[ background Art ]
CAN: controller Area Network, controller area network bus. Serial communication protocol bus for real-time applications. The communication device is widely used for communication among various devices in automobiles as a backbone network of a current vehicle-mounted network.
CAN FD and CAN, 1, CAN FD: it CAN be understood that the upgrading version of the CAN protocol only upgrades the protocol, and the physical layer is unchanged. 2. CAN is mainly distinguished from CAN-FD: different transmission rates, different data lengths, different frame formats, different ID lengths.
With the development of technology, in-vehicle networks face a number of safety hazards. An attacker invades the vehicle-mounted system through a wireless network or a wired access mode and the like, reads and writes CAN bus data to realize theft analysis and vehicle control of vehicle information, and causes serious threats to data safety, driving safety and the like.
The current vehicle-mounted CAN bus intrusion detection technology comprises the following steps: 1. for example, in the aspect of system architecture, devices are added and connected to a vehicle-mounted CAN bus to receive information on the CAN bus and realize intrusion detection, as in the Chinese patent document CN107666476B, a CAN bus risk detection method and device, CN109033829B, a vehicle network intrusion detection auxiliary method, device and system and the like; 2. for example, in chinese patent document CN107426285B, CN111931252B, CN intrusion detection method based on sliding window and CENN, CN112688901a, real-time CAN intrusion detection system of automotive gateway, etc., software is deployed on a corresponding domain controller to receive, analyze and process CAN bus data, so as to implement intrusion detection.
The intrusion detection technology has a part of limitation: the vehicle-mounted CAN bus is required to be connected with equipment, so that the cost of the whole vehicle is increased; or the deployed software has the defects of increased software migration cost and computing resource consumption, influence on network performance, system performance and the like.
The invention is technically improved aiming at a vehicle-mounted CAN bus intrusion detection chip in the automatic driving field.
[ invention ]
The invention aims to provide a chip which is applied to the field of automatic driving, realizes the capability of CAN bus intrusion detection on a chip level and provides data support and function support for multi-stage intrusion detection.
In order to achieve the purpose, the technical scheme adopted by the invention is that the vehicle-mounted CAN bus intrusion detection chip comprises a CAN controller and a CAN intrusion detector; the CAN controller comprises a CAN transceiver, a CAN protocol state machine and a receiving filter module, and CAN bus signals output CAN frame end, frame category, frame identification and frame length information after passing through the CAN transceiver, the CAN protocol state machine and the receiving filter module; the CAN intrusion detector comprises a detection filtering module, a characteristic generating module, an intrusion detection module, an intrusion processing module and a register set; the detection filter module is used for receiving CAN frame end, frame type, frame identification and frame length information, and judging whether a CAN message received by the CAN controller is a CAN message required by intrusion detection according to the preset configuration of the register group; the characteristic generating module is used for generating CAN bus intrusion characteristics according to the output signals of the detection filtering module; the intrusion detection module is used for detecting the CAN bus intrusion characteristics by using a register set preset rule, judging whether the CAN bus intrusion is suffered, generating a CAN bus intrusion mode and storing CAN bus intrusion level information into the register set; the intrusion processing module is used for providing a control signal for the CAN controller to update the CAN bus intrusion receiving strategy according to the CAN bus intrusion mode and the CAN bus intrusion grade information.
Preferably, the vehicle-mounted CAN bus intrusion detection chip further comprises a processor, wherein the processor is used for executing a CAN bus intrusion processing driver, and the CAN bus intrusion processing driver sends an interrupt when the intrusion detection module judges that the CAN bus intrusion is suffered, and provides the CAN bus intrusion mode and the CAN bus intrusion level information stored in the register set for upper software to realize a CAN bus intrusion software processing strategy.
Preferably, the updating the CAN bus intrusion receiving policy includes sending a suspend signal to a CAN protocol state machine of a CAN controller, notifying the CAN protocol state machine that the CAN protocol state machine has suffered from a CAN bus intrusion, suspending receiving the CAN bus signal, and starting to receive the CAN bus signal by an upper layer; and/or the method comprises the steps of sending a switching configuration to a CAN controller receiving filter module, informing the receiving filter module of switching to a configuration ensuring safety, and informing a CAN protocol state machine to pause receiving CAN bus signals when the switching configuration is found to suffer from CAN bus intrusion.
Preferably, the upper layer software realizes a CAN bus intrusion software processing strategy, including sending information to a CAN bus for other devices connected to the CAN bus to know that the device suffers from CAN bus intrusion; and/or sending information to the Ethernet for other devices connected to the Ethernet to learn of being subject to CAN bus intrusion; and/or include disconnecting the CAN controller and/or CAN intrusion detector portion.
Preferably, the detection filtering module judges whether the frame identifier output by the CAN controller is a CAN message required by intrusion detection according to the frame identifier preset and configured in the register group; the CAN message is divided into a frequency intrusion detection CAN message, a load rate and information entropy intrusion detection CAN message and a time interval intrusion detection CAN message; all the received CAN messages are used for intrusion detection of load rate and information entropy; the frequency intrusion detection and the time interval intrusion detection are determined by the preset configuration of a register set, and when the frequency detection ID or the interval detection ID cannot be acquired in the received CAN message, an error signal is output; the detection filtering module output signals comprise CAN message data signals containing frame identifiers, enabling signals, class signals containing frequencies and intervals and error signals.
Preferably, the feature generation module comprises a frequency feature generation sub-module, a load rate feature generation sub-module, a time interval feature generation sub-module and an information entropy feature generation sub-module; the intrusion detection module comprises a frequency characteristic intrusion detection sub-module, a load rate characteristic intrusion detection sub-module, a time interval characteristic intrusion detection sub-module and an information entropy characteristic intrusion detection sub-module.
Preferably, the frequency characteristic means that the frequency of the occurrence of the CAN message of the specific frame identifier on the CAN bus is fixed and unchanged under the specific scene; the frequency characteristic generation submodule comprises a last period specific frame identification accumulation counter and a current period specific frame identification accumulation counter; the frequency characteristic intrusion detection submodule judges whether the CAN bus intrusion is suffered or not by comparing the current period specific frame identification accumulated counter value with the last period specific frame identification accumulated counter value.
Preferably, the time interval characteristic means that under a certain working condition, the time interval between the multi-frame CAN messages of the specific frame identifier is relatively static and stable; the time interval characteristic generating submodule is used for capturing CAN messages in a certain time range, recording specific frame identification offset time, and recording the difference between the former specific frame identification offset time and the latter specific frame identification offset time as a time interval; and the time interval characteristic intrusion detection submodule judges whether the CAN bus intrusion is suffered or not by comparing whether the recorded time interval fluctuates or not.
Preferably, the load rate characteristic is that the load rate of the CAN bus is relatively static and stable under a certain working condition, and the load rate of the CAN bus is the ratio of the number of bits transmitted in unit time on the CAN bus to the total bandwidth of the network; the load rate characteristic intrusion detection submodule is used for accumulating the number of bits transmitted in unit time on the CAN bus under the set working condition; the load rate characteristic intrusion detection submodule compares the bit value transmitted in unit time on the CAN bus with the total bandwidth of the CAN bus network preset in the register group to judge whether the CAN bus intrusion occurs.
Preferably, the information entropy feature is used for representing uncertainty of the CAN bus network, and the information entropy of the CAN bus is stable under a certain working condition, and the information entropy is used for representing uncertainty of the CAN bus networkWherein p (x) i ) The frequency of occurrence of the specific frame identification in a certain time period in the CAN bus is identified; the information entropy feature generation submodule is used for accumulating CAN message data through the global counter when the CAN message data are input in a time interval, accumulating special frame identifiers through the local counter, and generating p (x) according to the global counter and the local counter after the time interval is finished i )、log(x i ) Calculate p (x i )·logp(x i ) Finally accumulating to obtain the information entropy in a certain time interval; the information entropy characteristic intrusion detection submodule judges whether the CAN bus intrusion is suffered or not by comparing the information entropy value in a certain time interval with a preset information entropy value in a register group.
The vehicle-mounted CAN bus intrusion detection chip has the following beneficial effects: 1. the capability of CAN bus intrusion detection CAN be provided on the chip level, the CAN bus intrusion detection is realized on the premise of not increasing equipment on the system level, and the network performance and the system performance are not affected; 2. the intelligent controller is cooperated with the CAN controller, and the receiving strategy, the working mode and the like of the CAN controller are updated, so that the intrusion prevention capability CAN be achieved; 3. meanwhile, the intrusion detection of the chip layer can be used as the basis of multi-stage (chip-level, domain control-level and whole car-level) intrusion detection, and data support and function support are provided.
[ detailed description ] of the invention
Features and exemplary embodiments of various aspects of the invention are described in detail below. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the invention by showing examples of the invention. The present invention is in no way limited to any particular configuration and algorithm set forth below, but covers any modification, substitution, and improvement of elements, components, and algorithms without departing from the spirit of the invention. In the drawings and the following description, well-known structures and techniques have not been shown in order to avoid unnecessarily obscuring the present invention.
Examples
The embodiment realizes a vehicle-mounted CAN bus intrusion detection chip.
Important term explanation of this embodiment:
CAN: controller Area Network, controller area network bus. Serial communication protocol bus for real-time applications. The communication device is widely used for communication among various devices in automobiles as a backbone network of a current vehicle-mounted network.
The CAN intrusion detection method of the chip of the embodiment is described as follows:
the chip CAN intrusion detection of the embodiment mainly uses the following detection methods:
1. frequency: and detecting the occurrence frequency of the corresponding CAN message. In a specific scenario, the frequency of occurrence of CAN messages with specific identifications on the CAN bus is fixed. When the CAN bus is invaded, the frequency of certain identifications possibly changes, so that the invasion detection CAN be performed by the method.
2. Time interval: under certain working conditions, the time interval between the multi-frame CAN messages with specific marks is relatively static and relatively stable. When the CAN is invaded, the time interval between the multi-frame messages may fluctuate, so that the intrusion detection CAN be performed by judging whether the time interval between the multi-frame messages with specific identification fluctuates.
3. Load factor: the load factor of the CAN bus refers to the ratio of the number of bits transmitted per unit time over the CAN bus to the total bandwidth. Under certain working conditions, the load rate of a certain CAN bus is relatively static and relatively stable. When the CAN bus is invaded, the load possibly fluctuates, so that the intrusion detection CAN be performed by judging whether the load rate fluctuates or not.
4. Information entropy: information entropy is used to characterize the uncertainty of the network. Under certain working conditions, the information entropy of a certain CAN bus is stable. When CAN suffers from such attacks as flooding and injection, the index of the information entropy fluctuates. Intrusion detection can be performed by judging whether or not the entropy of information exceeds a normal range. The definition of the information entropy is as follows:
in the CAN bus, p (x i ) Is the frequency with which a particular identification occurs over a period of time.
Chip structure description of this embodiment:
fig. 1 is a diagram of a vehicle-mounted CAN bus intrusion detection chip. As shown in fig. 1, the chip of the embodiment comprises detection filtering, feature generation, intrusion detection, intrusion processing and the like. The detection filtering module judges whether the message received by the CAN controller is a message required for detection or not; the feature generation module generates relevant features such as time information, information entropy, interval information and counting information according to the signals output by the detection filtering module; the intrusion detection module detects characteristics generated by the vehicle by using a preset rule and judges whether the vehicle is intruded or not; the intrusion processing module updates the receiving strategy of the CAN controller according to the intrusion mode, the level and other information.
Fig. 2 is a diagram of a vehicle-mounted CAN bus intrusion detection chip CAN controller architecture. As shown in fig. 2, the chip architecture for intrusion detection in this embodiment needs the CAN controller to output information such as end of frame, category, identifier, length, etc. when receiving the CAN message. The frame is finished as a pulse signal with one bit, and is pulled up after receiving a CAN message of one frame, and is pulled down when the next frame starts to be received; 29 bits of data are marked, and if a CAN message is received instead of a CAN FD message, the first 18 bits are zero-padded; and the data with the length of 4 bits represents the data length in the CAN or CAN FD message. Meanwhile, the intrusion detection CAN provide a control signal for the CAN controller for changing the receiving rule, suspending the receiving and the like. Therefore, the CAN controller needs to add an external interface and update the architecture accordingly.
Fig. 3 is a diagram of an overall architecture of a vehicle-mounted CAN bus intrusion detection chip. As shown in fig. 3, the overall architecture of the CAN intrusion detection and CAN controller chip of this embodiment needs to be updated.
The chip detection filtering module of this embodiment:
fig. 4 is a schematic diagram of a detection filter module of the in-vehicle CAN bus intrusion detection chip. As shown in fig. 4, the detection filtering module determines whether the frame identifier output by the CAN controller is a message required for detection according to the frame identifier configured in the register. In intrusion detection, CAN messages are classified into three categories: one class is used as frequency intrusion detection; the method is used for intrusion detection of load rate and information entropy; one class is used as time interval intrusion detection; all received messages are used for intrusion detection of load rate and information entropy. Whereas frequency intrusion detection and time interval intrusion detection are determined by specific register configurations. When the frequency detection ID comparator and the interval detection ID comparator cannot acquire the corresponding ID from the input data, the module outputs a corresponding error signal. Thus, the signals of the detection filter outputs are in common: data signal (frame identification), enable signal, class signal (frequency, interval), error signal.
The chip feature generation module of this embodiment:
fig. 5 is a schematic diagram of a vehicle-mounted CAN bus intrusion detection chip feature generation module. As shown in fig. 5, the chip of this embodiment considers detection means such as frequency, load rate, time interval, information entropy, etc., and the feature generation module needs to generate corresponding information.
Frequency: and accumulating a counter corresponding to the specific frame identification in unit time. The counter corresponding to the frame identifier is designed as two: the count for the first 1 second is kept, as well as the count during the current period.
Time interval: and capturing a corresponding frame identification input signal in a certain time range, and recording a corresponding offset time. The time of the coming frame mark is recorded as the starting point. And so on, the time interval between each frame identification is recorded.
Load factor: under the set working condition, the characteristic generating module accumulates the input length information in unit time (1 second). The accumulated length information is designed as two: the first 1 second value is retained, as well as the accumulated value over the current period.
Information entropy: in a time range, when one data comes, the feature generation module accumulates the local counter corresponding to the frame identifier. When the time interval is over, p (x) is generated from the global counter and the local counter i ),log(x i ) Then calculate p (x) i )·logp(x i ) And finally accumulating to obtain the information entropy.
The chip intrusion detection module of this embodiment:
the chip intrusion detection module of the embodiment uses the data generated by the feature generation module to perform intrusion detection according to a preset rule, and generates a corresponding intrusion mode, intrusion level and the like.
Frequency: after the accumulated data of the first 1 second corresponding to the specific frame identifier is obtained, comparison can be performed according to the configuration in the register.
Time interval: the value of each time interval is compared with the value in the register.
Load factor: in the formulation of the load factor, the network bandwidth needs to be used to divide the number of bits actually transmitted. However, the bandwidth of a CAN bus is a fixed value, so that only the number of bits actually transmitted is compared with the value of the register configuration.
Information entropy: after the information entropy in a certain time period is obtained, the information entropy can be compared with a preset value in a register.
In each intrusion detection process, if a small amount of data deviates, a warning process is performed; if a large amount of data deviates from the normal range, it is considered a severity level. The offset interval is configured by a register. If some intrusion detection deviates, it will suffer an intrusion flag of 1.
The chip intrusion processing module of this embodiment:
fig. 6 is a schematic diagram of an intrusion processing module of the in-vehicle CAN bus intrusion detection chip. As shown in fig. 6, the intrusion processing module of the present embodiment provides necessary control signals for the CAN controller at the hardware layer; the results of intrusion detection are provided at the software level towards the interrupt service routine.
Hardware level: the intrusion processing module provides control information for the CAN controller according to the intrusion mode, the intrusion level and other information and controls the state machine module and the receiving filter module.
The control signal sent to the CAN protocol state machine is a pause signal used for informing the CAN protocol state machine that the CAN protocol state machine is invaded, the CAN controller is required to pause the receiving behavior, and the restarting of the receiving behavior is controlled by software.
The control signal sent to the CAN controller receiving filter module is in a switching configuration and is used for notifying the receiving filter module to switch to a configuration ensuring safety. The CAN controller uses the receiving filter configuration to determine that a CAN message conforming to the rule is received in the receiving process, when an intrusion is suffered, the message which means intrusion detection has a problem, and therefore the message should not be received, and the configuration CAN be switched to ensure the safety at the moment. When the switching is still found to be invaded for a plurality of times, the CAN protocol state machine CAN be informed to pause the receiving behavior.
Software layer: when the intrusion processing module finds out that the intrusion is suffered, the intrusion processing module sends out an interrupt, and stores information of the intrusion mode and the intrusion level in a register so as to realize a more flexible strategy on software. Such as: transmitting the related information to a CAN bus for other devices connected to the bus to know that the bus is invaded; sending out information of intrusion to each device through Ethernet; the chip or the controller realizes the operations of disconnecting part and the like.
The chip core of the embodiment is characterized in that:
1) The CAN bus intrusion detection is realized in the chip, and equipment is not required to be added in the whole vehicle electronic and electric architecture, so that the system cost is reduced on the whole vehicle. And the influence on network performance and system performance caused by the intrusion detection of software implementation is reduced.
2) The CAN intrusion detection and the CAN controller work cooperatively, the CAN intrusion detection module provides control information, the receiving strategy, the working mode and the like of the CAN controller are updated, and the closed loop of intrusion detection and intrusion defense is realized on hardware.
3) The CAN intrusion detection at the chip level CAN be used as the basis of a scheme of multi-level (chip level, domain control level and whole car level) intrusion detection, and provides data support and function support for a scheme at the system level.
It will be appreciated by those of ordinary skill in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, or may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, where the storage medium may be a magnetic disk, an optical disc, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and additions to the present invention may be made by those skilled in the art without departing from the principles of the present invention and such modifications and additions are to be considered as well as within the scope of the present invention.