CN114866308A - Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform - Google Patents
Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform Download PDFInfo
- Publication number
- CN114866308A CN114866308A CN202210460264.XA CN202210460264A CN114866308A CN 114866308 A CN114866308 A CN 114866308A CN 202210460264 A CN202210460264 A CN 202210460264A CN 114866308 A CN114866308 A CN 114866308A
- Authority
- CN
- China
- Prior art keywords
- data
- intrusion detection
- fourier transform
- fast fourier
- vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 44
- 238000004364 calculation method Methods 0.000 claims abstract description 21
- 238000013480 data collection Methods 0.000 claims description 9
- 238000004088 simulation Methods 0.000 claims description 3
- 238000001228 spectrum Methods 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 claims description 2
- 238000000034 method Methods 0.000 abstract description 17
- 230000036541 health Effects 0.000 abstract description 7
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Burglar Alarm Systems (AREA)
Abstract
A vehicle network intrusion detection method, a device, equipment and a storage medium based on fast Fourier transform are disclosed, wherein the method comprises the following steps: setting an alarm frequency threshold value and a maximum tolerance value; collecting kernel operation load data and bus load rate data in a unit time period; performing fast Fourier transform on the operation load data and the bus load rate data to obtain frequency domain characteristics; comparing the calculation result with the alarm frequency threshold value, judging whether the calculation result is within the range of the alarm frequency threshold value, if so, returning to execute S20; if not, marking as a suspicious event, and executing the next step; accumulating the occurrence time of the suspicious event, judging whether the occurrence time exceeds the maximum tolerance value, and if so, returning to execute the next step; if not, returning to execute S20; the system alarms and starts safety protection measures. The invention can carry out intrusion detection on the vehicle-mounted network, macroscopically identifies the system health degree, and realizes intrusion detection with lower false alarm rate.
Description
Technical Field
The invention relates to the technical field of network intrusion detection, in particular to a vehicle-mounted network intrusion detection method, a device, equipment and a storage medium based on fast Fourier transform.
Background
The vehicle-mounted network consists of an Electronic Control Unit (ECU) and a bus, and integrates automatic control, communication, a computer and the like. In recent years, concepts such as internet of vehicles, intelligent automobiles, unmanned driving, intelligent transportation and the like are proposed, so that information interaction between an external network and an automobile is more and more frequent.
With the increase of multi-network integration application, the information interaction between the vehicle-mounted electronic equipment and the external electronic control unit is more and more, the attack threat and risk types faced by the vehicle-mounted network are all the time, wherein the denial of service or blocking attack is a common attack type in the vehicle-mounted bus network, the denial of service attack is physically connected through the bus monitoring equipment, a large amount of invalid data is sent, the bus bandwidth is occupied, the bus is blocked, and the real-time transmission of legal data is directly influenced.
Disclosure of Invention
In view of the above, the technical problems to be solved by the present invention are: the vehicle-mounted network intrusion detection method, the device, the equipment and the storage medium based on the fast Fourier transform are provided, intrusion detection can be performed on a vehicle-mounted network, the system health degree is identified macroscopically, and intrusion detection is realized at a lower false alarm rate.
In order to solve the technical problems, the technical scheme of the invention is as follows:
in a first aspect, the invention discloses a vehicle network intrusion detection method based on fast fourier transform, which comprises the following steps:
s10, setting an alarm frequency threshold value aiming at system intrusion detection and a maximum tolerance value aiming at the occurrence time of a suspicious event;
s20, collecting kernel operation load data of an ECU real-time operating system in a unit time period and bus load rate data of a vehicle-mounted network;
s30, performing fast Fourier transform on the operation load data and the bus load rate data, and obtaining frequency domain characteristics based on time domain data;
s40, comparing a calculation result obtained based on the frequency domain characteristics with the alarm frequency threshold, judging whether the calculation result is in the range of the alarm frequency threshold, and if so, returning to execute S20; if not, recording the suspicious event as the suspicious event, and executing the next step;
s50, accumulating the occurrence time of the suspicious event, judging whether the occurrence time exceeds the maximum tolerance value, if so, returning to execute the next step; if not, returning to execute S20;
and S60, alarming by the system and starting safety protection measures.
Preferably, the calculation result includes obtaining an amplitude spectrum per unit time period based on the frequency domain feature.
Preferably, the alarm frequency threshold for system intrusion detection includes a range value obtained by performing fast fourier transform on the kernel operation load data and the bus load rate data of the ECU real-time operating system in a simulation state and during normal operation of the vehicle.
Preferably, the bus load rate includes a CAN bus load rate and a CANFD bus load rate.
Preferably, the safety protection measures include closing the data receiving channel by the ECU and stopping data reception.
In a second aspect, the present invention discloses a vehicle network intrusion detection device based on fast fourier transform, the device includes:
the evaluation module is used for aiming at an alarm frequency threshold value of system intrusion detection and a maximum tolerance value of suspicious event occurrence time;
the data collection module is used for collecting kernel operation load data of an ECU real-time operating system and bus load rate data of a vehicle-mounted network in a unit time period;
the data calculation module is used for performing fast Fourier transform on the operation load data and the bus load rate data and obtaining frequency domain characteristics based on time domain data;
the threshold value judging module is used for comparing a calculation result obtained based on the frequency domain characteristics with the alarm frequency threshold value;
the time judging module is used for accumulating the occurrence time of the suspicious event and judging whether the occurrence time exceeds the maximum tolerance value;
and the result output module is used for outputting the final judgment result.
Preferably, the method further comprises the following steps:
the return execution module is used for returning to the data collection module after the calculation result is compared with the alarm frequency threshold value; and
and the occurrence time is compared with the maximum tolerance value and then returned to the data collection module.
In a third aspect, the present invention discloses a computer device comprising:
a processor; and
a memory storing a program or instructions executable on the processor, the program or instructions when executed by the processor implementing the steps of the fast fourier transform based intrusion detection method for a vehicular network as described in the first aspect.
In a fourth aspect, the present invention discloses a computer readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the fast fourier transform based intrusion detection method for a vehicle network according to the first aspect.
After the technical scheme is adopted, the invention has the beneficial effects that:
in the invention, by setting an alarm frequency threshold value aiming at system intrusion detection, a maximum tolerance value aiming at suspicious event occurrence time, and collecting kernel operation load data of an ECU real-time operating system and bus load rate data of a vehicle-mounted network in a unit time period, the system health degree can be macroscopically identified to a certain extent, the system health degree has a detection effect on data which is not strong in randomness performance and has regularity, the collected kernel operation load data and the bus load rate are subjected to fast Fourier transform to obtain frequency domain characteristics, a calculation result obtained based on the frequency domain characteristics is compared with the alarm frequency threshold value, the data which are positioned outside the alarm frequency threshold value range are marked as suspicious events, then the suspicious events are timed, and if the maximum tolerance value is exceeded, intrusion is judged to exist, and alarm and safety protection are carried out. The invention aims to obtain the system running state according to the kernel running load data, and realize the detection of the network bus intrusion by performing fast Fourier transform by using the attribute data of the macroscopic system health degree and by acquiring the data of the system running state and the bus load rate, thereby having lower false alarm rate and fast detection effect.
Drawings
The invention is further illustrated with reference to the following figures and examples.
Fig. 1 is a general flowchart of a method for detecting vehicle network intrusion based on fast fourier transform according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for detecting vehicle network intrusion based on fast fourier transform according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a vehicle network intrusion detection device based on fast fourier transform according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1 and fig. 2, the present invention discloses a vehicle network intrusion detection method based on fast fourier transform, comprising the following steps:
s10, setting an alarm frequency threshold value aiming at system intrusion detection and a maximum tolerance value aiming at the occurrence time of a suspicious event;
the alarm frequency threshold value for the system intrusion detection comprises a range value obtained by performing fast Fourier transform on kernel operation load data of an ECU real-time operating system and bus load rate data of a vehicle-mounted network in a simulation state and in normal operation of a vehicle.
S20, collecting kernel operation load data of an ECU real-time operating system in a unit time period and bus load rate data of a vehicle-mounted network;
the bus load rate comprises a CAN bus load rate and a CAN FD bus load rate.
S30, performing fast Fourier transform on the operation load data and the bus load rate data, and obtaining frequency domain characteristics based on the time domain data;
s40, comparing the calculation result obtained based on the frequency domain characteristics with an alarm frequency threshold, judging whether the calculation result is in the range of the alarm frequency threshold, if so, returning to execute S20; if not, marking as a suspicious event, and executing the next step;
for the present invention, the calculation results include obtaining an amplitude spectrum per unit time period based on the frequency domain characteristics.
S50, accumulating the occurrence time of the suspicious event, judging whether the occurrence time exceeds the maximum tolerance value, if so, returning to execute the next step; if not, returning to execute S20;
s60, alarming by the system, and starting safety protection measures;
the safety protection measures comprise that the data receiving channel is closed through the ECU, and data receiving is stopped.
In the invention, the kernel operation load data cpu load in the embedded operating system generally refers to the proportion of the kernel operating time in the total time, and the basic principle is as follows: the CPU Utilization is word _ time/total _ time, wherein the total _ time is word _ time + idle _ time.
In a single processor, thread 1 is first operated for 10ms, thread 2 is operated for 30ms, and then the CPU is idle for 60 ms. Then the CPU utilization is 40% for the 100ms period. At present, most ECU kernels are in a multi-core and multi-thread mode, and each kernel has an indication parameter of kernel operation load data.
In the embedded operating system, the kernel run load data CPU load is statistical information of the sum of the number of processes that the CPU is processing and waiting for the CPU to process in a period of time, that is, statistical information of the length of the CPU use queue. The embedded operating system is a real-time interrupt preemptive control system, and the long-term retention of threads and interrupt preemptive queues is also an expression of CPU overload.
In the power-on working state of the ECU, all thread tasks or interrupts are dynamically executed, and no matter the whole vehicle runs or is static at this time, the kernel running load data is also a dynamic numerical value, so that the running health degree of the current ECU system can be intuitively reflected in real time.
The bus load rate refers to the percentage of bandwidth occupied by bus transfer data within 1 s.
The fast Fourier transform is a classical method of frequency domain analysis, and can effectively extract the frequency domain characteristics of a sample sequence.
According to the invention, the acquired kernel operation load data and the bus load rate are subjected to fast Fourier transform, frequency domain characteristics are obtained based on time domain data, the amplitude value of the frequency is obtained and compared with a preset alarm frequency threshold value aiming at system intrusion detection, whether network intrusion exists is judged, and the method has the advantages of macroscopically identifying the system health degree and reducing the false alarm rate; and meanwhile, the detected suspicious event is timed and compared with the maximum tolerance value, and if the suspicious event exceeds the maximum tolerance value, the network intrusion is judged to exist, and further, the false alarm rate is reduced.
As shown in fig. 3, the present invention discloses a vehicle network intrusion detection device based on fast fourier transform, the device includes:
an assignment module 71, configured to set an alarm frequency threshold for system intrusion detection and a maximum tolerance value for a suspicious event occurrence time;
the data collection module 72 is used for collecting kernel operation load data of the ECU real-time operating system and bus load rate data of the vehicle-mounted network in a unit time period;
a data calculation module 73, configured to perform fast fourier transform on the operation load data and the bus load rate data, and obtain frequency domain characteristics based on the time domain data;
a threshold judgment module 74, configured to compare a calculation result obtained based on the frequency domain characteristics with an alarm frequency threshold;
a time judgment module 75, configured to accumulate occurrence time of a suspicious event, and judge whether the occurrence time exceeds a maximum tolerance value;
and a result output module 76 for outputting the final determination result.
Preferably, the method further comprises the following steps:
a return execution module 77, configured to return to the data collection module after the calculation result is compared with the alarm frequency threshold; and
and the occurrence time is compared with the maximum tolerance value and then returned to the data collection module.
The vehicle-mounted network intrusion detection device based on the fast fourier transform provided by the embodiment of the present invention can implement each process implemented by the vehicle-mounted network intrusion detection method based on the fast fourier transform in the method embodiment of fig. 1, and is not described herein again in order to avoid repetition.
As shown in fig. 4, the present invention discloses a computer apparatus, comprising:
a processor 81; and
the memory 82 and the memory 82 store programs or instructions that can be executed on the processor 81, and when the programs or instructions are executed by the processor 81, the processes implemented by the vehicle-mounted network intrusion detection method based on the fast fourier transform in the embodiment of the method in fig. 1 are implemented, and are not described herein again to avoid repetition.
The present invention further discloses a computer readable storage medium, where a program or an instruction is stored, and when the program or the instruction is executed by a processor, the program or the instruction implements each process implemented by the vehicle-mounted network intrusion detection method based on fast fourier transform in the method embodiment of fig. 1, and in order to avoid repetition, details are not repeated here.
The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the division of the module is only one logical division, and other divisions may be possible in actual implementation, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. The shown or discussed mutual coupling, direct coupling or communication connection may be an indirect coupling or communication connection of devices or modules through some interfaces, and may be in an electrical, mechanical or other form.
Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on or transmitted over a computer-readable storage medium. The computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)), or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a read-only memory (ROM), or a Random Access Memory (RAM), or a magnetic medium, such as a floppy disk, a hard disk, a magnetic tape, a magnetic disk, or an optical medium, such as a Digital Versatile Disk (DVD), or a semiconductor medium, such as a Solid State Disk (SSD).
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (9)
1. A vehicle-mounted network intrusion detection method based on fast Fourier transform is characterized by comprising the following steps:
s10, setting an alarm frequency threshold value aiming at system intrusion detection and a maximum tolerance value aiming at the occurrence time of a suspicious event;
s20, collecting kernel operation load data of the ECU real-time operating system in a unit time period and bus load rate data of a vehicle-mounted network;
s30, performing fast Fourier transform on the operation load data and the bus load rate data, and obtaining frequency domain characteristics based on time domain data;
s40, comparing a calculation result obtained based on the frequency domain characteristics with the alarm frequency threshold, judging whether the calculation result is in the range of the alarm frequency threshold, and if so, returning to execute S20; if not, recording the suspicious event as the suspicious event, and executing the next step;
s50, accumulating the occurrence time of the suspicious event, judging whether the occurrence time exceeds the maximum tolerance value, if so, returning to execute the next step; if not, returning to execute S20;
and S60, alarming by the system and starting safety protection measures.
2. The fast fourier transform-based intrusion detection method for the in-vehicle network according to claim 1, wherein the calculation result comprises obtaining an amplitude spectrum in a unit time period based on the frequency domain features.
3. The fast fourier transform-based intrusion detection method for the in-vehicle network according to claim 1, wherein the alarm frequency threshold for system intrusion detection includes a range value obtained by performing fast fourier transform on the kernel operation load data and the bus load rate data of an ECU real-time operating system in a simulation state and in a normal operation of a vehicle.
4. The fast Fourier transform-based intrusion detection method for the in-vehicle network according to claim 3, wherein the bus load rates comprise CAN bus load rate and CAN FD bus load rate.
5. The fast fourier transform-based intrusion detection method for the vehicular network according to claim 1, wherein the safety protection measures include stopping data reception by closing a data reception channel by an ECU.
6. An intrusion detection device for a vehicle network based on fast fourier transform, the device comprising:
the evaluation module is used for aiming at an alarm frequency threshold value of system intrusion detection and a maximum tolerance value of suspicious event occurrence time;
the data collection module is used for collecting kernel operation load data of an ECU real-time operating system and bus load rate data of a vehicle-mounted network in a unit time period;
the data calculation module is used for performing fast Fourier transform on the operation load data and the bus load rate data and obtaining frequency domain characteristics based on time domain data;
the threshold value judging module is used for comparing a calculation result obtained based on the frequency domain characteristics with the alarm frequency threshold value;
the time judging module is used for accumulating the occurrence time of the suspicious event and judging whether the occurrence time exceeds the maximum tolerance value;
and the result output module is used for outputting the final judgment result.
7. The fast fourier transform-based intrusion detection device for a vehicular network according to claim 6, further comprising:
the return execution module is used for returning to the data collection module after the calculation result is compared with the alarm frequency threshold value; and
and the occurrence time is compared with the maximum tolerance value and then returned to the data collection module.
8. A computer device, comprising:
a processor; and
a memory storing a program or instructions executable on the processor, the program or instructions when executed by the processor implementing the steps of the fast fourier transform based intrusion detection method for a vehicle network according to any one of claims 1 to 5.
9. A computer-readable storage medium, on which a program or instructions are stored, which, when executed by a processor, carry out the steps of the fast fourier transform-based intrusion detection method for a vehicle network according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210460264.XA CN114866308B (en) | 2022-04-28 | 2022-04-28 | Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210460264.XA CN114866308B (en) | 2022-04-28 | 2022-04-28 | Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866308A true CN114866308A (en) | 2022-08-05 |
| CN114866308B CN114866308B (en) | 2024-05-17 |
Family
ID=82634384
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210460264.XA Active CN114866308B (en) | 2022-04-28 | 2022-04-28 | Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866308B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010283668A (en) * | 2009-06-05 | 2010-12-16 | Nippon Telegr & Teleph Corp <Ntt> | Traffic classification system and method, and program, and abnormal traffic detection system and method |
| US20190028500A1 (en) * | 2017-07-24 | 2019-01-24 | Korea University Research And Business Foundation | Ecu identifying apparatus and controlling method thereof |
| EP3565188A2 (en) * | 2018-05-01 | 2019-11-06 | Argus Cyber Security Ltd | In-vehicle network anomaly detection |
| CN110636048A (en) * | 2019-08-27 | 2019-12-31 | 华东师范大学 | Vehicle-mounted intrusion detection method and system based on ECU signal characteristic identifier |
| CN111683035A (en) * | 2020-02-12 | 2020-09-18 | 华东师范大学 | Vehicle-mounted ECU intrusion detection method and system based on CAN bus differential signal level characteristics |
| CN114024770A (en) * | 2021-12-10 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Trojan intrusion detection method and device, electronic equipment and storage medium |
-
2022
- 2022-04-28 CN CN202210460264.XA patent/CN114866308B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010283668A (en) * | 2009-06-05 | 2010-12-16 | Nippon Telegr & Teleph Corp <Ntt> | Traffic classification system and method, and program, and abnormal traffic detection system and method |
| US20190028500A1 (en) * | 2017-07-24 | 2019-01-24 | Korea University Research And Business Foundation | Ecu identifying apparatus and controlling method thereof |
| EP3565188A2 (en) * | 2018-05-01 | 2019-11-06 | Argus Cyber Security Ltd | In-vehicle network anomaly detection |
| CN110636048A (en) * | 2019-08-27 | 2019-12-31 | 华东师范大学 | Vehicle-mounted intrusion detection method and system based on ECU signal characteristic identifier |
| CN111683035A (en) * | 2020-02-12 | 2020-09-18 | 华东师范大学 | Vehicle-mounted ECU intrusion detection method and system based on CAN bus differential signal level characteristics |
| CN114024770A (en) * | 2021-12-10 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Trojan intrusion detection method and device, electronic equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 张睿哲;刘建粉;: "网络入侵后最优节点通信组网选择技术的研究", 现代电子技术, no. 22, 15 November 2016 (2016-11-15) * |
| 李中伟: "车载CAN总线脱离攻击及其入侵检测算法", 万方, 23 November 2020 (2020-11-23) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866308B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106462702B (en) | Method and system for acquiring and analyzing electronic forensic data in a distributed computer infrastructure | |
| KR101371902B1 (en) | Apparatus for detecting vehicle network attcak and method thereof | |
| KR101853676B1 (en) | Appratus and method for detecting vehicle intrusion | |
| US20200302054A1 (en) | Method for detecting physical intrusion attack in industrial control system based on analysis of signals on serial communication bus | |
| CN109278674B (en) | Unmanned vehicle system safety detection method, device, equipment and storage medium | |
| CN112596990A (en) | Alarm storm processing method and device and terminal equipment | |
| CN109656786B (en) | Log acquisition method and device | |
| CN112732474B (en) | Fault processing method and device, electronic equipment and computer readable storage medium | |
| CN113839904A (en) | Security situation sensing method and system based on intelligent networked automobile | |
| CN112525553A (en) | Vehicle fault remote diagnosis method and related equipment | |
| CN115080356B (en) | Abnormity warning method and device | |
| CN111061570A (en) | Image calculation request processing method and device and terminal equipment | |
| CN112749013A (en) | Thread load detection method and device, electronic equipment and storage medium | |
| CN105373393A (en) | Method for realizing hot plug of equipment in OS in non-event driven mode | |
| CN110750498B (en) | Object access method, device and storage medium | |
| CN112896096B (en) | Anti-theft alarm method, device and terminal for automobile | |
| CN114866308A (en) | Vehicle-mounted network intrusion detection method, device, equipment and storage medium based on fast Fourier transform | |
| CN112769595B (en) | Abnormality detection method, abnormality detection device, electronic device, and readable storage medium | |
| CN116860553A (en) | Data state monitoring processing method, device and server | |
| CN111880475A (en) | Anti-collision machine control method and system for numerical control machine tool and numerical control machine tool | |
| CN111159009A (en) | Pressure testing method and device for log service system | |
| CN113574502A (en) | Data acquisition method and device for unmanned vehicle operating system | |
| CN111897701B (en) | Alarm processing method, device, computer system and medium for application | |
| CN114385438A (en) | Service operation risk early warning method, system and storage medium | |
| CN111107019A (en) | Data transmission method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |