CN114995330A - Vehicle CAN bus intrusion detection test method and test system - Google Patents
Vehicle CAN bus intrusion detection test method and test system Download PDFInfo
- Publication number
- CN114995330A CN114995330A CN202210538095.7A CN202210538095A CN114995330A CN 114995330 A CN114995330 A CN 114995330A CN 202210538095 A CN202210538095 A CN 202210538095A CN 114995330 A CN114995330 A CN 114995330A
- Authority
- CN
- China
- Prior art keywords
- bus
- test
- message
- intrusion detection
- period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 149
- 238000001514 detection method Methods 0.000 title claims abstract description 129
- 238000010998 test method Methods 0.000 title claims abstract description 18
- 238000012544 monitoring process Methods 0.000 claims description 39
- 238000000034 method Methods 0.000 claims description 19
- 230000005540 biological transmission Effects 0.000 claims description 9
- 230000000737 periodic effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000012795 verification Methods 0.000 abstract description 2
- 230000005856 abnormality Effects 0.000 description 4
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000003012 network analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention relates to the technical field of engineering machinery communication safety, in particular to a vehicle CAN bus intrusion detection test method and a test system. At present, the intrusion detection technology aiming at the vehicle CAN bus is gradually applied to the vehicle. Aiming at the CAN bus intrusion detection function, a test verification scheme corresponding to the CAN bus intrusion detection function is needed to verify whether the intrusion detection strategy is really realized according to the requirement and whether the current detection rule has missing detection. Aiming at the problems, the invention provides a vehicle CAN bus intrusion detection test method and a test system, according to an intrusion detection rule, intrusion attack is carried out, whether an intrusion detection module CAN effectively detect attack time or not and detection timeliness are checked. And establishing a terminal system attack library which covers common attack modes to test the detection coverage of the intrusion detection module and determine whether missing detection and false detection exist.
Description
Technical Field
The invention relates to the technical field of engineering machinery communication safety, in particular to a vehicle CAN bus intrusion detection test method and a test system.
Background
With the development of intellectualization and informatization, an automobile electrical system becomes increasingly complex, a current automobile generally has dozens of Electronic Control Units (ECU), an operation code of a high-class car is close to 1 hundred million lines, and the vehicle-mounted information is interconnected through an in-vehicle bus. In recent years, the frequent occurrence of automobile information security events is mostly based on physical access or remote attack of an in-automobile bus, and an attacker can realize input control on key nodes such as an automobile throttle valve, a steering gear, a brake and the like through own loopholes of an in-automobile ECU. In an automobile bus, a Controller Area Network (CAN) is widely used due to its high performance and reliability. In order to protect the automobile bus from network attack, the related technical solution based on the CAN network analysis gradually draws attention and attention of the industry.
An intrusion detection system ("IDS") is a network security device that monitors network transmissions on-the-fly, and alerts or takes proactive steps when suspicious transmissions are found. It differs from other network security devices in that IDS is an active security protection technology. The intrusion detection function of the vehicle network is generally integrated on a vehicle-mounted terminal, a vehicle machine, a gateway or other controllers using vehicle-mounted Ethernet communication.
The in-vehicle communication network intrusion detection technology is one of the most widely used technologies for ensuring the safety of in-vehicle CAN communication, and alarms when abnormal messages are found by monitoring the message transmission condition on a CAN bus in real time. CAN bus intrusion detection CAN generally detect message abnormality, signal abnormality, diagnosis service abnormality and the like.
At present, the intrusion detection technology aiming at the CAN bus of the vehicle is gradually applied to the vehicle. Aiming at the CAN bus intrusion detection function, a test verification scheme corresponding to the CAN bus intrusion detection function is needed to verify whether the intrusion detection strategy is really realized according to the requirement and whether the current detection rule has missing detection.
Disclosure of Invention
Aiming at the problems, the invention provides a vehicle CAN bus intrusion detection test method and a test system, according to an intrusion detection rule, intrusion attack is carried out, whether an intrusion detection module CAN effectively detect attack time or not and detection timeliness are checked. And establishing a terminal system attack library which covers common attack modes to test the detection coverage of the intrusion detection module and determine whether missing detection and false detection exist.
The invention provides a vehicle CAN bus intrusion detection test system, which is characterized in that: the system comprises an upper computer, a CAN bus tool and a measured controller with an intrusion detection function; the upper computer comprises a test management module, a CAN bus attack data generation module and a test result analysis module; during testing, the test management module executes testing, the CAN bus attack data generation module generates attack data, the attack data are sent to a tested controller with an intrusion detection function through a CAN bus tool to carry out vehicle CAN bus intrusion detection testing, and the test result analysis module carries out test result analysis after the testing is finished.
Furthermore, the test management module is used for configuring information, managing a test plan, managing a test case, managing a test report and loading a CAN bus database of the tested controller with an intrusion detection function; the CAN bus database defines the ID, length, period, signal value and range of all CAN messages received by the measured controller with the intrusion detection function.
Further, the CAN bus attack data generation module is used for generating attack data according to the loaded CAN bus database.
Further, the manner in which the CAN bus attack data generation module generates attack data is as follows.
The first method is as follows: selecting a first period message in a CAN bus database, and changing the message period to 1/2 of the original period;
the second method comprises the following steps: selecting a first period message in a CAN bus database, and changing the message period into 3/2 of the original period;
the third method comprises the following steps: according to the message ID in the CAN bus database, generating a non-database message ID with the ID in the range of 0-0x7FF and a data field value of 0 xFF;
the method is as follows: selecting a certain period message in a CAN bus database;
the fifth mode is as follows: and selecting a certain message in the CAN bus database, and reducing the length of the message by 1 byte.
Furthermore, the test result analysis module is used for analyzing whether the measured controller with the intrusion detection function executes intrusion detection or not according to the intrusion detection rule and the measured controller log with the intrusion detection function, whether missing detection exists or not and whether the detection time meets the requirement or not.
The invention provides a vehicle CAN bus intrusion detection test method, which is characterized by comprising the following steps: when the test is started, the upper computer is configured, the test management module loads a CAN bus database of the tested controller with the intrusion detection function to generate and send attack data, the monitoring test of too short or too long message period, the non-white list message ID monitoring test, the message loss monitoring test and the message length abnormity monitoring test are started, and after the test is finished, the test result analysis module analyzes the log of the tested controller with the intrusion detection function to generate a test report.
Further, the test method for monitoring and testing the short or long message cycle comprises the following steps:
monitoring test for too short message period
(1) Selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1/2 of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) detecting time t2-t1, and judging whether the time meets the requirement;
monitoring test for overlong message period
(1) Selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1.5 times of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting the time t2-t1 and judging whether the time meets the requirement.
Further, the test method of the non-white list message ID monitoring test is as follows:
(1) generating a non-database with ID in the range of 0-0x7FF according to the message ID in the CAN bus database
Message ID, data field value 0 xFF;
(2) sending according to the period of 100 ms;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting the time t2-t1 and judging whether the time meets the requirement.
Further, the test method of the message loss monitoring test comprises:
(1) selecting a certain period message in a CAN bus database, and sending 5 messages according to a specified period;
(2) the transmission is suspended for 2 cycles;
(3) recording time t 1;
(4) resuming the transmission in a specified period;
(5) checking an intrusion detection log;
(6) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(7) and detecting the time t2-t1 and judging whether the time meets the requirement.
Further, the test method of the message length abnormality monitoring test comprises:
(1) selecting a certain message in the CAN bus database, reducing the length of the message by 1 byte and sending the message;
(2) recording time t 1;
(3) checking an intrusion detection log;
(4) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(5) and detecting the time t2-t1 and judging whether the time meets the requirement.
Compared with the prior art, the invention has the advantages that: the invention tests the intrusion detection of the vehicle CAN bus and respectively tests the monitoring of message abnormity, signal abnormity, DOS attack and the like. The invention provides a method for testing timeliness, and the prior art does not test timeliness of intrusion detection.
Drawings
FIG. 1 illustrates a hardware module connection of a CAN bus intrusion detection test system for a vehicle;
fig. 2 is a test flow of the vehicle CAN bus intrusion detection test system.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1.
The utility model provides a vehicle CAN bus intrusion detection test system which characterized in that: comprises a hardware module and a software module; the hardware module consists of an upper computer, a CAN bus tool VN1640 and a DUT (measured controller with an intrusion detection function); the software module is positioned in the upper computer and consists of a test management module, a CAN bus attack data generation module and a test result analysis module; and a software module in the upper computer generates attack data, and sends the attack data to a measured controller with an intrusion detection function through a CAN bus tool to carry out vehicle CAN bus intrusion detection testing.
Example 2.
A hardware module connection mode of a vehicle CAN bus intrusion detection test system is shown in figure 1, an upper computer is connected with a DUT (measured controller with intrusion detection function) through a CAN bus tool VN1640, the DUT is connected with a power supply, and upper computer software generates attack data and sends the attack data to a DTU through the CAN bus tool VN 1640.
Example 3.
A software module of a vehicle CAN bus intrusion detection test system comprising:
(1) the test management module: including information configuration, test plan management, test case management, test report management, and loading the CAN bus database (dbc file) of the DUT.
(2) The CAN bus attack data generation module: and generating attack data according to the loaded CAN bus database.
(3) A test result analysis module: and analyzing whether the DUT executes intrusion detection or not, whether missing detection exists or not and whether the detection time meets the requirements or not according to the intrusion detection rules and the logs.
Example 4.
A mode for generating attack data by a CAN bus attack data generation module comprises the following steps:
the first method is as follows: selecting a first period message in a CAN bus database, and changing the message period to 1/2 of the original period; the method is used for monitoring and testing the short message period.
The second method comprises the following steps: selecting a first period message in a CAN bus database, and changing the message period into 3/2 of the original period; the method is used for monitoring and testing the overlong message period.
The third method comprises the following steps: according to the message ID in the CAN bus database, generating a non-database message ID with the ID in the range of 0-0x7FF and a data field value of 0 xFF; the method is used for the monitoring test of the ID of the non-white list message.
The method is as follows: selecting a certain period message in a CAN bus database; the method is used for message loss monitoring test.
The fifth mode is as follows: selecting a certain message in a CAN bus database, and reducing the length of the message by 1 byte; the method is used for monitoring and testing the message length abnormity.
Example 5.
A vehicle CAN bus intrusion detection test method comprises a message cycle too short monitoring test, a message cycle too long monitoring test, a non-white list message ID monitoring test, a message loss monitoring test and a message length abnormity monitoring test, and specifically comprises the following steps:
firstly, monitoring and testing the short message period:
(1) selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1/2 of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting the time t2-t1 and judging whether the time meets the requirement.
Secondly, monitoring and testing for overlong message period:
(1) selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1.5 times of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack is not detected, and the test is not passed;
(6) and detecting the time t2-t1 and judging whether the time meets the requirement.
Thirdly, the testing method of the non-white list message ID monitoring test comprises the following steps:
(1) according to the message ID in the CAN bus database, generating a non-database message ID with the ID in the range of 0-0x7FF and a data field value of 0 xFF;
(2) sending according to the period of 100 ms;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting time t2-t1, and judging whether the time meets the requirement.
The test method of the message loss monitoring test comprises the following steps:
(1) selecting a certain period message in a CAN bus database, and sending 5 messages according to a specified period;
(2) the transmission is stopped for 2 periods;
(3) recording time t 1;
(4) resuming the transmission in a specified period;
(5) checking an intrusion detection log;
(6) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(7) and detecting the time t2-t1 and judging whether the time meets the requirement.
Fifthly, the test method of the message length abnormity monitoring test comprises the following steps:
(1) selecting a certain message in a CAN bus database, reducing the length of the message by 1 byte and sending the message;
(2) recording time t 1;
(3) checking an intrusion detection log;
(4) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(5) and detecting the time t2-t1 and judging whether the time meets the requirement.
Example 6.
A flow chart of a test flow of a vehicle CAN bus intrusion detection test system is shown in fig. 2, and specifically, a test flow is introduced by taking a monitoring test with a too short message period as an embodiment.
When the test is started, the upper computer is configured firstly, the test management module makes a test plan, the CAN bus attack data generation module generates attack data according to the loaded CAN bus database, and the mode of generating the attack data is as follows: and selecting a first period message in the CAN bus database, and changing the message period to 1/2 of the original period.
And the generated attack data enters a test case management unit of a test management module and is used for monitoring and testing the short message period.
And the test management module starts to execute the test, records the sending time t1 and sends the attack data period in the test case management unit to the CAN bus, thereby entering the DUT and finishing the attack.
And after the test plan test is finished, reading the detection result recorded in the DUT log, and inputting the detection result into a test result analysis module for analysis: firstly, checking whether an intrusion detection log has an intrusion detection record, and recording detection time as t2 if the intrusion detection log has the intrusion detection record; if no record exists, the attack event is not detected, and the test is not passed; the detection time is t2-t1, and whether the detection time meets the requirement is judged.
The test result analysis module feeds the generated test report back to the test management module, and the test management module manages the test report for the testers to extract and check.
Claims (10)
1. The utility model provides a vehicle CAN bus intrusion detection test system which characterized in that: the system comprises an upper computer, a CAN bus tool and a measured controller with an intrusion detection function; the upper computer comprises a test management module, a CAN bus attack data generation module and a test result analysis module; during testing, the test management module executes testing, the CAN bus attack data generation module generates attack data, the attack data are sent to a tested controller with an intrusion detection function through a CAN bus tool to carry out vehicle CAN bus intrusion detection testing, and the test result analysis module carries out test result analysis after the testing is finished.
2. The vehicle CAN bus intrusion detection testing system according to claim 1, wherein: the test management module is used for configuring information, managing a test plan, managing a test case, managing a test report and loading a CAN bus database of the tested controller with an intrusion detection function; the CAN bus database defines the ID, length, period, signal value and range of all CAN messages received by the measured controller with the intrusion detection function.
3. The vehicle CAN bus intrusion detection testing system of claim 1, wherein: the CAN bus attack data generation module is used for generating attack data according to the loaded CAN bus database.
4. The vehicle CAN bus intrusion detection testing system of claim 1, wherein the CAN bus attack data generating module generates the attack data in a manner that:
the first method is as follows: selecting a first period message in a CAN bus database, and changing the message period to 1/2 of the original period;
the second method comprises the following steps: selecting a first period message in a CAN bus database, and changing the message period into 3/2 of the original period;
the third method comprises the following steps: according to the message ID in the CAN bus database, generating a non-database message ID with the ID in the range of 0-0x7FF and a data field value of 0 xFF;
the method is as follows: selecting a certain period message in a CAN bus database;
the fifth mode is as follows: and selecting a certain message in the CAN bus database, and reducing the length of the message by 1 byte.
5. The vehicle CAN bus intrusion detection testing system of claim 1, wherein: the test result analysis module is used for analyzing whether the monitored controller with the intrusion detection function executes intrusion detection or not, whether missing detection exists or not and whether the detection time meets the requirement or not according to the intrusion detection rule and the monitored controller log with the intrusion detection function.
