECU.
Based on the step S703, if the vehicle-mounted gateway determines that the value of the normal time timer is greater than the preset interval time threshold, which indicates that the new message sent by the target ECU has recovered to normal, i.e. the attack of the target ECU has stopped, the vehicle-mounted gateway forwards the new message sent by the target ECU normally, so as to ensure the normal operation of each ECU.
Optionally, the S702 further includes an implementable manner: and if the sending frequency of the new message is greater than or equal to the preset frequency threshold of the new message, resetting the normal time timer to be 0.
In this implementation manner, as a result of the determination of the vehicle-mounted gateway in the step S702, if the sending frequency of the new message is greater than or equal to the preset frequency threshold of the new message, see step S36 in fig. 8a, this situation indicates that the new message still belongs to an abnormal message, that is, the target ECU is still in an attacked state, and then the vehicle-mounted gateway does not forward the new message, and resets the normal timer to 0, so as to ensure the accuracy of the value of the normal timer when determining the next message.
In the method for preventing denial of service attack provided by this embodiment, the vehicle-mounted gateway determines whether the sending frequency of a new message is normal, continues to determine the time length for which the previous abnormal message is stopped being forwarded under the condition that the sending frequency of the new message is normal, and determines that the attack of the target ECU is stopped only after the time length meets the preset interval time length, thereby greatly ensuring that the forwarded message is recovered to be a normal message, avoiding the vehicle from being attacked by denial of service, greatly reducing the loss of the vehicle when being attacked, and improving the public praise of the vehicle in the aspect of information security.
It should be understood that although the various steps in the flow charts of fig. 2-8 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-8 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 9, there is provided a denial of service attack prevention apparatus, the apparatus comprising: an importance level judging module 10, a message transmission forbidding module 11 and a message forwarding stopping module 12, wherein,
the importance level judging module 10 is used for judging the importance level of the target electronic control unit ECU which sends the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
a message sending prohibition module 11, configured to prohibit the target ECU from sending a message if the importance level is a low level;
and a message forwarding stopping module 12, configured to stop forwarding the abnormal message if the importance level is a high level.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, the message transmission prohibition module 11 is specifically configured to prohibit the target ECU from transmitting a message by invoking a communication control service of the UDS.
In one embodiment, as shown in fig. 10, there is provided an apparatus for preventing a denial of service attack, where the importance level determining module 10 includes: a target ECU search unit 101 and an importance level determination unit 102, wherein,
a target ECU searching unit 101, configured to search the target ECU from a message definition table according to the ID of the abnormal message; the message definition table comprises a corresponding relation between the ID of the message and the ECU;
an importance level determination unit 102 for determining an importance level of the target ECU from an ECU information table; the ECU information table includes a correspondence between ECUs and importance levels.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, as shown in fig. 11, there is provided a denial of service attack prevention apparatus, further comprising: the detection module 13 is adapted to, among other things,
the detection module 13 is configured to detect whether the abnormal packet needs to be forwarded through the vehicle-mounted gateway;
and a message forwarding stopping module 12, configured to stop forwarding the abnormal message if the abnormal message needs to be forwarded by the vehicle-mounted gateway.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, there is provided an apparatus for preventing denial of service attacks, the apparatus further comprising: and the recovery module 14 is used for controlling the target ECU to recover the normal working state.
In one embodiment, as shown in fig. 12, there is provided a device for preventing denial of service attack, where the recovery module 14 includes: resume send messaging unit 141 and resume forward messaging unit 142, wherein,
a message resuming and sending unit 141, configured to control the target ECU to resume sending the message according to a reset signal sent by the timing restorer if the target ECU is of a low level; the reset signal carries the identification of the target ECU;
a message resuming and forwarding unit 142, configured to forward, if the target ECU is of a high level, the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of the normal time timer.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, as shown in fig. 13, there is provided a device for preventing a denial of service attack, where the recovery forwarding packet unit 142 includes: an acquiring sub-unit 1421, a first determining sub-unit 1422, a second determining sub-unit 1423, and a forwarding packet sub-unit 1424, wherein,
an obtaining subunit 1421, configured to obtain a sending frequency of a new message sent by the target ECU;
a first determining subunit 1422, configured to determine whether the sending frequency of the new packet is less than a preset frequency threshold corresponding to the new packet;
a second determining subunit 1423, configured to determine, if the sending frequency of the new packet is smaller than the preset frequency threshold of the new packet, whether the value of the normal time timer is greater than a preset interval time threshold;
a message forwarding subunit 1424, configured to forward, if the value of the normal time timer is greater than the preset interval time threshold, the new message sent by the target ECU.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In an embodiment, the foregoing recover-forward-packet unit 142 is further configured to reset the normal time timer to 0 if the sending frequency of the new packet is greater than or equal to the preset frequency threshold of the new packet.
In one embodiment, as shown in fig. 14, there is provided a device for preventing denial of service attack, where the recovery transmission message unit 141 includes: a receive reset signal sub-unit 1411 and a recovery message transmitting sub-unit 1412, wherein,
a receiving reset signal subunit 1411, configured to receive a reset signal sent by the timing resetter;
and a recovery message sending subunit 1412, configured to invoke, according to the reset signal, an electronic control unit reset service of the unified diagnostic service UDS to control the target ECU to recover sending the message.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, as shown in fig. 15, there is provided a denial of service attack prevention apparatus, further comprising: a module for obtaining sending frequency 15, a module for judging sending frequency 16 and a module for determining abnormal messages 17, wherein,
a sending frequency obtaining module 15, configured to obtain a sending frequency of a received current packet;
a sending frequency judging module 16, configured to judge whether a sending frequency of the current packet is greater than a preset frequency threshold corresponding to the current packet;
and an abnormal message determining module 17, configured to determine that the current message is an abnormal message if the sending frequency of the current message is greater than a preset frequency threshold corresponding to the current message.
The implementation principle and technical effect of the device for preventing denial of service attack provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
For specific limitations of the apparatus for preventing denial of service attack, refer to the above limitations of the method for preventing denial of service attack, which are not described herein again. The modules in the above-mentioned apparatus for preventing denial of service attack may be wholly or partially implemented by software, hardware, or a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 16. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of preventing denial of service attacks. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 16 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
judging the importance level of a target Electronic Control Unit (ECU) sending the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
if the importance level is a low level, the target ECU is prohibited from sending messages;
and if the importance level is high level, stopping forwarding the abnormal message.
The implementation principle and technical effect of the computer device provided by the above embodiment are similar to those of the above method embodiment, and are not described herein again.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
judging the importance level of a target Electronic Control Unit (ECU) sending the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
if the importance level is a low level, the target ECU is prohibited from sending messages;
and if the importance level is high level, stopping forwarding the abnormal message.
The implementation principle and technical effect of the computer-readable storage medium provided by the above embodiments are similar to those of the above method embodiments, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for preventing denial of service attacks, the method comprising:
judging the importance level of a target Electronic Control Unit (ECU) sending the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
if the importance level is a low level, the target ECU is prohibited from sending messages;
and if the importance level is high level, stopping forwarding the abnormal message.
2. The method according to claim 1, wherein the determining the importance level of the target ECU sending the abnormal message according to the received abnormal message comprises:
searching the target ECU from a message definition table according to the ID of the abnormal message; the message definition table comprises a corresponding relation between the ID of the message and the ECU;
determining an importance level of the target ECU from an ECU information table; the ECU information table includes a correspondence between ECUs and importance levels.
3. The method according to claim 1 or 2, wherein before said stopping forwarding said exception packet, said method comprises:
detecting whether the abnormal message needs to be forwarded through a vehicle-mounted gateway or not;
and if the abnormal message needs to be forwarded through the vehicle-mounted gateway, stopping forwarding the abnormal message.
4. The method according to claim 1 or 2, characterized in that the method further comprises:
and controlling the target ECU to recover to a normal working state.
5. The method of claim 4, wherein the controlling the target ECU to resume a normal operating state comprises:
if the target ECU is in a low level, controlling the target ECU to resume sending messages according to a reset signal sent by a timing resetter; the reset signal carries the identification of the target ECU;
if the target ECU is of a high grade, forwarding a new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of a normal time timer; and the normal time timer is started when the target ECU is determined to be of a high grade and the current abnormal message is stopped being forwarded, and the value of the normal time timer represents the time length after the abnormal message is stopped being forwarded.
6. The method according to claim 5, wherein said forwarding the new message sent by the target ECU according to the sending frequency of the new message sent by the target ECU and the value of a normal time timer comprises:
acquiring the sending frequency of a new message sent by the target ECU;
judging whether the sending frequency of the new message is smaller than a preset frequency threshold corresponding to the new message;
if the sending frequency of the new message is smaller than the preset frequency threshold of the new message, judging whether the value of the normal time timer is larger than a preset interval time threshold or not;
and if the value of the normal time timer is greater than the preset interval time threshold value, forwarding a new message sent by the target ECU.
7. The method of claim 6, further comprising:
and if the sending frequency of the new message is greater than or equal to the preset frequency threshold of the new message, resetting the normal time timer to be 0.
8. The method according to claim 5, wherein the controlling the target ECU to resume sending messages according to the reset signal sent by the timing resetter comprises:
receiving a reset signal sent by the timing resetter;
and calling an electronic control unit reset service of the unified diagnostic service UDS to control the target ECU to recover sending messages according to the reset signal.
9. The method of claim 1, further comprising:
acquiring the sending frequency of a received current message;
judging whether the sending frequency of the current message is greater than a preset frequency threshold corresponding to the current message;
and if the sending frequency of the current message is greater than the preset frequency threshold corresponding to the current message, determining that the current message is an abnormal message.
10. An apparatus for preventing denial of service attacks, the apparatus comprising:
the important grade judging module is used for judging the important grade of the target electronic control unit ECU which sends the abnormal message according to the received abnormal message; the abnormal message is a message with abnormal sending frequency;
the message sending forbidding module is used for forbidding the target ECU to send a message if the importance level is a low level;
and the message forwarding stopping module is used for stopping forwarding the abnormal message if the importance level is a high level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910174174.2A CN111669352B (en) | 2019-03-08 | 2019-03-08 | Method and device for preventing denial of service attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910174174.2A CN111669352B (en) | 2019-03-08 | 2019-03-08 | Method and device for preventing denial of service attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111669352A CN111669352A (en) | 2020-09-15 |
| CN111669352B true CN111669352B (en) | 2022-04-19 |
Family
ID=72381896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910174174.2A Active CN111669352B (en) | 2019-03-08 | 2019-03-08 | Method and device for preventing denial of service attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111669352B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220012331A1 (en) * | 2021-09-24 | 2022-01-13 | Intel Corporation | Re-Training Intrusion Detection Fingerprints in the Presence of an Attacker |
| CN114978656B (en) * | 2022-05-17 | 2023-06-09 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet detection defense method and device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5522160B2 (en) * | 2011-12-21 | 2014-06-18 | トヨタ自動車株式会社 | Vehicle network monitoring device |
| EP2832070B1 (en) * | 2012-03-29 | 2020-05-20 | Arilou Information Security Technologies Ltd. | Device for protecting a vehicle electronic system |
| JP6369341B2 (en) * | 2015-01-30 | 2018-08-08 | 株式会社デンソー | In-vehicle communication system |
| CN105871830B (en) * | 2016-03-28 | 2019-03-08 | 成都信息工程大学 | A kind of firewall of automobile mounted information system |
| US10599840B2 (en) * | 2016-07-21 | 2020-03-24 | Ramot At Tel Aviv University Ltd. | Anti-spoofing defense system for a can bus |
| EP3300327A1 (en) * | 2016-09-27 | 2018-03-28 | Deutsche Telekom AG | Method and system for protecting an on-board communication network of a motor vehicle |
| CN106685967A (en) * | 2016-12-29 | 2017-05-17 | 同济大学 | Vehicle network communication encryption and intrusion monitoring device |
| CN108989024B (en) * | 2018-06-29 | 2023-04-14 | 百度在线网络技术(北京)有限公司 | Method, device and equipment for controlling communication between ECUs and corresponding vehicle |
-
2019
- 2019-03-08 CN CN201910174174.2A patent/CN111669352B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111669352A (en) | 2020-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107634959B (en) | Protection method, device and system based on automobile | |
| KR102524204B1 (en) | Apparatus and method for intrusion response in vehicle network | |
| US11522878B2 (en) | Can communication based hacking attack detection method and system | |
| US20240073233A1 (en) | System and method for providing security to in-vehicle network | |
| US10958470B2 (en) | Attributing bus-off attacks based on error frames | |
| JP2019133599A (en) | On-vehicle device and incident monitoring method | |
| CN109344609B (en) | TCU module, TCU system and protection method | |
| KR101966345B1 (en) | Method and System for detecting bypass hacking attacks based on the CAN protocol | |
| CN111669352B (en) | Method and device for preventing denial of service attack | |
| KR20060030037A (en) | Network attack combating method, network attack combating device and network attack combating program | |
| KR101972457B1 (en) | Method and System for detecting hacking attack based on the CAN protocol | |
| CN114244570B (en) | Illegal external connection monitoring method and device for terminal, computer equipment and storage medium | |
| KR102002517B1 (en) | Method and system for configuration of ecu security | |
| US20230087311A1 (en) | System and method for detection and prevention of cyber attacks at in-vehicle networks | |
| CN111726429B (en) | Communication method, device, equipment and medium | |
| KR102204655B1 (en) | A mitigation method against message flooding attacks for secure controller area network by predicting attack message retransfer time | |
| CN110808890B (en) | Communication processing method, communication processing device, storage medium and CAN bus communication system | |
| JP2022024266A (en) | Log analyzer | |
| US20220019669A1 (en) | Information processing device | |
| JP2021060778A (en) | Control unit and control method | |
| CN114401103B (en) | SMB remote transmission file detection method and device, electronic equipment and storage medium | |
| KR102204656B1 (en) | A mitigation system against message flooding attacks for secure controller area network by predicting transfer delay of normal can message | |
| JP2023170125A (en) | Security method and security device | |
| CN112153036A (en) | Security defense method and system based on proxy server | |
| CN112738219B (en) | Program running method, program running device, vehicle and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |