CN107454107A - A kind of controller LAN automobile bus alarm gateway for detecting injection attack - Google Patents

A kind of controller LAN automobile bus alarm gateway for detecting injection attack Download PDF

Info

Publication number
CN107454107A
CN107454107A CN201710837695.2A CN201710837695A CN107454107A CN 107454107 A CN107454107 A CN 107454107A CN 201710837695 A CN201710837695 A CN 201710837695A CN 107454107 A CN107454107 A CN 107454107A
Authority
CN
China
Prior art keywords
frame
data
ecu
time
alarm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710837695.2A
Other languages
Chinese (zh)
Other versions
CN107454107B (en
Inventor
谭劲
杨红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Jiliang University
Original Assignee
China Jiliang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Jiliang University filed Critical China Jiliang University
Priority to CN201710837695.2A priority Critical patent/CN107454107B/en
Publication of CN107454107A publication Critical patent/CN107454107A/en
Application granted granted Critical
Publication of CN107454107B publication Critical patent/CN107454107B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

Due to the how main feature of CAN (equipment of any access CAN can send message), injection attack can not be prevented, the invention discloses a kind of production method for the controller area network automobile bus alarm gateway for detecting injection attack, in the case where not changing the electronic control unit ECU hardware and softwares in CAN, by the software for only changing CAN gateway, the ID of data frame is sent using ECU in CAN agreement, respond the time of other ECU claim frames, cycle caused by the maximum and minimum value and data of data in itself determines whether that Dos is attacked, disguise oneself as attack and fuzzy attack etc. and send application in the injection attack of personation data, solve safety related technical problems present in existing CAN.

Description

A kind of controller LAN automobile bus alarm gateway for detecting injection attack
Technical field
The present invention relates to a kind of controller area network (Controller Area for detecting injection attack Networks) the production method of automobile bus alarm gateway, more particularly to do not changing the electronic control unit in CAN In the case of ECU (Electronic Control Unit) hardware and software, by only changing the software of CAN gateway, profit The ID of data frame, the time of the other ECU claim frames of response, data maximum in itself and most is sent with ECU in CAN agreement Cycle caused by small value and data determine whether Dos and pretend to be existing ECU or newly-increased ECU send personation the pouring-in of data attack The application hit.
Background technology
Controller area network was researched and developed by Bosch companies in 1985 earliest, was a vapour for building in-vehicle network Effective, reliable, quick serial transmission bus between in-car portion ECU, turned into international standard (ISO 11898) in 1993.
Most of automobile has two CANs, and one is high speed, and speed reaches 500kbps (reaching as high as 1M), main to pass The related data of defeated automobile transmission system unit under steam, such as engine, steering wheel, brake and gearbox;Another is Low speed, speed reaches 125kbps, is mainly used in transmitting the data of vehicle body unit, Source Music, car door lock, vehicle window control and temperature Spend data such as (air-conditionings);Two buses are connected by a gateway, its main function be carry out speeds match and with other buses Form conversion etc., as shown in Figure 1.
One maximum feature of CAN protocol is to have abolished traditional station address coding, but the message of transmission is compiled Code, the ECU quantity for accessing bus is not limited clearly, the identifier ID of message is by 11 (CAN 2.0A) or 29 (CAN 2.0B) binary number forms, and technical characteristics are as follows:
(1) there is no master/slave ECU in CAN, both do not indicate sending node address in the data frame of transmission, do not have yet Receiving node address is indicated, all nodes can send data and receive the ability that other nodes send data, that is to say, that hair Send ECU not know whom is issued, receive ECU and also do not know it is whose hair;
(2) when multiple nodes send data simultaneously, bus arbitration make it that there is lower value ID message, which to obtain bus, uses Power, retransmit during high value ID Messages-Waiting bus free;
(3) all other ECU can receive transmission ECU data simultaneously, and all ECU have filter capacity, limit System receives its unwanted data;
(4) CAN is serial and asynchronous that ECU in bus need not they synchronous clock;
(5) the data length scope in data frame is 0-8 bytes;
(6) there are four kinds of different frames, i.e. data frame, claim frame, erroneous frame and overload frame in CAN.Data frame is by ECU Data periodically are sent, the gap periods that different ECU send data are different, generally between 10-10000 milliseconds;Request Frame is used to ask the data (identical with data frame ID) that other ECU are sent, but data segment does not have content, and requested ECU needs The request is responded, CAN 2.0A data frames are shown in Fig. 2 with request frame format;Erroneous frame is sent when sending and receiving and running into mistake (sending and receiving ECU can send) is used to correct mistake, and overload frame is too fast for sending data, receives ECU and does not catch up with hair Sent during the speed sent;
(7) CAN does not have security component, it assumes that all ECU are ginsengs legal, credible and by them Number is set for work.
However, research and experiment show that vehicle easily becomes malice opponent (car stealer, voluntarily repacking, rival etc.) and broken Bad target, all easily by being attacked by the use of CAN as entrance, (attacker will can set all ECU of automotive interior It is standby that the equipment access CAN or original ECU of self reliant rebuilding replacing will be attacked by inline diagnosis interface OBD), most typical is exactly to note Enter formula attack, mainly comprising following three class:
(1) Denial of Service attack DoS (Denial of Service):Due to bus arbitration mechanism, low ID message will obtain always The line right to use, attacker, which does not stop paying out, send low ID (such as 00) message, all other normal ECU will be prevented to send message, automobile will not It can start;
(2) attack is disguised oneself as:Original ECU (message id is identical, removes original ECU) is disguised oneself as, is such as more started to obtain The vehicle refitting of acc power or speed just belongs to this kind of attack;
(3) attack is obscured:Randomly generate message id and be sent to CAN, its ID message is likely to be what is do not had in bus (ID identical with bus attack is analogous to impersonation attack), the purpose is to destroy automobile normal operation, (data are at sixes and sevens, no In normal range (NR)), it may seriously cause accident.
Due to the how main feature of CAN (equipment of any access CAN can send message), it is impossible to prevent note Enter formula attack, but this kind of attack can be detected, and and alarm.
The content of the invention
In order to solve above-mentioned technical problem present in existing CAN, the invention discloses one kind to detect pouring-in attack The production method of controller LAN (CAN) automobile bus alarm gateway hit, is not changing the Electronic Control list in CAN In the case of first ECU hardware and softwares, by changing the software of bus gateway, ID, the week of message (data) are sent according to each ECU Response time of phase, the maximum/minimum value of data and respond request frame etc. determines whether injection attack, and provides report in time It is alert.Concrete technical scheme is as follows:
A kind of production method for controller LAN (CAN) automobile bus alarm gateway for detecting injection attack, gateway Internal memory hold two forms:All ECU send the ID of message, week in Static and Dynamic Tables, wherein static table record CAN Phase T, the maximum Max minimum Ms in of data and the response time R of respond request frame, by the ascending sequences of ID;Dynamic marks Record time and the corresponding sound that time, numerical values recited and the claim frame that all data frames twice in CAN are sent are sent Time and the size of frame are answered, by by the ascending sequences of ID;It is characterized in that comprise the following steps:
(1) gateway circulation receives data frame or claim frame;
(2) if data frame, its ID is 1. detected first whether in static table, if not just alarm;2. detect it It is worth (Value) whether between maximum Max and minimum M in, if not just alarm;Otherwise type is searched in dynamic table For the ID of cycle data frame;If 3. not having claim frame before the data frame, explanation is that ECU oneself periodically sends out data, Field corresponding to current (Current) in the date of the data received for the second time and size deposit dynamic table, then compares number It is whether normal according to the cycle T sent, abnormal alarm;Otherwise replaced it with the reception time in current (Current) and size Before field corresponding to (Previous), turn (1) step, wait next (Next) data frame, so move in circles;If 4. should There is claim frame before data frame, illustrate there are other ECU request datas, move the time received and size deposit after receiving data frame ID and type are current (Current) corresponding field in request frame recording in state table, and whether normal, no if comparing response time R Normal Alarm, the record that ID and type in dynamic table are claim frame is otherwise deleted, turns (1) step;
(3) if claim frame, its ID is 1. detected first whether in static table, if not just alarm;2. in dynamic Newly-built ID and type are the record of claim frame in table, and before request time is inserted in field corresponding to (Previous) when Between field (size 0), turn (1) step.
Further, during 2. step (2) the walks, if dynamic table does not have the ID that type is cycle data frame, newly-built cycle Data frame, first time data receiver to date and size deposit dynamic table in before field corresponding to (Previous).
Brief description of the drawings
Fig. 1 is general CAN structure charts.
Fig. 2 is data frame, request frame assumption diagram.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings.
Due to there is the gateway of a speeds match in each CAN, all message in CAN can be monitored, Its software function is changed, it is determined whether injection attack.
(1) two form
In the internal memory of gateway, two forms are maintained, one is static table, and one is dynamic table.
Static table:All ECU send the ID, cycle T, the maximum Max of data of message in charting CAN Minimum M in and respond request frame response time R, this table press the ascending sequences of ID, as shown in table 1:
ECU ID T Max Min R
ECU1 ID1 T1 Max1 Min1 R1
ECU2 ID2 T2 Max2 Min2 R2
…… …… …… …… …… ……
ECUN IDN TN MaxN MinN RN
Table 1
In the table of table 1, first 4 i.e. ID, T, Max and Min are the intrinsic parameters of each ECU, it is easy in vehicle production When obtain, request response time R is obtained after needing vehicle launch, and the method for acquisition is:
It is ID that gateway sends request message to CANiClaim frame, and time when recording request, then wait tool There is message idiECU responsive data frames, wait-for-response time Ri;The data frame ID received after claim frame, which is equal to, receives IDiWhen Between with sending time difference of claim frame be exactly accurate response time Ri
Ri=receive data frame IDiWhen m- send request data IDiTime (1)
Table 1 in gateway can detect DoS attack and obscure portions attack (message id not having in bus), gateway All data frames and claim frame in CAN are monitored, are DoS attack or portion certainly if its ID is not in the table where table 1 Divide fuzzy attack.
Dynamic table:The table records time, numerical values recited and the claim frame that all data frames twice in CAN are sent The time sent and time and the size of corresponding response frame, by by the ascending sequences of ID, as shown in table 2.
Table 2
In table 2, type is recorded as ECU for " cycle data frame "2The data oneself periodically sent out, cycle are table T in 12, all ECU (including gateway) can receive the data, as long as data value value1 and Value2 are in Min2、Max2 Between, belong to normal data;If data are normal, when receiving next (Next) data frame, with Current value (when Between and size) replace Previous value, Current value is replaced with Next value, is so moved in circles.Type is " request The record first half of frame " (italic+underscore) is that other ECU ask ECU2Claim frame (may not have, it is also possible to have more Bar, one is only listed for the sake of simplicity), its value is 0, request time rt2> rt1;Its latter half is ECU2Respond the request Data, its response time rt3< rt1T in+table 12As long as value3 is in Min for its value2、Max2Between, belong to normal data; If data are normal, the data item is deleted.
Table 2 in gateway can detect part impersonation attack and obscure portions attack, as long as the week of " cycle data frame " The size (data of the frame containing respond request) of phase error (increase reduces) or data is not in Min2、Max2Between, directly alarm.
Remaining a kind of fuzzy attack of attack category, its message id belong to CAN, and its value is also between Min, Max, but be worth not It is exact value.This kind of attack can detect from the response time parameter in table 1, that is, the rt in table 23-rt2Whether it is equal to R2, there is attack to need to alarm not equal to explanation.
1st, gateway software is changed by the content of the invention;
2nd, the message id of each ECU on car is obtained in vehicle release, produce cycle T, maximum/minimum value Max/Min and Response time R;If the newly-increased ECU of increase changes old ECU, it is necessary to which (factory or 4S shops) obtains more in security context Change several parameters above ECU;
3rd, injection attack is detected by following algorithm:
(1) gateway circulation receives data frame or claim frame;
(2) if data frame, its ID is 1. detected first whether in table 1, if not just alarm;2. detect its value Whether Value is between Max and Min, if not just alarm;Otherwise the ID that type is " cycle data frame " is searched in table 2 (without just it is newly-built, first time data receiver to date and size deposit table 2 in field corresponding to Previous);If 3. should There is no claim frame before data frame, explanation is that ECU oneself periodically sends out data, the date of the data received for the second time and Field corresponding to Current in size deposit table 2, whether normal, abnormal alarm if then comparing the cycle T that data are sent;It is no Then use the reception time in Current and size to replace field corresponding to Previous, turn (1) step, wait Next next Data frame, so move in circles;If 4. having claim frame before the data frame, illustrate there are other ECU request datas, receive data By ID in the time received and size deposit table 2 and type it is the Current corresponding fields in " claim frame " record after frame, compares Whether response time R is normal, abnormal alarm, otherwise deletes ID in table 2 and type records for " claim frame ", turn (1) step;
(3) if claim frame, its ID is 1. detected first whether in table 1, if not just alarm;It is 2. new in table 2 The record that ID and type are " claim frame ", and the time field (size 0) that request time is inserted in Previous are built, turns the (1) step.

Claims (2)

1. a kind of production method for controller LAN (CAN) automobile bus alarm gateway for detecting injection attack, gateway Internal memory holds two forms:All ECU send the ID of message, cycle in Static and Dynamic Tables, wherein static table record CAN T, the maximum Max minimum Ms in of the data and response time R of respond request frame, by the ascending sequences of ID;Dynamic table records Time and the corresponding response that time, numerical values recited and the claim frame that all data frames twice in CAN are sent are sent The time of frame and size, by by the ascending sequences of ID;It is characterized in that comprise the following steps:
(1) gateway circulation receives data frame or claim frame;
(2) if data frame, its ID is 1. detected first whether in static table, if not just alarm;2. detect its value (Value) whether between maximum Max and minimum M in, if not just alarm;Otherwise type is searched in dynamic table is The ID of cycle data frame;If 3. not having claim frame before the data frame, explanation is that ECU oneself periodically sends out data, the Secondary reception to data date and size deposit dynamic table in field corresponding to current (Current), then compare data Whether the cycle T sent is normal, abnormal alarm;Otherwise before being replaced it with the reception time in current (Current) and size (Previous) field corresponding to, turn (1) step, wait next (Next) data frame, so move in circles;If 4. number According to having claim frame before frame, illustrate there are other ECU request datas, be stored in the time received and size dynamically after receiving data frame ID and type are current (Current) corresponding field in request frame recording in table, and whether normal, not just if comparing response time R Often alarm, the record that ID and type in dynamic table are claim frame is otherwise deleted, turns (1) step;
(3) if claim frame, its ID is 1. detected first whether in static table, if not just alarm;2. in dynamic table Newly-built ID and type are the record of claim frame, and the time word before request time is inserted in field corresponding to (Previous) Section (size 0), turn (1) step.
2. the production of controller LAN (CAN) automobile bus alarm gateway of detection injection attack as claimed in claim 1 Generation method, it is characterised in that:2. step (2) the walks in, if dynamic table does not have the ID that type is cycle data frame, newly-built cycle Data frame, first time data receiver to date and size deposit dynamic table in before field corresponding to (Previous).
CN201710837695.2A 2017-09-15 2017-09-15 Controller local area network automobile bus alarm gateway for detecting injection type attack Expired - Fee Related CN107454107B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710837695.2A CN107454107B (en) 2017-09-15 2017-09-15 Controller local area network automobile bus alarm gateway for detecting injection type attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710837695.2A CN107454107B (en) 2017-09-15 2017-09-15 Controller local area network automobile bus alarm gateway for detecting injection type attack

Publications (2)

Publication Number Publication Date
CN107454107A true CN107454107A (en) 2017-12-08
CN107454107B CN107454107B (en) 2020-11-06

Family

ID=60496654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710837695.2A Expired - Fee Related CN107454107B (en) 2017-09-15 2017-09-15 Controller local area network automobile bus alarm gateway for detecting injection type attack

Country Status (1)

Country Link
CN (1) CN107454107B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108790822A (en) * 2018-06-14 2018-11-13 苏州途驰安电子科技有限公司 Vehicle speed data acquisition methods based on listening mode and device
CN109257261A (en) * 2018-10-17 2019-01-22 南京汽车集团有限公司 Anti- personation node attack method based on CAN bus signal physical features
CN110098990A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Safety protecting method, device, equipment and the storage medium of controller LAN
JP2019194831A (en) * 2018-03-30 2019-11-07 エーオー カスペルスキー ラボAO Kaspersky Lab System and method of blocking computer attack on transportation means
CN111030962A (en) * 2018-10-09 2020-04-17 厦门雅迅网络股份有限公司 Vehicle-mounted network intrusion detection method and computer-readable storage medium
CN111147437A (en) * 2018-11-06 2020-05-12 李尔公司 Attributing bus disconnect attacks based on erroneous frames
CN111147448A (en) * 2019-12-06 2020-05-12 中科曙光(南京)计算技术有限公司 CAN bus flood attack defense system and method
CN111371777A (en) * 2020-02-28 2020-07-03 北京天融信网络安全技术有限公司 Attack detection method, device, detector and storage medium for vehicle network
CN111596570A (en) * 2020-05-26 2020-08-28 陈媛芳 Vehicle CAN bus simulation and attack system and method
CN112583786A (en) * 2019-09-30 2021-03-30 英飞凌科技股份有限公司 Method for alarming, transmitter device and receiver device
CN113467332A (en) * 2021-07-28 2021-10-01 南京市初仁智能科技有限公司 Design method of event trigger controller of information physical system under denial of service attack
CN114422181A (en) * 2021-12-11 2022-04-29 浙江吉利控股集团有限公司 Vehicle data message safety communication method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301177A (en) * 2014-10-08 2015-01-21 清华大学 CAN message abnormality detection method and system
CN104320295A (en) * 2014-10-08 2015-01-28 清华大学 CAN (Control Area Network) message anomaly detection method and system
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
US20160173513A1 (en) * 2014-12-10 2016-06-16 Battelle Energy Alliance, Llc. Apparatuses and methods for security in broadcast serial buses
CN106878130A (en) * 2017-03-14 2017-06-20 成都雅骏新能源汽车科技股份有限公司 A kind of electric automobile CAN network method for detecting abnormality and device
US10320836B2 (en) * 2017-01-03 2019-06-11 Karamba Security Ltd. Automotive ECU controller and data network having security features for protection from malware transmission

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301177A (en) * 2014-10-08 2015-01-21 清华大学 CAN message abnormality detection method and system
CN104320295A (en) * 2014-10-08 2015-01-28 清华大学 CAN (Control Area Network) message anomaly detection method and system
US20160173513A1 (en) * 2014-12-10 2016-06-16 Battelle Energy Alliance, Llc. Apparatuses and methods for security in broadcast serial buses
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
US10320836B2 (en) * 2017-01-03 2019-06-11 Karamba Security Ltd. Automotive ECU controller and data network having security features for protection from malware transmission
CN106878130A (en) * 2017-03-14 2017-06-20 成都雅骏新能源汽车科技股份有限公司 A kind of electric automobile CAN network method for detecting abnormality and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MIRCO MARCHETTI ET AL: "Anomaly detection of CAN bus messages through analysis of ID sequences", 《2017 IEEE INTELLIGENT VEHICLES SYMPOSIUM (IV)》 *
张子键等: "一种应用于CAN总线的异常检测系统", 《信息安全与通信保密》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019194831A (en) * 2018-03-30 2019-11-07 エーオー カスペルスキー ラボAO Kaspersky Lab System and method of blocking computer attack on transportation means
CN108790822A (en) * 2018-06-14 2018-11-13 苏州途驰安电子科技有限公司 Vehicle speed data acquisition methods based on listening mode and device
CN108790822B (en) * 2018-06-14 2021-05-25 苏州途驰安电子科技有限公司 Vehicle speed data acquisition method and device based on monitoring mode
CN111030962A (en) * 2018-10-09 2020-04-17 厦门雅迅网络股份有限公司 Vehicle-mounted network intrusion detection method and computer-readable storage medium
CN111030962B (en) * 2018-10-09 2023-03-24 厦门雅迅网络股份有限公司 Vehicle-mounted network intrusion detection method and computer-readable storage medium
CN109257261A (en) * 2018-10-17 2019-01-22 南京汽车集团有限公司 Anti- personation node attack method based on CAN bus signal physical features
CN111147437A (en) * 2018-11-06 2020-05-12 李尔公司 Attributing bus disconnect attacks based on erroneous frames
CN110098990A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Safety protecting method, device, equipment and the storage medium of controller LAN
CN112583786A (en) * 2019-09-30 2021-03-30 英飞凌科技股份有限公司 Method for alarming, transmitter device and receiver device
CN112583786B (en) * 2019-09-30 2022-12-02 英飞凌科技股份有限公司 Method for alarming, transmitter device and receiver device
CN111147448B (en) * 2019-12-06 2022-06-07 中科曙光(南京)计算技术有限公司 CAN bus flood attack defense system and method
CN111147448A (en) * 2019-12-06 2020-05-12 中科曙光(南京)计算技术有限公司 CAN bus flood attack defense system and method
CN111371777A (en) * 2020-02-28 2020-07-03 北京天融信网络安全技术有限公司 Attack detection method, device, detector and storage medium for vehicle network
CN111596570A (en) * 2020-05-26 2020-08-28 陈媛芳 Vehicle CAN bus simulation and attack system and method
CN111596570B (en) * 2020-05-26 2023-09-12 杭州电子科技大学 Vehicle CAN bus simulation and attack system and method
CN113467332B (en) * 2021-07-28 2022-05-20 南京市初仁智能科技有限公司 Design method of event trigger controller of information physical system under denial of service attack
CN113467332A (en) * 2021-07-28 2021-10-01 南京市初仁智能科技有限公司 Design method of event trigger controller of information physical system under denial of service attack
CN114422181A (en) * 2021-12-11 2022-04-29 浙江吉利控股集团有限公司 Vehicle data message safety communication method

Also Published As

Publication number Publication date
CN107454107B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
CN107454107A (en) A kind of controller LAN automobile bus alarm gateway for detecting injection attack
US10951631B2 (en) In-vehicle network system, fraud-detection electronic control unit, and fraud-detection method
CN110226310B (en) Electronic control device, fraud detection server, in-vehicle network system, in-vehicle network monitoring system, and method
EP3319275B1 (en) Method for monitoring data traffic in a motor-vehicle network
US10454957B2 (en) Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
CN110505134B (en) Internet of vehicles CAN bus data detection method and device
US9477843B2 (en) Inhibiting access to sensitive vehicle diagnostic data
CN111147448B (en) CAN bus flood attack defense system and method
US20220294638A1 (en) Method for monitoring a network
JP2019008618A (en) Information processing apparatus, information processing method, and program
JP6497656B2 (en) COMMUNICATION METHOD AND COMMUNICATION DEVICE USING THE SAME
CN107770176B (en) SAE-J1939 automobile bus node authentication ECU (electronic control unit) generation method
KR20200021297A (en) System and method for detecting abnormal can data
CN109910903B (en) Safety detection method of vehicle network interconnection equipment based on driving safety envelope
US20230327956A1 (en) Network configuration estimation apparatus, network configuration estimation method and program
CN117544410A (en) Determination method of CAN bus attack type, processor and computer equipment
CN109005147A (en) The method for protecting vehicle network for avoiding the data being manipulated from transmitting
US20200036738A1 (en) Method and device for detecting anomalies in a computer network
JP2020145547A (en) Unauthorized transmission data detection device
Hafeez A robust, reliable and deployable framework for in-vehicle security
WO2021229694A1 (en) Attack detection device, attack detection method, and program
JP7151931B2 (en) RELAY DEVICE, COMMUNICATION NETWORK SYSTEM AND COMMUNICATION CONTROL METHOD
CN114567456A (en) Method for checking messages in a communication system
CN110177032B (en) Message routing quality monitoring method and gateway controller
CN109462607B (en) Method for implementing safe UDS diagnosis on CAN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201106

CF01 Termination of patent right due to non-payment of annual fee