CN105631323A - Method and device for identifying and processing malicious behaviors of OBD (On-Board Diagnostics) equipment - Google Patents
Method and device for identifying and processing malicious behaviors of OBD (On-Board Diagnostics) equipment Download PDFInfo
- Publication number
- CN105631323A CN105631323A CN201610065787.9A CN201610065787A CN105631323A CN 105631323 A CN105631323 A CN 105631323A CN 201610065787 A CN201610065787 A CN 201610065787A CN 105631323 A CN105631323 A CN 105631323A
- Authority
- CN
- China
- Prior art keywords
- obd
- data
- vehicle
- equipment
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/031—Protect user input by software means
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a device for identifying and handling malicious behaviors of OBD (On-Board Diagnostics) equipment, belongs to the field of equipment data monitoring, and aims to inform a vehicle owner of malicious behaviors of the OBD equipment in a vehicle and judge whether operation is practical or not. The method is characterized by comprising the following steps: S1, monitoring OBD data of a response action behavior in an OBD equipment diagnostic protocol; S2, when the OBD data are acquired, storing the OBD data, and informing a user that the action behavior is to be executed; S3, judging whether the action behavior is executable or not by the user, transmitting the stored OBD data to the vehicle to be executed when the action behavior is judged to be executable, and clearing the stored OBD data when the action behavior is judged to be un-executable. The method and the device have the effect that an interface for the user to operate in the case of actual OBD malicious behaviors is provided, so that malicious modification of the vehicle of the user is prevented.
Description
Technical field
The invention belongs to device data monitoring field, particularly relate to a kind of method identifying OBD equipment malicious act and processing method thereof.
Background technology
Vehicle-mounted OBD interface both can provide 12V power supply, vehicle data can be obtained again, so the product based on vehicle-mounted OBD interface is a lot, what have can calculate oil consumption, what have can add up distance travelled, and what have can detect vehicle trouble messages, and what have can also control some electrical equipment of vehicle, such as vehicle window, lock etc. But, vehicle-mounted OBD interface also brings hidden danger to car owner while bringing convenience to car owner, because car owner wants the function used to be likely to can become the third party " accomplice ", such as, car owner wants to utilize OBD equipment to be automatically switched off/open vehicle window function, other people are by monitoring the data exchange process in this process, it is also possible to the vehicle window of operation car.
Summary of the invention
Based on above technical problem, the present invention provides a kind of method identifying OBD equipment malicious act, makes car owner know OBD equipment malicious act onboard, it is determined that whether operation can carry out.
To achieve these goals, the present invention adopts the following technical scheme that a kind of OBD of identification equipment malicious act the method processed, including:
S1. the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
When S2. getting these OBD data, these OBD data are stored, and notify that this action behavior of user is about to perform;
S3. judged whether this action behavior can perform by user, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage.
Further, described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer and K application layer: electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
Further, by the system monitoring OBD equipment of monitor in real time OBD equipment behavior, this system includes: connect the vehicle-mounted OBD equipment of vehicle-mounted OBD interface, OBD interface increases a patchcord, it connects vehicle-mounted OBD equipment behavior data acquisition hardware, described vehicle-mounted OBD behavioral data acquisition hardware gathers the interaction data of vehicle-mounted OBD equipment and CAN, sends the data to data parsing terminal and resolves, and is shown resolving the behavioural information obtained.
Further, described vehicle-mounted OBD equipment behavior data acquisition hardware, including CAN circuit, K bus circuit, wireless transport module, vehicle-mounted OBD equipment behavior data acquisition hardware monitors vehicle-mounted OBD equipment by CAN or K line, when having data interaction, wireless transport module sends these data to data parsing terminal the behavioural information being shown OBD equipment corresponding to these data.
Further, described data parsing terminal is mobile phone A PP end.
The invention still further relates to a kind of OBD of identification equipment malicious act the device processed, including:
Monitoring modular, the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
These OBD data, when getting these OBD data, are stored by storage and notification module, and notify that this action behavior of user is about to perform;
Judge to perform module, user judge whether this action behavior can perform, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage. Further, described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer and K application layer: electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
Beneficial effect:
1. it is supplied to operation interface during user's real OBD malicious act, it is prevented that user's vehicle malicious modification;
2. ensure vehicle bus safety, it is prevented that owing to incorrect operation causes vehicle ECU " paralysis ".
Accompanying drawing explanation
Fig. 1 is the composition schematic diagram of the vehicle-mounted OBD equipment behavior data acquisition hardware of the present invention;
Fig. 2 is the system composition schematic diagram of monitor in real time OBD equipment behavior of the present invention;
Fig. 3 is the flow chart of detection method.
Detailed description of the invention
Embodiment 1: a kind of OBD of identification equipment malicious act the method processed, a kind of OBD of identification equipment malicious act the method processed, including:
S1. the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
When S2. getting these OBD data, these OBD data are stored, and notify that this action behavior of user is about to perform;
S3. judged whether this action behavior can perform by user, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage.
Wherein: described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer (ISO14229) and K application layer (ISO14230): electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
Embodiment 2: there is the technical scheme identical with embodiment 1, more specifically, as depicted in figs. 1 and 2, by the system monitoring OBD equipment of monitor in real time OBD equipment behavior, this system includes: connect the vehicle-mounted OBD equipment of vehicle-mounted OBD interface, OBD interface increases a patchcord, it connects vehicle-mounted OBD equipment behavior data acquisition hardware, described vehicle-mounted OBD behavioral data acquisition hardware gathers the interaction data of vehicle-mounted OBD equipment and CAN, send the data to data parsing terminal resolve, and shown resolving the behavioural information obtained.
Described vehicle-mounted OBD equipment behavior data acquisition hardware, including CAN circuit, K bus circuit, wireless transport module, vehicle-mounted OBD equipment behavior data acquisition hardware monitors vehicle-mounted OBD equipment by CAN or K line, when having data interaction, wireless transport module sends these data to data parsing terminal the behavioural information being shown OBD equipment corresponding to these data. Described data parsing terminal is mobile phone A PP end.
Analysis can realize in vehicle-mounted OBD equipment behavior data acquisition hardware, and the vehicle-mounted OBD equipment behavior data acquisition hardware in the present embodiment still has the functions such as Filtering Analysis, it is contemplated that vehicle-mounted OBD equipment behavior data acquisition hardware installation site is comparatively hidden, this hardware cannot conveniently be shown to user, so showing to user at mobile phone terminal. The another one reason resolved at mobile phone terminal is exactly upgrade the efficiency far of mobile phone terminal program higher than the efficiency of upgrading hardware, it is possible to quickly update APP.
Embodiment 3: the present embodiment has the technical scheme identical with embodiment 2, and the method that the data parsing of reception is become vehicle-mounted OBD equipment behavior information by described parsing terminal is: such as accompanying drawing 3, this parsing is really when obtaining vehicle-mounted OBD transmission instruction, this instruction has been resolved, instruction is corresponding with behavior, the parsing of instruction carries out according to international standard 14229 and 15031, wherein 15031 define the implication of partial value, some is depot's custom instruction, but is all consistent with international standard.
Accompanying drawing 3 gives the resolving of the behavior " obtaining vehicle motor rotating speed " of OBD equipment, vehicle-mounted OBD equipment sends instruction code, example: 07DF, 02010C, these data are listened to, by CAN or K line, this instruction that vehicle-mounted OBD equipment sends by vehicle-mounted OBD equipment behavior data acquisition hardware, and wireless transport module sends these data to data parsing terminal carry out resolving and shown the behavioural information of OBD equipment corresponding to these data. In resolving, owing to the behavior resolved is the carrying out according to international standard 14229 and 15031, it is possible to just obtained the behavioral data of its correspondence by the instruction code of 07DF, 02010C.
Embodiment 4: a kind of OBD of identification equipment malicious act the device processed, including:
Monitoring modular, the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
These OBD data, when getting these OBD data, are stored by storage and notification module, and notify that this action behavior of user is about to perform;
Judge to perform module, user judge whether this action behavior can perform, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage.
Wherein: described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer and K application layer: electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
The method that this device can be used for performing described in embodiment 1-3.
Embodiment 5: a kind of method of the OBD of identification equipment malicious act is the diagnosing protocol of diagnosing protocol and the K application layer (ISO14230) utilizing automaker's CAN application layer (ISO14229), for occurring
Electronic control unit resets (0x11);
Safety enters (0x27);
Data (0x2E) are write by identifier;
Internal memory (0x3D) is write by address;
Remove diagnostic message (0x14);
Remotely control (0x31).
When the hardware system of identification OBD equipment malicious act listens to data above:
1, current OBD data are stored;
2, the action that the equipment that user uses to perform is notified;
3, when user selects answer certainly, according to the data preserved, send to vehicle; User selects negative answer, empties the CAN data that this user preserves.
The above; it is only the present invention preferably detailed description of the invention; but protection scope of the present invention is not limited thereto; any those familiar with the art is in the technical scope of present disclosure; it is equal to replacement according to technical scheme and inventive concept thereof or is changed, all should be encompassed within protection scope of the present invention.
Claims (7)
1. one kind identifies OBD equipment malicious act the method processed, it is characterised in that including:
S1. the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
When S2. getting these OBD data, these OBD data are stored, and notify that this action behavior of user is about to perform;
S3. judged whether this action behavior can perform by user, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage.
2. the method for claim 1, it is characterized in that, described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer and K application layer: electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
3. method as claimed in claim 1 or 2, by the system monitoring OBD equipment of monitor in real time OBD equipment behavior, this system includes: connect the vehicle-mounted OBD equipment of vehicle-mounted OBD interface, OBD interface increases a patchcord, it connects vehicle-mounted OBD equipment behavior data acquisition hardware, described vehicle-mounted OBD behavioral data acquisition hardware gathers the interaction data of vehicle-mounted OBD equipment and CAN, sends the data to data parsing terminal and resolves, and is shown resolving the behavioural information obtained.
4. method as claimed in claim 3, described vehicle-mounted OBD equipment behavior data acquisition hardware, including CAN circuit, K bus circuit, wireless transport module, vehicle-mounted OBD equipment behavior data acquisition hardware monitors vehicle-mounted OBD equipment by CAN or K line, when having data interaction, wireless transport module sends these data to data parsing terminal the behavioural information being shown OBD equipment corresponding to these data.
5. method as claimed in claim 4, it is characterised in that described data parsing terminal is mobile phone A PP end.
6. one kind identifies OBD equipment malicious act the device processed, it is characterised in that including:
Monitoring modular, the OBD data of the reaction action behavior in monitoring OBD device Diagnostic agreement;
These OBD data, when getting these OBD data, are stored by storage and notification module, and notify that this action behavior of user is about to perform;
Judge to perform module, user judge whether this action behavior can perform, if be judged as performing, the OBD data of storage are sent to vehicle execution; If be judged as performing, then remove the OBD data of storage.
7. identify OBD equipment malicious act the device processed as claimed in claim 7, it is characterized in that, described OBD data are at least one in the OBD data of the diagnosing protocol of the diagnosing protocol of CAN application layer and K application layer: electronic control unit resets (0x11), safety are entered (0x27), write data (0x2E) by identifier; Write internal memory (0x3D) by address, remove diagnostic message (0x14), remotely control (0x31).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610065787.9A CN105631323B (en) | 2016-01-29 | 2016-01-29 | The method and device for identifying OBD equipment malicious act and handling |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610065787.9A CN105631323B (en) | 2016-01-29 | 2016-01-29 | The method and device for identifying OBD equipment malicious act and handling |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105631323A true CN105631323A (en) | 2016-06-01 |
CN105631323B CN105631323B (en) | 2018-12-28 |
Family
ID=56046248
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610065787.9A Active CN105631323B (en) | 2016-01-29 | 2016-01-29 | The method and device for identifying OBD equipment malicious act and handling |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105631323B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107703907A (en) * | 2017-08-11 | 2018-02-16 | 中国汽车技术研究中心 | A kind of detecting system for engine emissions control system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101566851A (en) * | 2008-04-23 | 2009-10-28 | Spx公司 | Customizable initiation of data recordings |
CN104320295A (en) * | 2014-10-08 | 2015-01-28 | 清华大学 | CAN (Control Area Network) message anomaly detection method and system |
CN105279421A (en) * | 2014-06-19 | 2016-01-27 | 移威视信公司 | Information safety detection system and method based on car networking accessing OBD II |
-
2016
- 2016-01-29 CN CN201610065787.9A patent/CN105631323B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101566851A (en) * | 2008-04-23 | 2009-10-28 | Spx公司 | Customizable initiation of data recordings |
CN105279421A (en) * | 2014-06-19 | 2016-01-27 | 移威视信公司 | Information safety detection system and method based on car networking accessing OBD II |
CN104320295A (en) * | 2014-10-08 | 2015-01-28 | 清华大学 | CAN (Control Area Network) message anomaly detection method and system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107703907A (en) * | 2017-08-11 | 2018-02-16 | 中国汽车技术研究中心 | A kind of detecting system for engine emissions control system |
Also Published As
Publication number | Publication date |
---|---|
CN105631323B (en) | 2018-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108803580B (en) | Method for matching vehicle CAN protocol and related equipment | |
CN111208800B (en) | Automobile diagnosis method and device and vehicle communication interface | |
US11665018B2 (en) | OBD interface bus type detection method and apparatus | |
EP3559625B1 (en) | Device and method for managing an electric vehicle | |
CN112380045B (en) | Vehicle abnormality detection method, device, equipment and storage medium | |
CN112141122B (en) | Vehicle dormancy anomaly detection method, device, equipment and storage medium | |
CN104063912A (en) | Real-time vehicle operating monitoring system and method based on mobile terminal | |
CN106325231A (en) | Method and system for remote fault detection of vehicles on production line | |
US9189896B2 (en) | Method and system for vehicular data collection | |
CN103838231A (en) | Automobile intelligent management system and method based on mobile terminal and the mobile terminal | |
CN103312818A (en) | Vehicle diagnostic method and server | |
CN102880162A (en) | Automobile diagnostic method, system, diagnostic terminal and backstage server | |
CN104062970A (en) | Vehicle OBD data acquisition system and method based on Bluetooth | |
US9451028B2 (en) | Communication profile selection for vehicle telematics device | |
CN108227677A (en) | Vehicle-state monitors system and method | |
CN110995823B (en) | Vehicle-mounted terminal offline processing method, device, storage medium and device | |
CN104175819A (en) | TPMS (Tire Pressure Monitoring System) receiver, as well as system and method for realizing fault diagnosis of vehicle | |
CN102566566A (en) | Automatic automobile diagnosis method based on data processing unit (DPU) | |
CN114627572A (en) | Vehicle monitoring method, device, equipment and medium | |
CN105050153A (en) | Assistance request sending method and receiving method, server and vehicle-mounted terminal | |
CN109116830B (en) | Method and system for predicting fault | |
CN105631323A (en) | Method and device for identifying and processing malicious behaviors of OBD (On-Board Diagnostics) equipment | |
CN114415646B (en) | Remote vehicle diagnosis method, system and terminal equipment based on DoIP protocol | |
CN103970113A (en) | Tail gas exceeding short-message warning technology for vehicle-mounted diagnostic system (OBD) | |
CN204576251U (en) | A kind of real-time bus remote monitoring and fault feedback device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |