WO2019107704A1 - Device for verifying condition and detecting signs of abnormality of vehicle, and system including same - Google Patents

Device for verifying condition and detecting signs of abnormality of vehicle, and system including same Download PDF

Info

Publication number
WO2019107704A1
WO2019107704A1 PCT/KR2018/009508 KR2018009508W WO2019107704A1 WO 2019107704 A1 WO2019107704 A1 WO 2019107704A1 KR 2018009508 W KR2018009508 W KR 2018009508W WO 2019107704 A1 WO2019107704 A1 WO 2019107704A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
messages
terminal
unit
abnormality
Prior art date
Application number
PCT/KR2018/009508
Other languages
French (fr)
Korean (ko)
Inventor
서은비
이현승
송현민
정성훈
강태운
강수인
김휘강
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Publication of WO2019107704A1 publication Critical patent/WO2019107704A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • B60W50/0205Diagnosing or detecting failures; Failure detection models
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/03Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for supply of electrical power to vehicle subsystems or for
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/03Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for supply of electrical power to vehicle subsystems or for
    • B60R16/0315Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for supply of electrical power to vehicle subsystems or for using multiplexing techniques
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/02Registering or indicating driving, working, idle, or waiting time only
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • G07C5/0808Diagnosing performance data

Definitions

  • the present invention is directed to a method for verifying a vehicle condition remotely and detecting a rapid anomaly on a small vehicle in place of an in-vehicle device with low performance.
  • autonomous mobile based automobile consists of sensing, signal processing (recognition), judgment and control process.
  • ADAS Advanced Driver Assistance Systems
  • wireless communication provide information about the surrounding area of the vehicle.
  • the decision process in the vehicle determines the driving strategy based on the determination of the presence of a dangerous situation.
  • the control system in the vehicle finally controls the vehicle according to the driving strategy determined by the determination process.
  • Vehicle internal network communication is performed through CAN (Controller Area Network), FlexRay, and LIN (Local Interconnect Network) protocols. If an attacker can enter the protocol bus, Lt; / RTI >
  • the present invention can be used for researching vehicle intrusion detection technology because it is possible to detect anomalous signs quickly from a remote location and easily compare and analyze information data of a plurality of collected vehicles.
  • the present invention proposes an intrusion detection method and apparatus suitable for a variety of commercial vehicle network and electronic device technologies, and provides a method for quickly detecting an attack on an internal system of a vehicle.
  • the detection apparatus includes a receiver for receiving a plurality of CAN messages from a first terminal mounted on the vehicle, an abnormality symptom detection unit for determining the presence or absence of an abnormality of the vehicle using the plurality of CAN messages, Wherein the abnormality symptom detection unit calculates the CAN ID entropy of the CAN messages of the first group among the plurality of CAN messages and transmits the CAN ID entropy of the first group of CAN messages to the second terminal, If it is outside the specified range, it is judged that an abnormal symptom has occurred.
  • the detection system includes the detection device, the first terminal, and the second terminal.
  • the embodiment of the present invention it is possible to quickly detect an anomaly of a vehicle from a remote location, and to easily compare and analyze information data of a plurality of collected vehicles.
  • Figure 1 illustrates a system according to an embodiment of the present invention.
  • FIG. 2 is a functional block diagram of the first terminal shown in FIG.
  • FIG. 3 is a functional block diagram of the server shown in FIG.
  • Fig. 4 shows an example of CAN messages received by the receiver shown in Fig. 3 or CAN messages collected by the collector shown in Fig.
  • Fig. 5 shows an example of the status information (or vehicle data generated by the status verifying unit) received by the receiving unit shown in Fig. 3 or the status information collected by the collecting unit shown in Fig.
  • FIG. 6 is a functional block diagram of the second terminal shown in FIG.
  • first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms.
  • the terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element,
  • the component may also be referred to as a first component.
  • Figure 1 illustrates a system according to an embodiment of the present invention.
  • a system 10 which may be referred to as a vehicle system, a detection system, a status verification and anomaly detection system, a remote vehicle status verification and an anomaly detection system, may include a first terminal 100, a server 300, 500).
  • the first terminal 100 collects messages (e.g., CAN (Controller Area Network) messages and / or status information) installed in the vehicle and transmitted on the in-vehicle network, collects the collected CAN messages and / To the server (300).
  • messages e.g., CAN (Controller Area Network) messages and / or status information
  • the server 300 may receive messages from the first terminal 100 and may determine whether there is an anomaly in the vehicle using the received messages. In addition, the server 300 receives status information from the first terminal 100 and verifies the status of the vehicle using the received status information (i.e., determines whether the status of the vehicle is abnormal). The determination result of the server 300 may be transmitted to the second terminal 500.
  • the second terminal 500 may receive the determination result from the server 300 and display the received determination result through a predetermined display unit.
  • the second terminal 500 may be a portable terminal of the driver of the vehicle, but the present invention is not limited thereto.
  • the second terminal may also refer to the first terminal 100 according to an embodiment.
  • FIG. 2 is a functional block diagram of the first terminal shown in FIG.
  • a first terminal 100 includes a collecting unit 110 and a transmitting unit 130.
  • the first terminal 100 may further include a storage unit 150 according to an embodiment.
  • the collection unit 110 may collect a plurality of messages transmitted in the vehicle network.
  • the collecting unit 110 may collect a plurality of CAN messages broadcast in the CAN of the vehicle.
  • the collecting unit 110 may be connected to a CAN bus, a body control unit (BCM), or an on-board diagnostics-2 (OBD-2) terminal.
  • the collecting unit 110 may include an interface unit connected to the CAN bus, the BCM, or the OBD-2 terminal.
  • the plurality of CAN messages collected by the collecting unit 110 may be temporarily stored in the storage unit 150 at least temporarily.
  • the collecting unit 110 may collect the state information of the vehicle and store the collected state information in the storage unit 150. [ For example, the collecting unit 110 may transmit a query message regarding the current state of the vehicle through the OBD-2 terminal and receive status information from the vehicle.
  • the transmitting unit 130 transmits a plurality of messages and / or status information collected by the collecting unit 110 or a plurality of messages and / or status information stored in the storage unit 150 to the server 300 .
  • a wireless communication network can be used, but the present invention is not limited thereto.
  • the storage unit 150 may at least temporarily store a plurality of messages collected by the collecting unit 110 and / or vehicle status information.
  • FIG. 3 is a functional block diagram of the server shown in FIG.
  • a server 300 which may be referred to as a detection device, a detection server, and the like, includes a receiving unit 310, an abnormal symptom detecting unit 330, and a transmitting unit 370. According to an embodiment, the server 300 may further include at least one of the status verifying unit 350 and the storing unit 390.
  • the receiving unit 310 receives the CAN messages and / or the vehicle status information from the first terminal 100, and the received CAN messages and / or the vehicle status information may be stored in the storage unit 390.
  • An example of the CAN messages received by the receiver 310 or the CAN messages collected by the collector 110 is shown in FIG. Referring to FIG. 4, the CAN message may include a timestamp indicating a message generation time, a CAN message field including a priority of a message and a CAN ID for identification, and a CAN message field including data information.
  • the abnormality symptom detection unit 330 detects whether the vehicle is abnormal (for example, jamming attack or spoofing) using the CAN messages received by the receiving unit 310 or the CAN messages stored in the storage unit 390.
  • the abnormal symptom detection unit 330 may perform an entropy-based abnormal symptom detection operation. Specifically, the abnormality symptom detection unit 330 detects the entropy of the CAN ID using the Shannon's diversity index formula (Equation 1) ), And the calculated entropy ( (Or detecting) an abnormality of the vehicle based on the detected vehicle speed.
  • the abnormality symptom detection unit 330 detects the calculated entropy ( ) Is out of the predetermined range (normal range) (exceeds or falls below the predetermined range), it can be determined that an abnormality has occurred in the vehicle.
  • the predetermined range normal range
  • the diversity index rises and the entropy value increases.
  • the diversity index sharply decreases. .
  • Entropy of CAN ID ( ) May be calculated periodically, and the predetermined time period may be different from the period in which it is calculated. For example, CAN ID entropy ( ) May be calculated every second (or every 2 seconds), and the CAN messages used for the calculation may be CAN messages generated or received for 2 seconds (or 1 second). As another example, CAN ID entropy ( ) May be calculated every second, and the CAN messages used for the calculation may be CAN messages generated or received for one second.
  • the state verification unit 350 can generate vehicle data using the state information of the vehicle received from the vehicle. Since the state information of the vehicle received from the vehicle does not provide a direct numerical value regarding the engine RPM or the like, it is possible to generate the engine RPM or the like, that is, the vehicle data through additional processing.
  • the vehicle data that can be generated by the state verifying unit 350 includes engine RPM, engine oil temperature, transmission oil temperature, vehicle speed, engine coolant temperature ). ≪ / RTI > An example of the status information received by the receiving unit 310 (or the vehicle data generated by the status verifying unit 350) or the status information collected by the collecting unit 110 is shown in FIG.
  • the state verifying unit 350 compares the generated vehicle data with a predetermined range (normal range), and when the vehicle outside the prescribed range (exceeds or falls below a predetermined range), for example, (revolutions per minute) is outside the range of 0 to 6000, the cooling water temperature is outside the range of 0 to 110 ° C, the vehicle speed is outside the range of -20 to 110 m / s, Can be determined.
  • a predetermined range normal range
  • a predetermined range for example, (revolutions per minute) is outside the range of 0 to 6000
  • the cooling water temperature is outside the range of 0 to 110 ° C
  • the vehicle speed is outside the range of -20 to 110 m / s, Can be determined.
  • the transmission unit 370 transmits the detection result of the abnormality symptom detection unit 330 (whether the vehicle is abnormal or malicious attack against the vehicle) and / or the verification result of the state verification unit 350 To the second terminal (500).
  • the storage unit 390 stores the vehicle messages (CAN messages) received by the receiving unit 310, the vehicle status information, the detection result of the abnormality symptom detection unit 330, the verification result of the state verification unit 350, Lt; / RTI >
  • FIG. 6 is a functional block diagram of the second terminal shown in FIG.
  • the second terminal 500 which may be a mobile terminal carried by a driver of the vehicle or a terminal mounted on the vehicle, includes a receiving unit 510 and a display unit 530.
  • the receiving unit 510 may receive information on the vehicle abnormality from the server 300, that is, the determination result of the abnormality symptom determination unit 330.
  • the display unit 530 can display an abnormality of the vehicle received by the receiving unit 510. [ As described above, since the abnormality of the vehicle is displayed on the display unit and quickly transmitted to the driver, quick response is possible. According to the embodiment, the display unit 530 may output an alarm notification to notify the vehicle abnormality. Also, the display unit 530 may output the current state of the vehicle in the form of a table or a graph.
  • the first terminal 100 or the second terminal 500 may include a collecting unit 110, a transmitting unit 130, ), A storage unit 150, a receiving unit 510, and a display unit 530, as shown in FIG.
  • each of the configurations of the first terminal 100, the server 300, and the second terminal 500 shown in FIG. 2, FIG. 3, and FIG. 6 may be functionally and logically separated. May be easily deduced by an average expert in the field of the present invention that does not mean that the configuration of the device is divided into separate physical devices or written in a separate code.
  • part may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware.
  • the above-mentioned “part” may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware .

Abstract

Disclosed is a detection device for detecting signs of abnormality in a vehicle and verifying an abnormality in the condition of the vehicle. The detection device includes: a receiving unit which receives a plurality of controller area network (CAN) messages from a first terminal mounted in a vehicle; a sign-of-abnormality detection unit which uses the plurality of CAN messages to determine whether signs of abnormality are present in the vehicle; and a transmission unit which transmits the determination result of the sign-of-abnormality detection unit to a second terminal, wherein the sign-of-abnormality detection unit calculates a CAN ID entropy of CAN messages in a first group among the plurality of CAN messages, and determines that signs of abnormality have occurred when the calculated entropy is outside of a predetermined range.

Description

차량의 상태 검증과 이상 징후 탐지 장치 및 이를 포함하는 시스템Vehicle condition verification and anomaly detection device and system including the same
본 발명은 다종 차량을 대상으로 낮은 성능이 차량 내부 장치를 대신하여 원격에서 차량 상태를 검증하고 신속한 이상 징후를 탐지하기 위한 방법에 관한 것이다.The present invention is directed to a method for verifying a vehicle condition remotely and detecting a rapid anomaly on a small vehicle in place of an in-vehicle device with low performance.
사물 인터넷(Internet of Things, IoT) 기술의 발전과 함께 운전자의 편의성을 증대시키는 자율 주행 자동차의 시장이 확대되고 있으며, 이에 따라 보안 기술은 자율 주행 자동차의 사용화를 위한 선결 조건이 되었다. NHATSA(National Highway Traffic Safety Administration, 미국 고속도로 교통안전국)는 Automotive Electronic Control and Security에서 차량의 전자 시스템과 관련된 안전 표준의 필요성을 검토하고 있으며, 이를 위한 침입 탐지의 연구를 강조하고 있다.With the development of the Internet of Things (IoT) technology, the market for autonomous vehicles that increase the driver 's convenience has been expanding, and security technology has become a prerequisite for the use of autonomous vehicles. NHATSA (National Highway Traffic Safety Administration) is reviewing the need for safety standards related to vehicle electronic systems in Automotive Electronic Control and Security, and emphasizes intrusion detection research.
최근 출시된 자율 주행 기반의 자동차는 크게 센싱, 신호 처리(인지), 판단, 제어 프로세스로 구성된다. 차량 외부에서는 ADAS(Advanced Driver Assistance Systems) 센서 및 무선 통신을 통해 차량 주변 정보를 제공받으며, 차량 내부의 판단 프로세스는 위험 상황 유무 등의 상황 판단에 따라 주행 전략을 결정한다. 차량 내부의 제어 시스템에서는 판단 프로세스에 의해 결정된 주행 전략에 따라 최종적으로 차량을 제어하게 된다.Recently, autonomous mobile based automobile consists of sensing, signal processing (recognition), judgment and control process. Outside the vehicle, ADAS (Advanced Driver Assistance Systems) sensors and wireless communication provide information about the surrounding area of the vehicle. The decision process in the vehicle determines the driving strategy based on the determination of the presence of a dangerous situation. The control system in the vehicle finally controls the vehicle according to the driving strategy determined by the determination process.
그러나, 자율 주행 자동차의 최종 제어권은 내부 네트워크의 ECU(Electronic Control Unit)에 있으므로 차량 내부의 통신 네트워크를 악의적으로 조작하는 등의 공격으로부터 취약한 실정이다. V2X(Vehicle to Everything) 등의 외부 통신 기술 및 VANET(Vehicular ad hoc network) 등의 개방형 네트워크의 도입으로 인해 차량 내부 네트워크의 접근이 용이해 졌으며, 이는 차량이 최종 제어권을 갖고 있는 내부 시스템을 악의적으로 조작함으로써 운전자의 안전에 영향을 미치는 공격이 수행될 수 있다.However, since the final control right of an autonomous vehicle is an electronic control unit (ECU) of an internal network, it is vulnerable to attacks such as malicious manipulation of a communication network inside the vehicle. The introduction of open networks such as V2X (Vehicle to Everything) and VANET (Vehicular ad hoc network) facilitates access to the internal network of the vehicle. An attack that affects the safety of the driver can be carried out by operating.
또한, 자동차의 외부 및 내부 장치 간 효율적인 통신을 위해 수많은 전자 제어 시스템 및 소프트웨어가 탑재되고 있으며, 이에 따라 차량 내부 시스템의 복잡성은 지속적으로 증가하고 있다. 차량 내부 전자 장치의 컴퓨팅 성능은 이러한 다수의 전자 시스템을 포괄하기에 한계가 있으며, 따라서 Compromised ECU 장치에 적용 가능한 높은 컴퓨팅 성능의 이상 징후 탐지 모듈의 연구가 요구된다.In addition, a large number of electronic control systems and software are mounted for efficient communication between the external and internal devices of the vehicle, and the complexity of the internal system of the vehicle is continuously increasing. Computing performance of in-vehicle electronic devices is limited to encompassing many such electronic systems, and therefore research on anomalous symptom detection module of high computing performance applicable to a compromised ECU device is required.
최근 출시되는 차량에는 수많은 전자 제어 시스템 및 소프트웨어, 그리고 차량 주변 정보를 인지하기 위한 다양한 ADAS 센서 모듈이 탑재되어 있다. 차량 내부 네트워크 통신은 CAN(Controller Area Network), FlexRay, LIN(Local Interconnect Network) 프로토콜을 통해 이루어 지며, 공격자가 해당 프로토콜 버스(bus)에 진입 가능할 경우 차량 제어를 통해 운전자의 안전에 직결되는 공격이 발생할 수 있다.Recently released vehicles are equipped with numerous electronic control systems and software, as well as various ADAS sensor modules to recognize vehicle surroundings information. Vehicle internal network communication is performed through CAN (Controller Area Network), FlexRay, and LIN (Local Interconnect Network) protocols. If an attacker can enter the protocol bus, Lt; / RTI >
이에 본 발명에서는 원격에서 신속한 이상 징후 탐지가 가능하며, 수집된 여러 차종의 정보 데이터를 쉽게 비교, 분석할 수 있으므로 차량 침입 탐지 기술 연구에 활용 가능할 것으로 전망된다.Accordingly, the present invention can be used for researching vehicle intrusion detection technology because it is possible to detect anomalous signs quickly from a remote location and easily compare and analyze information data of a plurality of collected vehicles.
최근 출시된 자동차는 기존의 ADAS 시스템을 조합하거나 개선하여 발전하므로 복잡한 형태의 내부 시스템 구조를 갖는다. 따라서, 이상 징후 탐지 방법이 한 차종에 국한된다면 해당 차종의 전자 장치에 의존적인 방법이 될 수 있다.Recently developed vehicles have a complex internal system structure because they are developed by combining or improving existing ADAS systems. Therefore, if the abnormality detection method is limited to one vehicle, it can be a method dependent on the electronic device of the corresponding vehicle.
현재 상용화된 차량 내부의 ECU 장치는 이상 징후 탐지와 같은 대용량의 연산을 처리하기에는 부족한 성능을 갖는다. 즉, 현재 고도화되고 있는 차량의 다양한 내부 장치들을 차량에서 제어하기에는 현실적인 어려움이 따른다.Currently commercially available ECU devices in a vehicle have a performance that is insufficient to handle large-capacity arithmetic such as abnormal symptom detection. That is, there is a realistic difficulty in controlling various internal devices of a currently advanced vehicle in a vehicle.
본 발명은 상용화된 다양한 차종이 통신 네트워크 및 전자 장치 기술에 적합한 침입 탐지 방법과 장치를 제안하여, 차량의 내부 시스템에 대한 공격을 신속히 탐지할 수 있는 방법을 제공하고자 한다.The present invention proposes an intrusion detection method and apparatus suitable for a variety of commercial vehicle network and electronic device technologies, and provides a method for quickly detecting an attack on an internal system of a vehicle.
본 발명의 실시 예에 따른 탐지 장치는 차량에 탑재된 제1 단말로부터 복수의 CAN 메시지들을 수신하는 수신부, 상기 복수의 CAN 메시지들을 이용하여 상기 차량의 이상 징후 유무를 판단하는 이상 징후 탐지부, 및 상기 이상 징후 탐지부의 판단 결과를 제2 단말로 송신하는 송신부를 포함하고, 상기 이상 징후 탐지부는 상기 복수의 CAN 메시지들 중 제1 그룹의 CAN 메시지들의 CAN ID 엔트로피를 계산하고, 계산된 엔트로피가 미리 정해진 범위를 벗어나는 경우 이상 징후가 발생한 것으로 판단한다.The detection apparatus according to an embodiment of the present invention includes a receiver for receiving a plurality of CAN messages from a first terminal mounted on the vehicle, an abnormality symptom detection unit for determining the presence or absence of an abnormality of the vehicle using the plurality of CAN messages, Wherein the abnormality symptom detection unit calculates the CAN ID entropy of the CAN messages of the first group among the plurality of CAN messages and transmits the CAN ID entropy of the first group of CAN messages to the second terminal, If it is outside the specified range, it is judged that an abnormal symptom has occurred.
또한, 본 발명의 실시 예에 따른 탐지 시스템은 상기 탐지 장치, 상기 제1 단말 및 상기 제2 단말을 포함한다.In addition, the detection system according to the embodiment of the present invention includes the detection device, the first terminal, and the second terminal.
본 발명의 실시 예에 의할 경우, 원격에서 차량의 이상 징후를 신속하게 탐지 가능하며, 수집된 여러 차종의 정보 데이터를 쉽게 비교, 분석할 수 있는 효과가 있다.According to the embodiment of the present invention, it is possible to quickly detect an anomaly of a vehicle from a remote location, and to easily compare and analyze information data of a plurality of collected vehicles.
본 발명의 상세한 설명에서 인용되는 도면을 보다 충분히 이해하기 위하여 각 도면의 상세한 설명이 제공된다.DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
도 1은 본 발명의 일 실시 예에 따른 시스템을 도시한다.Figure 1 illustrates a system according to an embodiment of the present invention.
도 2는 도 1에 도시된 제1 단말의 기능 블럭도이다.2 is a functional block diagram of the first terminal shown in FIG.
도 3은 도 1에 도시된 서버의 기능 블럭도이다.3 is a functional block diagram of the server shown in FIG.
도 4는 도 3에 도시된 수신부에 의해 수신된 CAN 메시지들 또는 도 2에 도시된 수집부에 의해 수집된 CAN 메시지들의 예시를 도시한다.Fig. 4 shows an example of CAN messages received by the receiver shown in Fig. 3 or CAN messages collected by the collector shown in Fig.
도 5는 도 3에 도시된 수신부에 의해 수신된 상태 정보(또는 상태 검증부에 의해 생성된 차량 데이터) 또는 도 2에 도시된 수집부에 의해 수집된 상태 정보의 예시를 도시한다.Fig. 5 shows an example of the status information (or vehicle data generated by the status verifying unit) received by the receiving unit shown in Fig. 3 or the status information collected by the collecting unit shown in Fig.
도 6은 도 1에 도시된 제2 단말의 기능 블럭도이다.6 is a functional block diagram of the second terminal shown in FIG.
본 명세서에 개시되어 있는 본 발명의 개념에 따른 실시 예들에 대해서 특정한 구조적 또는 기능적 설명은 단지 본 발명의 개념에 따른 실시 예들을 설명하기 위한 목적으로 예시된 것으로서, 본 발명의 개념에 따른 실시 예들은 다양한 형태들로 실시될 수 있으며 본 명세서에 설명된 실시 예들에 한정되지 않는다.It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.
본 발명의 개념에 따른 실시 예들은 다양한 변경들을 가할 수 있고 여러 가지 형태들을 가질 수 있으므로 실시 예들을 도면에 예시하고 본 명세서에서 상세하게 설명하고자 한다. 그러나, 이는 본 발명의 개념에 따른 실시 예들을 특정한 개시 형태들에 대해 한정하려는 것이 아니며, 본 발명의 사상 및 기술 범위에 포함되는 모든 변경, 균등물, 또는 대체물을 포함한다.The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.
제1 또는 제2 등의 용어는 다양한 구성 요소들을 설명하는데 사용될 수 있지만, 상기 구성 요소들은 상기 용어들에 의해 한정되어서는 안 된다. 상기 용어들은 하나의 구성 요소를 다른 구성 요소로부터 구별하는 목적으로만, 예컨대 본 발명의 개념에 따른 권리 범위로부터 벗어나지 않은 채, 제1 구성 요소는 제2 구성 요소로 명명될 수 있고 유사하게 제2 구성 요소는 제1 구성 요소로도 명명될 수 있다.The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.
어떤 구성 요소가 다른 구성 요소에 "연결되어" 있다거나 "접속되어" 있다고 언급된 때에는, 그 다른 구성 요소에 직접적으로 연결되어 있거나 또는 접속되어 있을 수도 있지만, 중간에 다른 구성 요소가 존재할 수도 있다고 이해되어야 할 것이다. 반면에, 어떤 구성 요소가 다른 구성 요소에 "직접 연결되어" 있다거나 "직접 접속되어" 있다고 언급된 때에는 중간에 다른 구성 요소가 존재하지 않는 것으로 이해되어야 할 것이다. 구성 요소들 간의 관계를 설명하는 다른 표현들, 즉 "~사이에"와 "바로 ~사이에" 또는 "~에 이웃하는"과 "~에 직접 이웃하는" 등도 마찬가지로 해석되어야 한다.It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
본 명세서에서 사용한 용어는 단지 특정한 실시 예를 설명하기 위해 사용된 것으로서, 본 발명을 한정하려는 의도가 아니다. 단수의 표현은 문맥상 명백하게 다르게 뜻하지 않는 한, 복수의 표현을 포함한다. 본 명세서에서, "포함하다" 또는 "가지다" 등의 용어는 본 명세서에 기재된 특징, 숫자, 단계, 동작, 구성 요소, 부분품 또는 이들을 조합한 것이 존재함을 지정하려는 것이지, 하나 또는 그 이상의 다른 특징들이나 숫자, 단계, 동작, 구성 요소, 부분품 또는 이들을 조합한 것들의 존재 또는 부가 가능성을 미리 배제하지 않는 것으로 이해되어야 한다.The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.
다르게 정의되지 않는 한, 기술적이거나 과학적인 용어를 포함해서 여기서 사용되는 모든 용어들은 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자에 의해 일반적으로 이해되는 것과 동일한 의미를 가진다. 일반적으로 사용되는 사전에 정의되어 있는 것과 같은 용어들은 관련 기술의 문맥상 가지는 의미와 일치하는 의미를 갖는 것으로 해석되어야 하며, 본 명세서에서 명백하게 정의하지 않는 한, 이상적이거나 과도하게 형식적인 의미로 해석되지 않는다.Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.
이하, 본 명세서에 첨부된 도면들을 참조하여 본 발명의 실시 예들을 상세히 설명한다.Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto.
도 1은 본 발명의 일 실시 예에 따른 시스템을 도시한다.Figure 1 illustrates a system according to an embodiment of the present invention.
차량 시스템, 탐지 시스템, 상태 검증 및 이상 징후 탐지 시스템, 원격 차량 상태 검증 및 이상 징후 탐지 시스템 등으로 명명될 수도 있는 시스템(10)은 제1 단말(100), 서버(300) 및 제2 단말(500)을 포함한다.A system 10, which may be referred to as a vehicle system, a detection system, a status verification and anomaly detection system, a remote vehicle status verification and an anomaly detection system, may include a first terminal 100, a server 300, 500).
제1 단말(100)은 차량 내에 설치되어 차량 내부 네트워크 상에서 전송되는 메시지들(예컨대, CAN(Controller Area Network) 메시지들) 및/또는 상태 정보를 수집하고, 수집된 CAN 메시지들 및/또는 상태 정보를 서버(300)로 송신할 수 있다.The first terminal 100 collects messages (e.g., CAN (Controller Area Network) messages and / or status information) installed in the vehicle and transmitted on the in-vehicle network, collects the collected CAN messages and / To the server (300).
서버(300)는 제1 단말(100)로부터 메시지들을 수신하고, 수신된 메시지들을 이용하여 차량의 이상 징후 유무를 판단할 수 있다. 또한, 서버(300)는 제1 단말(100)로부터 상태 정보를 수신하고, 수신된 상태 정보를 이용하여 차량의 상태를 검증(즉, 차량의 상태의 이상 유무를 판단)할 수 있다. 서버(300)의 판단 결과는 제2 단말(500)로 송신될 수 있다.The server 300 may receive messages from the first terminal 100 and may determine whether there is an anomaly in the vehicle using the received messages. In addition, the server 300 receives status information from the first terminal 100 and verifies the status of the vehicle using the received status information (i.e., determines whether the status of the vehicle is abnormal). The determination result of the server 300 may be transmitted to the second terminal 500.
제2 단말(500)은 서버(300)로부터 판단 결과를 수신하고, 수신된 판단 결과를 소정의 표시부를 통하여 표시할 수 있다. 제2 단말(500)은 차량 운전자의 휴대용 단말일 수 있으나, 본 발명이 이에 제한되는 것은 아니다. 실시 예에 따라 제2 단말은 제1 단말(100)을 의미할 수도 있다.The second terminal 500 may receive the determination result from the server 300 and display the received determination result through a predetermined display unit. The second terminal 500 may be a portable terminal of the driver of the vehicle, but the present invention is not limited thereto. The second terminal may also refer to the first terminal 100 according to an embodiment.
도 2는 도 1에 도시된 제1 단말의 기능 블럭도이다.2 is a functional block diagram of the first terminal shown in FIG.
도 1과 도 2를 참조하면, 제1 단말(100)은 수집부(110)와 송신부(130)를 포함한다. 실시 예에 따라 제1 단말(100)은 저장부(150)를 더 포함할 수도 있다.Referring to FIGS. 1 and 2, a first terminal 100 includes a collecting unit 110 and a transmitting unit 130. The first terminal 100 may further include a storage unit 150 according to an embodiment.
수집부(110)는 차량 네트워크 내에서 전송되는 복수의 메시지들을 수집할 수 있다. 예컨대, 수집부(110)는 차량의 CAN에서 브로드캐스트되는 복수의 CAN 메시지들을 수집할 수 있다. 이를 위해 수집부(110)는 CAN 버스 또는 BCM(Body Control Unit)에 연결되어 있거나 OBD-2(On-board diagnostics-2) 단자와 연결되어 있을 수 있다. 실시 예에 따라, 수집부(110)는 CAN 버스, BCM 또는 OBD-2 단자에 연결된 인터페이스부를 포함할 수도 있다. 수집부(110)에 의해 수집된 복수의 CAN 메시지들은 저장부(150)에 적어도 일시적으로 저장될 수 있다. The collection unit 110 may collect a plurality of messages transmitted in the vehicle network. For example, the collecting unit 110 may collect a plurality of CAN messages broadcast in the CAN of the vehicle. To this end, the collecting unit 110 may be connected to a CAN bus, a body control unit (BCM), or an on-board diagnostics-2 (OBD-2) terminal. According to an embodiment, the collecting unit 110 may include an interface unit connected to the CAN bus, the BCM, or the OBD-2 terminal. The plurality of CAN messages collected by the collecting unit 110 may be temporarily stored in the storage unit 150 at least temporarily.
또한, 수집부(110)는 차량의 상태 정보를 수집하고 수집된 상태 정보를 저장부(150)에 저장할 수도 있다. 예컨대, 수집부(110)는 OBD-2 단자를 통해 차량의 현재 상태에 관한 질의(쿼리) 메시지를 송신하고, 차량으로부터 상태 정보를 수신할 수 있다.The collecting unit 110 may collect the state information of the vehicle and store the collected state information in the storage unit 150. [ For example, the collecting unit 110 may transmit a query message regarding the current state of the vehicle through the OBD-2 terminal and receive status information from the vehicle.
송신부(130)는 수집부(110)에 의해 수집된 복수의 메시지들 및/또는 상태 정보 또는 저장부(150)에 저장되어 있는 복수의 메시지들 및/또는 상태 정보를 서버(300)로 송신할 수 있다. 이때, 무선 통신망이 이용될 수 있으나, 본 발명이 이에 제한되는 것은 아니다.The transmitting unit 130 transmits a plurality of messages and / or status information collected by the collecting unit 110 or a plurality of messages and / or status information stored in the storage unit 150 to the server 300 . At this time, a wireless communication network can be used, but the present invention is not limited thereto.
저장부(150)에는 수집부(110)에 의해 수집된 복수의 메시지들 및/또는 차량의 상태 정보가 적어도 일시적으로 저장될 수 있다.The storage unit 150 may at least temporarily store a plurality of messages collected by the collecting unit 110 and / or vehicle status information.
도 3은 도 1에 도시된 서버의 기능 블럭도이다.3 is a functional block diagram of the server shown in FIG.
도 3을 참조하면, 탐지 장치, 탐지 서버 등으로 명명될 수도 있는 서버(300)는 수신부(310), 이상 징후 탐지부(330) 및 송신부(370)를 포함한다. 실시 예에 따라, 서버(300)는 상태 검증부(350) 및 저장부(390) 중 적어도 하나를 더 포함할 수도 있다.3, a server 300, which may be referred to as a detection device, a detection server, and the like, includes a receiving unit 310, an abnormal symptom detecting unit 330, and a transmitting unit 370. According to an embodiment, the server 300 may further include at least one of the status verifying unit 350 and the storing unit 390. [
수신부(310)는 제1 단말(100)로부터 CAN 메시지들 및/또는 차량 상태 정보를 수신하고, 수신된 CAN 메시지들 및/또는 차량 상태 정보는 저장부(390)에 저장될 수 있다. 수신부(310)에 의해 수신된 CAN 메시지들 또는 수집부(110)에 의해 수집된 CAN 메시지들의 예시는 도 4에 도시되어 있다. 도 4를 참조하면, CAN 메시지에는 메시지 생성 시간을 나타내는 타임스탬프(timestamp), 메시지의 우선 순위 및 식별을 위한 CAN ID, 및 데이터 정보 등을 포함하는 CAN 메시지 필드 등이 포함될 수 있다.The receiving unit 310 receives the CAN messages and / or the vehicle status information from the first terminal 100, and the received CAN messages and / or the vehicle status information may be stored in the storage unit 390. An example of the CAN messages received by the receiver 310 or the CAN messages collected by the collector 110 is shown in FIG. Referring to FIG. 4, the CAN message may include a timestamp indicating a message generation time, a CAN message field including a priority of a message and a CAN ID for identification, and a CAN message field including data information.
이상 징후 탐지부(330)는 수신부(310)에 의해 수신된 CAN 메시지들 또는 저장부(390)에 저장되어 있는 CAN 메시지들을 이용하여 차량의 이상 여부(예컨대, 재밍(jamming) 공격이나 스푸핑(spoofing) 공격과 같이 차량을 상대로 한 악의적인 공격 발생 여부)를 판단할 수 있다. 예컨대, 이상 징후 탐지부(330)는 엔트로피 기반의 이상 징후 탐지 동작을 수행할 수 있다. 구체적으로, 이상 징후 탐지부(330)는 Shannon's diversity index 수식인 수학식 1을 이용하여 CAN ID의 엔트로피(
Figure PCTKR2018009508-appb-I000001
)를 계산하고, 계산된 엔트로피(
Figure PCTKR2018009508-appb-I000002
)에 기초하여 차량의 이상 여부를 결정(또는 탐지)할 수 있다. 즉, 이상 징후 탐지부(330)는 계산된 엔트로피(
Figure PCTKR2018009508-appb-I000003
)가 미리 정해진 범위(정상 범위)를 벗어나는 경우(초과하거나 미만되는 경우) 차량에 이상이 발생한 것으로 판단할 수 있다. 기존에 발견되지 않았던 많은 종류의 CAN ID가 유입될 경우 다양성 지수가 상승하여 엔트로피 값이 증가하며, 특정 CAN ID가 유입될 경우 다양성 지수가 급격하게 낮아지기 때문에, 이를 반영하면 차량의 이상 여부를 판단할 수 있다.The abnormality symptom detection unit 330 detects whether the vehicle is abnormal (for example, jamming attack or spoofing) using the CAN messages received by the receiving unit 310 or the CAN messages stored in the storage unit 390. [ ) Attack or a malicious attack against a vehicle such as an attack). For example, the abnormal symptom detection unit 330 may perform an entropy-based abnormal symptom detection operation. Specifically, the abnormality symptom detection unit 330 detects the entropy of the CAN ID using the Shannon's diversity index formula (Equation 1)
Figure PCTKR2018009508-appb-I000001
), And the calculated entropy (
Figure PCTKR2018009508-appb-I000002
(Or detecting) an abnormality of the vehicle based on the detected vehicle speed. That is, the abnormality symptom detection unit 330 detects the calculated entropy (
Figure PCTKR2018009508-appb-I000003
) Is out of the predetermined range (normal range) (exceeds or falls below the predetermined range), it can be determined that an abnormality has occurred in the vehicle. When a large number of CAN IDs that have not been found before are introduced, the diversity index rises and the entropy value increases. When a specific CAN ID is inputted, the diversity index sharply decreases. .
Figure PCTKR2018009508-appb-M000001
Figure PCTKR2018009508-appb-M000001
수학식 1에서
Figure PCTKR2018009508-appb-I000004
은 미리 정해진 시간 구간 동안에 출현한 CAN ID의 개수를 의미하고,
Figure PCTKR2018009508-appb-I000005
는 상기 미리 정해진 시간 구간 동안에
Figure PCTKR2018009508-appb-I000006
개의 CAN ID 중
Figure PCTKR2018009508-appb-I000007
번째 CAN ID의 분포 확률(또는, 상기 미리 정해진 시간 구간 동안에 발생한 CAN 메시지의 개수 중 상기
Figure PCTKR2018009508-appb-I000008
번째 CAN ID를 포함하는 CAN 메시지의 비율)을 의미할 수 있다.In Equation (1)
Figure PCTKR2018009508-appb-I000004
Denotes the number of CAN IDs that have appeared during a predetermined time period,
Figure PCTKR2018009508-appb-I000005
For a predetermined period of time
Figure PCTKR2018009508-appb-I000006
Of CAN IDs
Figure PCTKR2018009508-appb-I000007
(I. E., The number of CAN messages generated during the predetermined time interval)
Figure PCTKR2018009508-appb-I000008
Lt; RTI ID = 0.0 > CAN < / RTI >
CAN ID의 엔트로피(
Figure PCTKR2018009508-appb-I000009
)는 주기적으로 계산될 수 있고, 상기 미리 정해진 시간 구간은 계산되는 주기와는 다를 수 있다. 예컨대, CAN ID 엔트로피(
Figure PCTKR2018009508-appb-I000010
)는 매초(또는 매 2초)마다 계산될 수 있고, 계산에 이용되는 CAN 메시지들은 2초(또는 1초) 동안 생성되거나 수신된 CAN 메시지들일 수 있다. 다른 예로, CAN ID 엔트로피(
Figure PCTKR2018009508-appb-I000011
)는 매초마다 계산될 수 있고, 계산에 이용되는 CAN 메시지들은 1초 동안 생성되거나 수신된 CAN 메시지들일 수도 있다.Entropy of CAN ID (
Figure PCTKR2018009508-appb-I000009
) May be calculated periodically, and the predetermined time period may be different from the period in which it is calculated. For example, CAN ID entropy (
Figure PCTKR2018009508-appb-I000010
) May be calculated every second (or every 2 seconds), and the CAN messages used for the calculation may be CAN messages generated or received for 2 seconds (or 1 second). As another example, CAN ID entropy (
Figure PCTKR2018009508-appb-I000011
) May be calculated every second, and the CAN messages used for the calculation may be CAN messages generated or received for one second.
상태 검증부(350)는 차량으로부터 수신된 차량의 상태 정보를 이용하여 차량 데이터를 생성할 수 있다. 차량으로부터 수신된 차량의 상태 정보는 엔진 RPM 등에 관한 직접적인 수치를 제공하지 않기 때문에 추가적인 가공을 통해 엔진 RPM 등, 즉 차량 데이터를 생성할 수 있다. 상태 검증부(350)에 의해 생성 가능한 차량 데이터는 엔진 RPM(engine rpm), 엔진 오일 온도(engine oil temperature) 미션 오일 온도(transmission oil temperature), 차량 속도(vehicle speed), 냉각수 온도(engine coolant temperature) 중 적어도 하나를 포함할 수 있다. 수신부(310)에 의해 수신된 상태 정보(또는 상태 검증부(350)에 의해 생성된 차량 데이터) 또는 수집부(110)에 의해 수집된 상태 정보의 예시는 도 5에 도시되어 있다.The state verification unit 350 can generate vehicle data using the state information of the vehicle received from the vehicle. Since the state information of the vehicle received from the vehicle does not provide a direct numerical value regarding the engine RPM or the like, it is possible to generate the engine RPM or the like, that is, the vehicle data through additional processing. The vehicle data that can be generated by the state verifying unit 350 includes engine RPM, engine oil temperature, transmission oil temperature, vehicle speed, engine coolant temperature ). ≪ / RTI > An example of the status information received by the receiving unit 310 (or the vehicle data generated by the status verifying unit 350) or the status information collected by the collecting unit 110 is shown in FIG.
또한, 상태 검증부(350)는 생성된 차량 데이터 각각을 미리 정해진 범위(정상 범위)와 비교하여 미리 정해진 범위를 벗어나는 경우(초과하거나 미만되는 경우), 예컨대, 상태 검증부(350)는 엔진 rpm(revolutions per minute)이 0~6000의 범위를 벗어나는 경우, 냉각수 온도가 0~110℃의 범위를 벗어나는 경우, 차량의 속도가 -20~110m/s의 범위를 벗어나는 경우 등을 차량의 상태에 이상이 생긴 것으로 결정할 수 있다.The state verifying unit 350 compares the generated vehicle data with a predetermined range (normal range), and when the vehicle outside the prescribed range (exceeds or falls below a predetermined range), for example, (revolutions per minute) is outside the range of 0 to 6000, the cooling water temperature is outside the range of 0 to 110 ° C, the vehicle speed is outside the range of -20 to 110 m / s, Can be determined.
송신부(370)는 이상 징후 탐지부(330)의 탐지 결과(차량의 이상 여부 또는 차량을 상대로 한 악의적인 공격 발생 여부) 및/또는 상태 검증부(350)의 검증 결과(차량 상태의 이상 여부)를 제2 단말기(500)로 송신할 수 있다.The transmission unit 370 transmits the detection result of the abnormality symptom detection unit 330 (whether the vehicle is abnormal or malicious attack against the vehicle) and / or the verification result of the state verification unit 350 To the second terminal (500).
저장부(390)에는 수신부(310)에 의해 수신된 차량 메시지들(CAN 메시지들), 차량의 상태 정보, 이상 징후 탐지부(330)의 탐지 결과, 상태 검증부(350)의 검증 결과 등이 저장될 수 있다.The storage unit 390 stores the vehicle messages (CAN messages) received by the receiving unit 310, the vehicle status information, the detection result of the abnormality symptom detection unit 330, the verification result of the state verification unit 350, Lt; / RTI >
도 6은 도 1에 도시된 제2 단말의 기능 블럭도이다.6 is a functional block diagram of the second terminal shown in FIG.
차량의 운전자에 의해 휴대되는 이동 단말이거나 차량에 탑재된 단말일 수 있는 제2 단말(500)은 수신부(510)와 표시부(530)를 포함한다.The second terminal 500, which may be a mobile terminal carried by a driver of the vehicle or a terminal mounted on the vehicle, includes a receiving unit 510 and a display unit 530.
수신부(510)는 서버(300)로부터 차량의 이상 여부에 대한 정보, 즉 이상 징후 판단부(330)의 판단 결과를 수신할 수 있다.The receiving unit 510 may receive information on the vehicle abnormality from the server 300, that is, the determination result of the abnormality symptom determination unit 330.
표시부(530)는 수신부(510)에 의해 수신된 차량의 이상 여부를 디스플레이할 수 있다. 상술한 바와 같이, 차량의 이상 여부는 표시부에 디스플레이되어 운전자에게 신속히 전달되므로, 신속한 대응이 가능하다. 실시 예에 따라, 표시부(530)는 차량의 이상을 알리기 위해 경고 알림을 출력할 수도 있다. 또한, 표시부(530)는 차량의 현재 상태를 표나 그래프 형태로 출력할 수도 있다.The display unit 530 can display an abnormality of the vehicle received by the receiving unit 510. [ As described above, since the abnormality of the vehicle is displayed on the display unit and quickly transmitted to the driver, quick response is possible. According to the embodiment, the display unit 530 may output an alarm notification to notify the vehicle abnormality. Also, the display unit 530 may output the current state of the vehicle in the form of a table or a graph.
실시 예에 따라, 제2 단말(500)은 제1 단말(300)을 의미할 수 있는데, 이 경우, 제1 단말(100) 또는 제2 단말(500)은 수집부(110), 송신부(130), 저장부(150), 수신부(510) 및 표시부(530)를 모두 포함하는 것으로 이해될 수도 있다.In this case, the first terminal 100 or the second terminal 500 may include a collecting unit 110, a transmitting unit 130, ), A storage unit 150, a receiving unit 510, and a display unit 530, as shown in FIG.
또한, 도 2, 도 3 및 도 6에 도시된 제1 단말(100), 서버(300) 및 제2 단말(500)의 구성들 각각은 기능 및 논리적으로 분리될 수 있음으로 나타내는 것이며, 반드시 각각의 구성이 별도의 물리적 장치로 구분되거나 별도의 코드로 작성됨을 의미하는 것이 아님을 본 발명의 기술분야의 평균적 전문가는 용이하게 추론할 수 있을 것이다.In addition, each of the configurations of the first terminal 100, the server 300, and the second terminal 500 shown in FIG. 2, FIG. 3, and FIG. 6 may be functionally and logically separated. May be easily deduced by an average expert in the field of the present invention that does not mean that the configuration of the device is divided into separate physical devices or written in a separate code.
또한, 본 명세서에서 "~부"라 함은, 본 발명의 기술적 사상을 수행하기 위한 하드웨어 및 상기 하드웨어를 구동하기 위한 소프트웨어의 기능적, 구조적 결합을 의미할 수 있다. 예컨대, 상기 "~부"는 소정의 코드와 상기 소정의 코드가 수행되기 위한 하드웨어 리소스의 논리적인 단위를 의미할 수 있으며, 반드시 물리적으로 연결된 코드를 의미하거나, 한 종류의 하드웨어를 의미하는 것이 아니다.Also, in this specification, "part" may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the above-mentioned "part" may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware .
본 발명은 도면에 도시된 실시 예를 참고로 설명되었으나 이는 예시적인 것에 불과하며, 본 기술 분야의 통상의 지식을 가진 자라면 이로부터 다양한 변형 및 균등한 타 실시 예가 가능하다는 점을 이해할 것이다. 따라서, 본 발명의 진정한 기술적 보호 범위는 첨부된 등록청구범위의 기술적 사상에 의해 정해져야 할 것이다.While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

Claims (9)

  1. 차량에 탑재된 제1 단말로부터 복수의 CAN(Controller Area Network) 메시지들을 수신하는 수신부;A receiver for receiving a plurality of CAN (Controller Area Network) messages from a first terminal mounted on a vehicle;
    상기 복수의 CAN 메시지들을 이용하여 상기 차량의 이상 징후 유무를 판단하는 이상 징후 탐지부; 및An abnormality symptom detection unit for determining whether the vehicle has an abnormal symptom using the plurality of CAN messages; And
    상기 이상 징후 탐지부의 판단 결과를 제2 단말로 송신하는 송신부를 포함하고,And a transmitter for transmitting the determination result of the abnormal symptom detection unit to the second terminal,
    상기 이상 징후 탐지부는 상기 복수의 CAN 메시지들 중 제1 그룹의 CAN 메시지들의 CAN ID 엔트로피(
    Figure PCTKR2018009508-appb-I000012
    )를 계산하고, 계산된 엔트로피(
    Figure PCTKR2018009508-appb-I000013
    )가 미리 정해진 범위를 벗어나는 경우 이상 징후가 발생한 것으로 판단하는,    The abnormality symptom detection unit may detect a CAN ID entropy of a first group of CAN messages among the plurality of CAN messages
    Figure PCTKR2018009508-appb-I000012
    ), And the calculated entropy (
    Figure PCTKR2018009508-appb-I000013
    ) Is out of a predetermined range, it is determined that an abnormal symptom has occurred,
    탐지 장치.Detector.
  2. 제1항에 있어서,The method according to claim 1,
    상기 이상 징후 탐지부는 수학식을 이용하여 상기 CAN ID 엔트로피(
    Figure PCTKR2018009508-appb-I000014
    )를 계산하고,    The abnormality symptom detection unit may calculate the CAN ID entropy (
    Figure PCTKR2018009508-appb-I000014
    ),
    상기 수학식은
    Figure PCTKR2018009508-appb-I000015
    이고,    The equation
    Figure PCTKR2018009508-appb-I000015
    ego,
    상기
    Figure PCTKR2018009508-appb-I000016
    은 상기 제1 그룹의 CAN 메시지들에 포함된 CAN ID의 개수를 의미하고, 상기
    Figure PCTKR2018009508-appb-I000017
    는 상기
    Figure PCTKR2018009508-appb-I000018
    개의 CAN ID 중
    Figure PCTKR2018009508-appb-I000019
    번째 CAN ID의 분포 확률을 의미하는,    remind
    Figure PCTKR2018009508-appb-I000016
    Means the number of CAN IDs included in the CAN messages of the first group,
    Figure PCTKR2018009508-appb-I000017
    Quot;
    Figure PCTKR2018009508-appb-I000018
    Of CAN IDs
    Figure PCTKR2018009508-appb-I000019
    Lt; RTI ID = 0.0 > ID < / RTI >
    탐지 장치.Detector.
  3. 제2항에 있어서,3. The method of claim 2,
    상기 이상 징후는 상기 차량을 대상으로 한 재밍(jamming) 공격 또는 스푸핑(spoofing) 공격을 의미하는,The abnormal symptom is a jamming attack or a spoofing attack targeting the vehicle.
    탐지 장치.Detector.
  4. 제1항에 있어서,The method according to claim 1,
    상기 탐지 장치는 상태 검증부를 더 포함하고,The detection device further includes a status verifying unit,
    상기 수신부는 상기 차량으로부터 상기 차량의 상태 정보를 더 수신하고,Wherein the receiving unit further receives status information of the vehicle from the vehicle,
    상기 상태 검증부는 상기 상태 정보로부터 엔진 rpm(revolutions per minute), 엔진 오일 온도(engine oil temperature), 차량 속도(vehicle speed) 및 냉각수 온도(engine coolant temperature) 중 적어도 하나를 포함하는 차량 데이터를 생성하고, 생성된 차량 데이터가 미리 정해진 제2 범위를 벗어나는 경우 상기 차량의 상태에 이상이 생긴 것으로 판단하는,The state verifying unit generates vehicle data including at least one of revolutions per minute (rpm), engine oil temperature, vehicle speed, and engine coolant temperature from the state information And judging that an abnormality has occurred in the state of the vehicle when the generated vehicle data deviates from a predetermined second range,
    탐지 장치.Detector.
  5. 제4항에 있어서,5. The method of claim 4,
    상기 송신부는 상기 상태 검증부의 판단 결과를 상기 제2 단말로 송신하는,Wherein the transmission unit transmits the determination result of the state verification unit to the second terminal,
    탐지 장치.Detector.
  6. 제1항에 있어서,The method according to claim 1,
    상기 제1 그룹의 CAN 메시지들은 미리 정해진 시간 구간 동안에 생성되거나 상기 미리 정해진 시간 구간 동안에 수신된 CAN 메시지들인,Wherein the first group of CAN messages are CAN messages generated during a predetermined time interval or received during the predetermined time interval,
    탐지 장치.Detector.
  7. 제1항에 기재된 탐지 장치;A detection device according to claim 1;
    상기 제1 단말; 및The first terminal; And
    상기 제2 단말을 포함하는 탐지 시스템.And the second terminal.
  8. 제7항에 있어서,8. The method of claim 7,
    상기 제1 단말은,The first terminal,
    상기 차량의 CAN 버스를 통해 브로드캐스트되는 상기 복수의 CAN 메시지들을 수집하는 수집부; 및A collecting unit collecting the plurality of CAN messages broadcasted through a CAN bus of the vehicle; And
    상기 복수의 CAN 메시지들을 상기 서버로 송신하는 송신부를 포함하는,And a transmitter for transmitting the plurality of CAN messages to the server.
    탐지 시스템.Detection system.
  9. 제4항에 기재된 탐지 장치, 상기 제1 단말 및 상기 제2 단말을 포함하는 탐지 시스템에 있어서,The detection system according to claim 4, wherein the detection system includes the first terminal and the second terminal,
    상기 제1 단말은,The first terminal,
    상기 차량의 CAN 버스를 통해 브로드캐스트되는 상기 복수의 CAN 메시지들과 상기 차량의 상태 정보를 수집하는 수집부; 및A collecting unit for collecting the plurality of CAN messages broadcasted through the CAN bus of the vehicle and the status information of the vehicle; And
    상기 복수의 CAN 메시지들과 상기 상태 정보를 상기 서버로 송신하는 송신부를 포함하고,And a transmitter for transmitting the plurality of CAN messages and the status information to the server,
    상기 수집부는 상기 차량의 OBD-2(On-board diagnostics-2) 단자를 통해 송신한 질의 메시지에 대한 응답으로 상기 상태 정보를 수신하는,The collecting unit receives the status information in response to a query message transmitted through an on-board diagnostics-2 (OBD-2) terminal of the vehicle.
    탐지 시스템.Detection system.
PCT/KR2018/009508 2017-11-29 2018-08-20 Device for verifying condition and detecting signs of abnormality of vehicle, and system including same WO2019107704A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2017-0162129 2017-11-29
KR1020170162129A KR101995903B1 (en) 2017-11-29 2017-11-29 Device for verifying status and detecting anomaly of vehicle and system having the same

Publications (1)

Publication Number Publication Date
WO2019107704A1 true WO2019107704A1 (en) 2019-06-06

Family

ID=66665083

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/009508 WO2019107704A1 (en) 2017-11-29 2018-08-20 Device for verifying condition and detecting signs of abnormality of vehicle, and system including same

Country Status (2)

Country Link
KR (1) KR101995903B1 (en)
WO (1) WO2019107704A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398672A (en) * 2019-08-16 2021-02-23 北京新能源汽车股份有限公司 Message detection method and device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210043053A (en) 2019-10-10 2021-04-21 고려대학교 산학협력단 Device and method for can traffic modeling and device and method for anomaly detection
CN111752263B (en) * 2020-07-22 2021-12-07 广州小鹏汽车科技有限公司 Detection system, detection method, and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090054196A (en) * 2007-11-26 2009-05-29 한국전자통신연구원 Device and method for detecting anomalous traffic
KR101010124B1 (en) * 2010-07-13 2011-01-24 주식회사 하이홈티비 The apparatus and method of black box to smart eco-hybrid communication
KR101638613B1 (en) * 2015-04-17 2016-07-11 현대자동차주식회사 In-vehicle network intrusion detection system and method for controlling the same
KR101721035B1 (en) * 2016-01-07 2017-03-30 고려대학교 산학협력단 Appratus and method for detecting vehicle intrusion
KR101734505B1 (en) * 2016-04-29 2017-05-11 재단법인대구경북과학기술원 Method and apparatus for detecting attack in vehicle network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110004167U (en) * 2009-10-21 2011-04-27 임동해 The Device for Driving Information Acquisition and Analysis Using the Monitoring the ECUElectronic Control Unit Communication Data of the Vehicle
US9703955B2 (en) 2014-07-17 2017-07-11 VisualThreat Inc. System and method for detecting OBD-II CAN BUS message attacks
KR20160071980A (en) 2014-12-13 2016-06-22 조성규 Injector diagnosis method and system for OBD2
KR101789734B1 (en) 2016-04-27 2017-10-25 코드시스템주식회사 Operating method for switching a plurality of display pages in the vehicle information display apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090054196A (en) * 2007-11-26 2009-05-29 한국전자통신연구원 Device and method for detecting anomalous traffic
KR101010124B1 (en) * 2010-07-13 2011-01-24 주식회사 하이홈티비 The apparatus and method of black box to smart eco-hybrid communication
KR101638613B1 (en) * 2015-04-17 2016-07-11 현대자동차주식회사 In-vehicle network intrusion detection system and method for controlling the same
KR101721035B1 (en) * 2016-01-07 2017-03-30 고려대학교 산학협력단 Appratus and method for detecting vehicle intrusion
KR101734505B1 (en) * 2016-04-29 2017-05-11 재단법인대구경북과학기술원 Method and apparatus for detecting attack in vehicle network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398672A (en) * 2019-08-16 2021-02-23 北京新能源汽车股份有限公司 Message detection method and device
CN112398672B (en) * 2019-08-16 2023-07-25 北京新能源汽车股份有限公司 Message detection method and device

Also Published As

Publication number Publication date
KR20190063209A (en) 2019-06-07
KR101995903B1 (en) 2019-10-01

Similar Documents

Publication Publication Date Title
WO2019107704A1 (en) Device for verifying condition and detecting signs of abnormality of vehicle, and system including same
JP7178346B2 (en) Vehicle monitoring device, fraud detection server, and control method
US9703955B2 (en) System and method for detecting OBD-II CAN BUS message attacks
CN107567005B (en) Internet of vehicles abnormal behavior detection method and system based on artificial immune system
CN103078836B (en) Computer security in In-vehicle networking
CN109410498B (en) Alarm method, alarm system and automobile
US11522878B2 (en) Can communication based hacking attack detection method and system
US9773353B2 (en) Wireless automotive interface device
WO2018070601A1 (en) Can controller safe against can-communication-based hacking attack
WO2021162473A1 (en) System and method for detecting intrusion into in-vehicle network
KR101972457B1 (en) Method and System for detecting hacking attack based on the CAN protocol
WO2017131253A1 (en) Vehicle proxy device and vehicle data management method of data management server
WO2015065131A1 (en) System for collecting and sharing traffic accident information by using black boxes and smartphones, and method for same
US20220182404A1 (en) Intrusion path analysis device and intrusion path analysis method
CN108162895A (en) The electric-controlled parts on-line monitoring system and method for a kind of pure electric automobile
WO2021016290A1 (en) Multi-state messenging anomaly detection for securing a broadcast network
WO2014084594A1 (en) Apparatus and method for monitoring traffic violations
WO2020184001A1 (en) On-vehicle security measure device, on-vehicle security measure method, and security measure system
Jeon et al. A study on traffic characteristics for anomaly detection of Ethernet-based IVN
KR101825711B1 (en) A CAN controller secured from hacking attack based on the CAN protocol
Deng et al. A novel intrusion detection system for next generation in-vehicle networks
Tanksale Controller area network security requirements
CN113795836A (en) Method and system for detecting intrusion in vehicle system
WO2022092398A1 (en) Monitoring method and system using vehicle camera
CN210149261U (en) Vehicle-mounted intelligent electronic system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18883761

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18883761

Country of ref document: EP

Kind code of ref document: A1