6. A vehicle CAN bus intrusion detection test method is characterized in that: when the test is started, the upper computer is configured first, the test management module loads a CAN bus database of the tested controller with the intrusion detection function, generates and sends attack data, starts to perform monitoring test with too short or too long message period, non-white list message ID monitoring test, message loss monitoring test and message length abnormity monitoring test, and after the test is finished, the test result analysis module analyzes the log of the tested controller with the intrusion detection function to generate a test report.
7. The method according to claim 6, wherein the testing method of the monitoring test for the short or long message period is as follows:
monitoring test for too short message period
(1) Selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1/2 of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) detecting time t2-t1, and judging whether the time meets the requirement;
monitoring test for overlong message period
(1) Selecting a first periodic message in a CAN bus database;
(2) changing the message period to 1.5 times of the original period, and sending the period to the CAN bus;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting the time t2-t1 and judging whether the time meets the requirement.
8. The vehicle CAN bus intrusion detection testing method according to claim 6, wherein: the test method for the non-white list message ID monitoring test comprises the following steps:
(1) according to the message ID in the CAN bus database, generating a non-database message ID with the ID in the range of 0-0x7FF and a data field value of 0 xFF;
(2) sending according to the period of 100 ms;
(3) recording the sending time t 1;
(4) checking an intrusion detection log;
(5) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(6) and detecting time t2-t1, and judging whether the time meets the requirement.
9. The vehicle CAN bus intrusion detection testing method according to claim 6, wherein: the test method of the message loss monitoring test comprises the following steps:
(1) selecting a certain period message in a CAN bus database, and sending 5 messages according to a specified period;
(2) the transmission is suspended for 2 cycles;
(3) recording time t 1;
(4) resuming the transmission in a specified period;
(5) checking an intrusion detection log;
(6) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(7) and detecting the time t2-t1 and judging whether the time meets the requirement.
10. The vehicle CAN bus intrusion detection testing method according to claim 6, wherein: the test method of the message length abnormity monitoring test comprises the following steps:
(1) selecting a certain message in a CAN bus database, reducing the length of the message by 1 byte and sending the message;
(2) recording time t 1;
(3) checking an intrusion detection log;
(4) if the record exists, recording the detection time as t 2; if no record exists, the attack event is not detected, and the test is not passed;
(5) and detecting time t2-t1, and judging whether the time meets the requirement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210538095.7A CN114995330A (en) | 2022-05-18 | 2022-05-18 | Vehicle CAN bus intrusion detection test method and test system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210538095.7A CN114995330A (en) | 2022-05-18 | 2022-05-18 | Vehicle CAN bus intrusion detection test method and test system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114995330A true CN114995330A (en) | 2022-09-02 |
Family
ID=83028076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210538095.7A Pending CN114995330A (en) | 2022-05-18 | 2022-05-18 | Vehicle CAN bus intrusion detection test method and test system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114995330A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115603975A (en) * | 2022-09-30 | 2023-01-13 | 北京天融信网络安全技术有限公司(Cn) | Message intrusion detection method and device, electronic equipment and storage medium |
| CN115664737A (en) * | 2022-10-14 | 2023-01-31 | 一汽解放汽车有限公司 | Intrusion detection system and method |
| CN116684185A (en) * | 2023-06-30 | 2023-09-01 | 中汽院新能源科技有限公司 | Automatic road condition data synthesizing method |
| CN115664737B (en) * | 2022-10-14 | 2024-05-14 | 一汽解放汽车有限公司 | Intrusion detection system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060253906A1 (en) * | 2004-12-06 | 2006-11-09 | Rubin Shai A | Systems and methods for testing and evaluating an intrusion detection system |
| CN104734911A (en) * | 2015-02-10 | 2015-06-24 | 重庆邮电大学 | CAN bus network management test system and method |
| US20190081960A1 (en) * | 2017-09-11 | 2019-03-14 | GM Global Technology Operations LLC | Systems and methods for in-vehicle network intrusion detection |
| CN112004231A (en) * | 2020-07-21 | 2020-11-27 | 中汽研汽车检验中心(天津)有限公司 | Vehicle-mounted terminal intrusion detection information safety testing device |
| WO2022088160A1 (en) * | 2020-10-31 | 2022-05-05 | 华为技术有限公司 | Anomaly detection method and apparatus |
-
2022
- 2022-05-18 CN CN202210538095.7A patent/CN114995330A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060253906A1 (en) * | 2004-12-06 | 2006-11-09 | Rubin Shai A | Systems and methods for testing and evaluating an intrusion detection system |
| CN104734911A (en) * | 2015-02-10 | 2015-06-24 | 重庆邮电大学 | CAN bus network management test system and method |
| US20190081960A1 (en) * | 2017-09-11 | 2019-03-14 | GM Global Technology Operations LLC | Systems and methods for in-vehicle network intrusion detection |
| CN112004231A (en) * | 2020-07-21 | 2020-11-27 | 中汽研汽车检验中心(天津)有限公司 | Vehicle-mounted terminal intrusion detection information safety testing device |
| WO2022088160A1 (en) * | 2020-10-31 | 2022-05-05 | 华为技术有限公司 | Anomaly detection method and apparatus |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115603975A (en) * | 2022-09-30 | 2023-01-13 | 北京天融信网络安全技术有限公司(Cn) | Message intrusion detection method and device, electronic equipment and storage medium |
| CN115603975B (en) * | 2022-09-30 | 2023-06-09 | 北京天融信网络安全技术有限公司 | Message intrusion detection method and device, electronic equipment and storage medium |
| CN115664737A (en) * | 2022-10-14 | 2023-01-31 | 一汽解放汽车有限公司 | Intrusion detection system and method |
| CN115664737B (en) * | 2022-10-14 | 2024-05-14 | 一汽解放汽车有限公司 | Intrusion detection system and method |
| CN116684185A (en) * | 2023-06-30 | 2023-09-01 | 中汽院新能源科技有限公司 | Automatic road condition data synthesizing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114995330A (en) | Vehicle CAN bus intrusion detection test method and test system | |
| US6859696B2 (en) | System and method for monitoring machine status | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| US10574671B2 (en) | Method for monitoring security in an automation network, and automation network | |
| CN110719199B (en) | Network automatic testing and fault positioning method and device | |
| CN111984975B (en) | Vulnerability attack detection system, method and medium based on mimicry defense mechanism | |
| CN109901555B (en) | Vehicle fault diagnosis method, equipment and storage medium | |
| KR101907011B1 (en) | Apparatus for estimating and monitoring communication security of vehicle-network | |
| CN109218407B (en) | Code management and control method based on log monitoring technology and terminal equipment | |
| KR101781135B1 (en) | Apparatus for estimating and monitoring communication security of vehicle-network | |
| CN113347058B (en) | Method and system for testing vehicle CAN network period consistency | |
| CN112765611B (en) | Unauthorized vulnerability detection method, device, equipment and storage medium | |
| US11694489B2 (en) | Message monitoring system, message transmission electronic control unit, and monitoring electronic control unit | |
| CN113556335A (en) | Vehicle-mounted bus safety testing method and system | |
| CN104794039A (en) | Remote monitoring method and device for service software | |
| CN112019512A (en) | Automobile network safety test system | |
| JP6483461B2 (en) | Management method, management program, management device, management system, and information processing method | |
| CN116089223A (en) | Service operation monitoring system and monitoring method | |
| CN115102890A (en) | Vehicle-mounted terminal system intrusion detection function test system and method | |
| CN112306038B (en) | Detection method, detection device and diagnosis equipment | |
| CN114327981A (en) | Safety verification system, method and device of function safety mechanism | |
| KR101902823B1 (en) | Apparatus for estimating and monitoring communication security of vehicle-network | |
| CN113535547B (en) | Test method based on functional safety | |
| CN113347022B (en) | Civil aircraft airborne information system network security capability detection system and method | |
| CN115102891A (en) | Vehicle network intrusion detection test method and test system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |