CN108965267A - network attack processing method, device and vehicle - Google Patents
network attack processing method, device and vehicle Download PDFInfo
- Publication number
- CN108965267A CN108965267A CN201810690119.4A CN201810690119A CN108965267A CN 108965267 A CN108965267 A CN 108965267A CN 201810690119 A CN201810690119 A CN 201810690119A CN 108965267 A CN108965267 A CN 108965267A
- Authority
- CN
- China
- Prior art keywords
- network data
- target
- aggressive
- target network
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 55
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000004458 analytical method Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 description 8
- 238000001514 detection method Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000001914 filtration Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005183 dynamical system Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000002224 dissection Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present disclosure discloses a kind of network attack processing method, device and vehicles, this method comprises: obtaining the target network data for passing through vehicle device;According to the characteristic information of the aggressive network data of acquisition, judge whether the target network data are aggressive network data;If it is determined that the target network data are aggressive network data, then target processing is carried out to the target network data.The network attack processing method provided by the disclosure can reduce vehicle by the probability of network attack, improve vehicle network safety.
Description
Technical field
This disclosure relates to vehicular field more particularly to a kind of network attack processing method, device and vehicle.
Background technique
With popularizing for vehicle, in order to allow user can be more convenient in vehicle use process, integrated function on vehicle
It is more and more abundant, for example, the broadcasting of intelligent driving, voice, intelligent navigation, air cleaning and communication exchanges etc..As vehicle is more next
More intelligent and net connectionization, the information exchange between information exchange and vehicle and external equipment between vehicle interior are more next
It is more frequent, for example, cloud passes through internet and vehicle device interaction, CAN (Controller Area Network, controller LAN
Network) gateway is interacted with vehicle device, user can control vehicle etc., the corresponding network security attacks for being directed to vehicle by mobile terminal
It can become more and more, for example, vehicle hacker can reach control vehicle by the attack to Can gateway and to the attack of instrument board
Information shows and controls the purpose of vehicle body dynamical system and braking system.Therefore, how to enhance vehicle network attack defending energy
Power becomes particularly significant to improve vehicle network safety.
Summary of the invention
The embodiment of the present disclosure provides a kind of network attack processing method, device and vehicle, anti-to enhance vehicle network attack
Imperial ability, improves vehicle network safety.
In a first aspect, present disclose provides a kind of network attack processing methods, this method comprises:
Obtain the target network data for passing through vehicle device;
According to the characteristic information of the aggressive network data of acquisition, judge whether the target network data are aggressive net
Network data;
If it is determined that the target network data are aggressive network data, then the target network data are carried out at target
Reason.
Optionally, the characteristic information of the aggressive network data according to acquisition judges that the target network data are
No is aggressive network data, comprising:
Protocol analysis is carried out to the target network data, obtains the format character information of the target network data;
Believed according to the format character of the format character information of the aggressive network data of acquisition and the target network data
Breath, judges whether the target network data are aggressive network data.
Optionally, the characteristic information of the aggressive network data according to acquisition judges that the target network data are
Before the no network data for aggressiveness, the method also includes;
The target network data are parsed, obtain the target information of the target network data, wherein the mesh
Mark information includes the source-information and/or purpose information of the target network data;
The characteristic information of the aggressive network data according to acquisition judges whether the target network data are attack
Property network data, comprising:
In the case where the target information meets default filter condition, according to the feature of the aggressive network data of acquisition
Information judges whether the target network data are aggressive network data.
Optionally, described if it is determined that the target network data are aggressive network data, then to the target network number
According to progress target processing, comprising:
If it is determined that the target network data are first kind aggressiveness network data, then modifying the target network data is
The network data of legal format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
Optionally, the target network data include the network number communicated between the vehicle device and the network node of in-vehicle network
According to what is communicated between the network data communicated and the vehicle device and external equipment between, the vehicle device and the network equipment of internet
At least one of in network data.
Optionally, the characteristic information according to aggressive network data judges whether the target network data are to attack
Before hitting property network data, the method also includes:
Receive the characteristic information for the aggressive network data that cloud server is sent;And/or
After determining the target network data for aggressive network data, the method also includes:
The target network data are reported to the cloud server.
Optionally, the method also includes:
If the corresponding loophole of target property information in the characteristic information of the aggressiveness network data has been repaired, delete
Except the target property information.
Second aspect, the disclosure also provide a kind of network attack processing unit, which includes:
Module is obtained, for obtaining the target network data for passing through vehicle device;
Judgment module judges the target network data for the characteristic information according to the aggressive network data of acquisition
It whether is aggressive network data;
Processing module is used for if it is determined that the target network data are aggressive network data, then to the target network
Data carry out target processing.
Optionally, the judgment module, comprising:
Resolution unit obtains the lattice of the target network data for carrying out protocol analysis to the target network data
Formula characteristic information;
Judging unit, for the format character information and the target network data according to the aggressive network data of acquisition
Format character information, judge whether the target network data are aggressive network data.
Optionally, described device further includes;
Parsing module judges the target network for the characteristic information of the aggressive network data according to acquisition
Before whether data are aggressive network data, the target network data are parsed, obtain the target network data
Target information, wherein the target information includes the source-information and/or purpose information of the target network data;
The judgment module is specifically used for:
In the case where the target information meets default filter condition, according to the feature of the aggressive network data of acquisition
Information judges whether the target network data are aggressive network data.
Optionally, the processing module is specifically used for:
If it is determined that the target network data are first kind aggressiveness network data, then modifying the target network data is
The network data of legal format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
Optionally, the target network data include the network number communicated between the vehicle device and the network node of in-vehicle network
According to what is communicated between the network data communicated and the vehicle device and external equipment between, the vehicle device and the network equipment of internet
At least one of in network data.
Optionally, described device further include:
Receiving module judges that the target network data are for the characteristic information according to aggressive network data
Before the no network data for aggressiveness, the characteristic information for the aggressive network data that cloud server is sent is received;And/or
Described device further include:
Reporting module, for after determining the target network data for aggressive network data, by the target network
Network data are reported to the cloud server.
Optionally, described device further include:
Removing module, if for the corresponding loophole of target property information in the characteristic information of the aggressive network data
It has been be repaired that, then delete the target property information.
The third aspect, the embodiment of the present disclosure also provide a kind of network attack processing unit, including processor, memory and deposit
The computer program that can be run on the memory and on the processor is stored up, the computer program is by the processor
The step of above-mentioned network attack processing method is realized when execution.
Fourth aspect, the embodiment of the present disclosure also provide a kind of computer readable storage medium, the computer-readable storage
Computer program is stored on medium, the computer program realizes above-mentioned network attack processing method when being executed by processor
The step of.
5th aspect, the embodiment of the present disclosure also provide a kind of vehicle, which includes above-mentioned network attack processing unit.
Characteristic information based on network attack data in the embodiment of the present disclosure, judgement are by the target network data of vehicle device
No is aggressive network data, and in the case where determining the target network data is aggressive network data, to the mesh
Mark network data is handled, and so as to reduce probability of the vehicle by network attack, improves vehicle network safety.
Detailed description of the invention
It, below will be to required in embodiment of the present disclosure description in order to illustrate more clearly of the technical solution of the embodiment of the present disclosure
Attached drawing to be used is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of the present disclosure,
For those of ordinary skill in the art, without any creative labor, it can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the flow chart for the network attack processing method that the embodiment of the present disclosure provides;
Fig. 2 is the flow chart for the network attack processing method that the another embodiment of the disclosure provides;
Fig. 3 is the schematic diagram for the network attack processing framework that the embodiment of the present disclosure provides;
Fig. 4 is the schematic diagram for the network attack processing framework that the another embodiment of the disclosure provides;
Fig. 5 is the structure chart for the network attack processing unit that the embodiment of the present disclosure provides;
Fig. 6 is the structure chart for the network attack processing unit that the another embodiment of the disclosure provides;
Fig. 7 is the structure chart for the network attack processing unit that the another embodiment of the disclosure provides.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present disclosure, the technical solution in the embodiment of the present disclosure is carried out clear, complete
Site preparation description, it is clear that described embodiment is disclosure a part of the embodiment, instead of all the embodiments.Based on this public affairs
Embodiment in opening, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example belongs to the range of disclosure protection.
The embodiment of the present disclosure provides a kind of network attack processing method.It is that the embodiment of the present disclosure provides referring to Fig. 1, Fig. 1
The flow chart of network attack processing method, as shown in Figure 1, comprising the following steps:
Step 101 obtains the target network data for passing through vehicle device.
In the embodiment of the present disclosure, above-mentioned vehicle device may include vehicle-mounted information and entertainment system (In-Vehicle
Infotainment, referred to as IVI).Above-mentioned target network data may include the arbitrary network data by vehicle device.
In some embodiments, the target network data include communicating between the vehicle device and the network node of in-vehicle network
Network data, the network data that is communicated between the vehicle device and the network equipment of internet and the vehicle device and external equipment it
Between in the network data that communicates at least one of.
In the embodiment of the present disclosure, the network node in above-mentioned in-vehicle network may include CAN (Controller Area
Network, controller local area network) gateway, instrument board etc..The network equipment in above-mentioned internet may include internet net
It closes.Said external equipment may include mobile terminal, for example, mobile phone, tablet computer (Tablet Personal Computer),
Laptop computer (Laptop Computer), personal digital assistant (Personal Digital Assistant, abbreviation PDA),
Mobile Internet access device (Mobile Internet Device, MID) or wearable device (Wearable Device) etc..
Step 102, the characteristic information according to the aggressive network data of acquisition, judge the target network data whether be
Aggressive network data.
In the embodiment of the present disclosure, the characteristic information of above-mentioned aggressiveness network data can be cloud server and be issued to vehicle device
In, be also possible to it is pre-stored in vehicle device, be also possible to external equipment import vehicle device in.
In practical application, the feature of aggressive network data can be obtained by analyzing aggressive network data
Information, for example, the format character information (such as field type, field length) of analytical attack network data, source-information are (such as
Source IP (Internet Protocol, network protocol) address), purpose information (e.g., purpose IP address, receive the network data
Application) and domain name etc. in it is one or more.
Specifically, can be parsed based on the characteristic information of aggressive network data to target network data, with judgement
Target network data whether there is the characteristic information to match with the characteristic information of aggressive network data.For example, when being based on attacking
When the characteristic information of hitting property network data includes that field length is illegal, the regulation of each field in target network data can parse
The physical length of length and each field can be with if the physical length and specific length of some or multiple fields mismatch
Determine the target network data for aggressive network data;Or when the characteristic information based on aggressive network data includes field
When type mismatches, the actual type of the stated type of each field and each field in target network data can parse, if
The actual type and stated type of some or multiple fields mismatch, then the target network data can be determined for aggressive net
Network data.
Step 103, if it is determined that the target network data are aggressive network data, then to the target network data into
The processing of row target.
In the step, in the case where determining target network data is aggressive network data, the mesh can be directly intercepted
Network data is marked, the target network data can also be modified, which can also be sent to and be used to handle attack
The server etc. of property network data.
The network attack processing method of the embodiment of the present disclosure, based on the characteristic information of network attack data, judgement passes through vehicle
Whether the target network data of machine are aggressive network data, and are determining the target network data for aggressive network data
In the case where, target network data are handled, so as to reduce probability of the vehicle by network attack, improve vehicle network
Safety.
Referring to fig. 2, Fig. 2 is the flow chart for the network attack processing method that the embodiment of the present disclosure provides.The embodiment of the present disclosure
Difference with a upper embodiment is essentially consisted in the characteristic information according to the aggressive network data of acquisition, judges the target network
Whether network data are that aggressive network data is further limited.During the disclosure is implemented, the aggressive net according to acquisition
The characteristic information of network data judges whether the target network data are aggressive network data, comprising: to the target network
Data carry out protocol analysis, obtain the format character information of the target network data;According to the aggressive network data of acquisition
Format character information and the target network data format character information, judge whether the target network data are attack
Property network data.
As shown in Fig. 2, the embodiment of the present disclosure provide network attack processing method the following steps are included:
Step 201 obtains the target network data for passing through vehicle device.
The step is with above-mentioned steps 101, and to avoid repeating, this will not be repeated here.
Step 202 carries out protocol analysis to the target network data, obtains the format character of the target network data
Information.
In the embodiment of the present disclosure, by carrying out protocol analysis to target network data, to obtain the lattice of target network data
Formula characteristic information, for example, field type, field length etc..
In some embodiments, multi-layer protocol parsing can be carried out to target network data, to obtain target network data
In the format character information of different agreement layers.For example, link layer protocol parsing first can be carried out to target network data, chain is obtained
The format character information of road layer protocol;Network layer protocol solution is carried out to the target network data after removing link layer protocol encapsulation again
Analysis, obtains the format character information of network layer protocol;The target network data after removing network layer protocol encapsulation are passed again
Defeated layer protocol parsing, and so on.
It should be noted that the embodiment of the present invention can be after the parsing of one layer protocol of every execution, according to aggressive network number
According to characteristic information, whether the target network data after judging protocol analysis are aggressive network data, are determining protocol analysis
In the case that target network data afterwards are aggressive network data, the protocol analysis of succeeding layer can be no longer executed;It can also be with
Target after completing all layers of protocol analysis, in the characteristic information according to aggressive network data, after judging protocol analysis
Whether network data is aggressive network data.
Step 203, according to the format character information of the aggressive network data of acquisition and the lattice of the target network data
Formula characteristic information judges whether the target network data are aggressive network data.
In the embodiment of the present disclosure, the characteristic information of above-mentioned aggressiveness network data includes that the format of aggressive network data is special
Reference breath, for example, field length is illegal, field type mismatches etc..
It, can be by the format character information of the target network data after protocol analysis and aggressive network data in the step
Format character information matched, to judge whether the target network data are aggressive network data.For example, aggressive net
The format character information of network data includes that field type mismatches, if there are some or multiple field types for target network data
It mismatches, then the target network data can be determined for aggressive network data.
Step 204, if it is determined that the target network data are aggressive network data, then to the target network data into
The processing of row target.
The step is with above-mentioned steps 103, and to avoid repeating, this will not be repeated here.
The network attack processing method that the embodiment of the present disclosure provides, by carrying out agreement solution to the target network data
Analysis obtains the format character information of the target network data, and is believed according to the format character of the aggressive network data of acquisition
The format character information of breath and the target network data, judges whether the target network data are aggressive network data,
The accuracy of network attack detection can be improved, improve vehicle network safety.
In some embodiments, the characteristic information of the aggressive network data according to acquisition, judges the target network
Before whether network data are aggressive network data, the method also includes;
The target network data are parsed, obtain the target information of the target network data, wherein the mesh
Mark information includes the source-information and/or purpose information of the target network data;
The characteristic information of the aggressive network data according to acquisition judges whether the target network data are attack
Property network data, comprising:
In the case where the target information meets default filter condition, according to the feature of the aggressive network data of acquisition
Information judges whether the target network data are aggressive network data.
In the embodiment of the present disclosure, above-mentioned source-information may include source IP addresses, and above-mentioned purpose information may include mesh
IP address, receive the network data application etc..Above-mentioned default filter condition is corresponding with above-mentioned target information, for example, working as mesh
When mark information is source IP addresses or purpose IP address, above-mentioned default filter condition can be the setting of the network attack based on history
One or more IP address;When target information is receiving network data in application, above-mentioned default filter condition can be base
In the one or more application that the network attack of history is arranged.
In actual conditions, some network attacks often derive from some specific IP address, or are sent to some specific
Application, therefore, can be gone out by the source-information and/or purpose information of network data with preliminary screening may be aggressive network
The network data of data.
Specifically, illustrating that current network data are likely in the case where the target information meets default filter condition
It is aggressive network data, can judges the mesh further according to the characteristic information of the aggressive network data of acquisition at this time
Mark whether network data is aggressive network data, to improve the accuracy of network attack detection.And it is unsatisfactory in target information
In the case where default filter condition, illustrate that current network data may not be very much aggressive network data greatly, it at this time can be according to
Old process handles the network data.
The embodiment of the present disclosure judges that target information meets due to the characteristic information of the aggressive network data according only to acquisition
Whether the network data of default filter condition is aggressive network data, can not only reduce the number of aggressive network data detection
Amount saves vehicle device power consumption, can also reduce because the detection of aggressive network data leads to the reduction of network data transmission efficiency.
It in some embodiments, can be in the case where the target information be unsatisfactory for default filter condition, according to acquisition
Aggressive network data characteristic information, judge whether the target network data are aggressive network data, in the mesh
It marks information to meet under default filter condition, determines that target network data are aggressive network data, and can be further to the mesh
The processing of network data performance objective is marked, so as to improve the efficiency of aggressive network data detection.
In some embodiments, the target processing includes abandoning the target network data or the modification target network
Data are the network data of legal format.
In the embodiment of the present disclosure, in the case where determining target network data is aggressive network data, can directly it lose
The target network data are abandoned, namely do not continue to forward the target network data;The target network data can also be carried out
Modification, makes the network data of its legal format, for example, it is matched that the unmatched field of field type is revised as field type
Field.
In some embodiments, described if it is determined that the target network data are aggressive network data, then to the mesh
It marks network data and carries out target processing, comprising:
If it is determined that the target network data are first kind aggressiveness network data, then modifying the target network data is
The network data of legal format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
In the embodiment of the present disclosure, above-mentioned first kind aggressiveness network data, which can refer to, to make CAR SERVICE processing
At the network data of influence, above-mentioned second class aggressiveness network data can be the net in addition to first kind aggressiveness network data
Network data.
Specifically, can judge heterogeneous networks respectively based on the format character information of different types of aggressive network data
Type belonging to data, for example, determining that target network data are to attack according to the characteristic information of first kind aggressiveness network data
In the case where hitting property network data, determines that target network data are first kind aggressiveness network data, attacked according to the second class
Property network data characteristic information determine target network data for aggressive network data in the case where, determine target network data
For the second class aggressiveness network data.
In actual conditions, exists between some network packets and other network packets and be associated with, if detecting such
Network data includes that may will affect normal business processing directly to abandon the network packet when aggressive network data.
Therefore, above-mentioned network packet can be revised as the network packet of legal format by the embodiment of the present disclosure, normal to guarantee
Business processing.And lesser network packet is influenced for business processing for some, it can directly abandon, to improve network number
According to treatment effeciency.
In some embodiments, the characteristic information according to aggressive network data judges the target network data
Before whether being aggressive network data, the method also includes:
Receive the characteristic information for the aggressive network data that cloud server is sent;And/or
After determining the target network data for aggressive network data, the method also includes:
The target network data are reported to the cloud server.
In the embodiment of the present disclosure, cloud server can issue aggressive network data in the request for receiving vehicle device
Characteristic information is also possible to actively push the characteristic information of aggressive network data to vehicle device.For example, cloud server can be with
The characteristic information of aggressive network data is pushed to vehicle device by the format of agreement, and is stored into the storage medium of vehicle device.
It in some embodiments, can also be by target network after determining target network data for aggressive network data
Network data are reported to cloud server, so that the aggressive network data that cloud server can be reported based on vehicle device, analyzes
The characteristic information of the aggressiveness network data, and it is handed down to vehicle device.
The characteristic information for the aggressive network data that the embodiment of the present disclosure is issued by reception cloud server, can make
Vehicle device can the more convenient characteristic information for efficiently updating aggressive network data.By will determine as aggressive network data
Network data be reported to cloud server, facilitate cloud server to analyze and update the characteristic information of aggressive network data.
In some embodiments, the method also includes: if it is described aggressiveness network data characteristic information in target
The corresponding loophole of characteristic information has been repaired, then deletes the target property information.
In the embodiment of the present disclosure, the characteristic information of above-mentioned aggressiveness network data may include multiple characteristic informations, each
Characteristic information can correspond to one or more loopholes.In practical application, when vehicle device each system upgrade often repair it is some
Know loophole, at this point, deleting the characteristic information that those corresponding loopholes have been repaired, can not only save memory space, it can be with
The characteristic information of excessive aggressive network data is avoided to reduce the efficiency of aggressive network data detection.
Network attack processing method provided in an embodiment of the present invention is illustrated below in conjunction with example:
Step a1, the network packet by vehicle-mounted information and entertainment system is obtained, wherein acquired network packet packet
Include the network data communicated between internet network equipment and interior web network equipment and vehicle-mounted information and entertainment system.
It in some embodiments, can be by Linux when the operating system of vehicle-mounted information and entertainment system is Linux
LSM (Linux Security Module, the Linux security module) frame of core obtains network data.Specifically, can customize
Network data extract with LSM module and register into LSM frame and obtain network packet.Further, it is also possible to pass through Netlink
Network packet is sent to data dissection process stream by the information exchange system of interface or other linux kernels and user's space
Journey, and can indicate network packet in which network equipment (such as source IP addresses), purpose IP address and domain name
It is one or more.
Step a2, protocol analysis is executed to acquired network packet, extracts source IP addresses, the purpose of network data
It is one or more in IP address and domain name, corresponding network interface device, specific content of network data packet etc..
Step a3, the characteristic information and above-mentioned steps a2 of the aggressive network data issued by cloud server parse
The data arrived judge whether acquired network packet is aggressive network data.
Step a4, the Network Packet Intercept that will be deemed as aggressive network data is got off, and is reported to cloud server.
Correspondingly, cloud server can be with the reception of beacons attack of agreement, and reports and give security incident administrator
Member.In addition, the characteristic information of aggressive network data can also be handed down to on-vehicle information with the format of agreement by cloud server
Entertainment systems, and store into vehicle device storage medium.Specifically, when needing to push the characteristic information of aggressive network data,
It can directly be pushed by cloud server to vehicle-mounted information and entertainment system.
In practical application, vehicle hacker controls the mode of vehicle mainly by the attack to Can gateway and to instrument board
Attack achieve the purpose that control information of vehicles show and control vehicle body dynamical system and braking system.It is remotely attacked if reached
It hits and the loophole applied using remote network communication in vehicle device is also needed to reach attack chain.Therefore, to Internet communication data and right
Be filtered by the data of Can gateway and instrument board be intercept attack a kind of means.
In addition, most of attack is all the loophole (i.e. Bug) not stringent using the format checking in program, pass through hand
The data package carrier triggering memory stack of dynamic construction or the spilling of heap, reach the purpose that arbitrary code executed and proposed power.Therefore,
The embodiment of the present disclosure, which is based on format character information, more can effectively carry out attack detecting.
Referring to Fig. 3, network packet is transmitted to the packet filtering of user's space by vehicle-mounted information and entertainment system inner nuclear layer 10
Protocol stack 20 parses the agreement of network packet layer by layer, every layer of data referencing is issued regulation engine 30, then passes through rule
Engine 30 does attack and determines (namely judging whether network packet is aggressive network data) and return to kernel after handling
Layer continues with.
Specific implementation principle may refer to Fig. 4, challenge model aggressive network packet and network packet for identification
Processing logic.Protocol identification module is used to receive the data packet after the parsing of upper-layer protocol identification module, again in parsing removing
Layer protocol encapsulation, then calling rule engine is given out a contract for a project to the challenge model processing for being concerned about the agreement.Controller is responsible for receiving cloud
The challenge model and protocol identification module that server issues, and challenge model is registered to regulation engine, by protocol identification module
It is registered to packet filtering protocol stack.Challenge model and protocol identification module can be issued by cloud server new at any time.Cloud clothes
The characteristic information of aggressive network data can be sent to corresponding challenge model by business device, and a challenge model can handle identical
The attack data of the different characteristic details of characteristic type, for example, certain several field length illegally causes, memory overflows or certain is several
Field type mismatch leads to type transforming mistakes etc..
Protocol identification module in packet filtering protocol stack is come in by controller registration, can with different levels parsing network packet
Agreement at all levels.The reference of data is transmitted to identification engine after the protocol analysis of different levels, identification engine is directed to
Different agreements calls the identification script in corresponding challenge model to identify data, if identifying is aggressive network data
It just gives processing engine and goes to quote the corresponding processing of processing script in corresponding challenge model, wherein processing mode can be with
Including packet discard or it is modified as the data packet of legal format.
Session management shown in Fig. 4 is the program module for carrying out source and destination for being responsible for network data packet, challenge model
It can specify the network packet of filtering particular source and purpose with protocol identification module.In addition, network packet does not need to sentence
Disconnected context logic, it is with conspicuous characteristics because the data packet of generally triggering loophole is all relatively simple direct.
In some embodiments, challenge model and protocol identification module can be the ELF (Executable based on Linux
Link format can be performed in and Linking Format) dynamic link library format, after server is compiled beyond the clouds, it is issued to
Vehicle device, vehicle device load these libraries ELF to system and are registered to regulation engine and packet filtering protocol stack.May include in each library ELF
Specifically executable scripting program code segment, is responsible for specific function, for example, identification protocol, identification attack and processing attack
Packet.This design method can guarantee the accurate interception of every kind of attack carrier with maximum flexibility, and maximize analysis efficiency, because
It is all largely the carrier of binary system situation for attack carrier, for example, multimedia file, OTA (Over-the-Air
Technology, over the air) upgrade package, various data flows etc., few texts.
In some embodiments, the library ELF of each challenge model can correspond to one or several loopholes, each protocol identification
The library ELF of module can correspond to a kind of protocol analysis an of level, so as to improve treatment effeciency, but can constantly accumulate
Become more.Known bugs can be repaired when next OTA system upgrade, these libraries ELF can be cleared up primary (for example, it is right to delete institute
The library ELF for answering loophole to be repaired), so not influencing vehicle device performance.
It is the structure chart for the network attack processing unit that the embodiment of the present disclosure provides referring to Fig. 5, Fig. 5.As shown in figure 5, net
Network attacks processing unit 500
Module 501 is obtained, for obtaining the target network data for passing through vehicle device;
Judgment module 502 judges the target network number for the characteristic information according to the aggressive network data of acquisition
According to whether being aggressive network data;
Processing module 503 is used for if it is determined that the target network data are aggressive network data, then to the target network
Network data carry out target processing.
In some embodiments, referring to Fig. 6, the characteristic information of the aggressiveness network data includes the aggressive network
The format character information of data;The judgment module 502, comprising:
Resolution unit 5021 obtains the target network data for carrying out protocol analysis to the target network data
Format character information;
Judging unit 5022, for according to the aggressive network data of acquisition format character information and the target network
The format character information of data judges whether the target network data are aggressive network data.
In some embodiments, described device further includes;
Parsing module judges the target network for the characteristic information of the aggressive network data according to acquisition
Before whether data are aggressive network data, the target network data are parsed, obtain the target network data
Target information, wherein the target information includes the source-information and/or purpose information of the target network data;
The judgment module is specifically used for:
In the case where the target information meets default filter condition, according to the feature of the aggressive network data of acquisition
Information judges whether the target network data are aggressive network data.
In some embodiments, the processing module is specifically used for:
If it is determined that the target network data are first kind aggressiveness network data, then modifying the target network data is
The network data of legal format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
In some embodiments, the target network data include communicating between the vehicle device and the network node of in-vehicle network
Network data, the network data that is communicated between the vehicle device and the network equipment of internet and the vehicle device and external equipment it
Between in the network data that communicates at least one of.
In some embodiments, described device further include:
Receiving module judges that the target network data are for the characteristic information according to aggressive network data
Before the no network data for aggressiveness, the characteristic information for the aggressive network data that cloud server is sent is received;And/or
Described device further include:
Reporting module, for after determining the target network data for aggressive network data, by the target network
Network data are reported to the cloud server.
In some embodiments, described device further include:
Removing module, if for the corresponding loophole of target property information in the characteristic information of the aggressive network data
It has been be repaired that, then delete the target property information.
Above-mentioned network attack processing unit 500 can be realized the network attack processing method of the embodiment of the method for Fig. 1 to Fig. 2
Each process, and reach identical effect be avoid repeating, which is not described herein again.
The network attack processing unit 500 of the embodiment of the present disclosure obtains module 501, for obtaining the target by vehicle device
Network data;Judgment module 502 judges the target network for the characteristic information according to the aggressive network data of acquisition
Whether data are aggressive network data;Processing module 503 is used for if it is determined that the target network data are aggressive network number
According to then carrying out target processing to the target network data, vehicle can be reduced by the probability of network attack, improve vehicle network
Safety
The embodiment of the present disclosure also provides a kind of network attack processing unit, including processor, memory and is stored in described
It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor
Each process of the network attack processing method of existing any of the above-described embodiment of the method, and identical technical effect can be reached, to keep away
Exempt to repeat, which is not described herein again.
The embodiment of the present disclosure also provides a kind of computer readable storage medium, stores on the computer readable storage medium
There is computer program, the computer program realizes each mistake of above-mentioned network attack processing method when being executed by processor
Journey, and identical technical effect can be reached, to avoid repeating, which is not described herein again.Wherein, the computer-readable storage medium
Matter, such as read-only memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access
Memory, abbreviation RAM), magnetic or disk etc..
It is the structure chart of the another network attack processing unit for implementing to provide of the disclosure referring to Fig. 7, Fig. 7, as shown in fig. 7,
Network attack processing unit 700 includes: processor 701, memory 702 and is stored on the memory 702 and can be described
The computer program run on processor, the various components in network attack processing unit 700 are coupled in by bus interface 703
Together, following steps are realized when the computer program is executed by the processor 701:
Obtain the target network data for passing through vehicle device;
According to the characteristic information of the aggressive network data of acquisition, judge whether the target network data are aggressive net
Network data;
If it is determined that the target network data are aggressive network data, then the target network data are carried out at target
Reason.
Optionally, the characteristic information of the aggressive network data includes the format character letter of the aggressive network data
Breath;
The computer program is also used to when being executed by the processor 701:
Protocol analysis is carried out to the target network data, obtains the format character information of the target network data;
Believed according to the format character of the format character information of the aggressive network data of acquisition and the target network data
Breath, judges whether the target network data are aggressive network data.
Optionally, it is also used to when the computer program is executed by the processor 701:
The characteristic information of the aggressive network data according to acquisition judges whether the target network data are attack
Before property network datas, the target network data are parsed, the target information of the target network data is obtained,
In, the target information includes the source-information and/or purpose information of the target network data;
In the case where the target information meets default filter condition, according to the feature of the aggressive network data of acquisition
Information judges whether the target network data are aggressive network data.
Optionally, it is also used to when the computer program is executed by the processor 701:
If it is determined that the target network data are first kind aggressiveness network data, then modifying the target network data is
The network data of legal format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
Optionally, the target network data include the network number communicated between the vehicle device and the network node of in-vehicle network
According to what is communicated between the network data communicated and the vehicle device and external equipment between, the vehicle device and the network equipment of internet
At least one of in network data.
Optionally, it is also used to when the computer program is executed by the processor 701:
The characteristic information according to aggressive network data judges whether the target network data are aggressive network
Before data, the characteristic information for the aggressive network data that cloud server is sent is received;And/or
After determining the target network data for aggressive network data, the target network data are reported to institute
State cloud server.
Optionally, it is also used to when the computer program is executed by the processor 701:
If the corresponding loophole of target property information in the characteristic information of the aggressiveness network data has been repaired, delete
Except the target property information.
The embodiment of the present disclosure also provides a kind of vehicle, including above-mentioned network attack processing unit, wherein the network attack
Each process that the network attack processing unit of any of the above-described embodiment is realized may be implemented in processing unit, and can reach identical
Technical effect, to avoid repeating, which is not described herein again.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present disclosure.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In embodiment provided herein, it should be understood that disclosed device and method can pass through others
Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of device or unit
It connects, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of unit therein can be selected to realize embodiment of the present disclosure scheme according to the actual needs
Purpose.
It, can also be in addition, each functional unit in each embodiment of the disclosure can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the disclosure is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) execute each embodiment the method for the disclosure all or part of the steps.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, ROM, RAM, magnetic or disk etc. are various can store program code
Medium.
The above, the only specific embodiment of the disclosure, but the protection scope of the disclosure is not limited thereto, it is any
Those familiar with the art can easily think of the change or the replacement in the technical scope that the disclosure discloses, and should all contain
It covers within the protection scope of the disclosure.Therefore, the protection scope of the disclosure should be subject to the protection scope in claims.
Claims (13)
1. a kind of network attack processing method, which is characterized in that the described method includes:
Obtain the target network data for passing through vehicle device;
According to the characteristic information of the aggressive network data of acquisition, judge whether the target network data are aggressive network number
According to;
If it is determined that the target network data are aggressive network data, then target processing is carried out to the target network data.
2. the method according to claim 1, wherein the characteristic information of the aggressiveness network data includes described
The format character information of aggressive network data;
The characteristic information of the aggressive network data according to acquisition judges whether the target network data are aggressive net
Network data, comprising:
Protocol analysis is carried out to the target network data, obtains the format character information of the target network data;
According to the format character information of the format character information of the aggressive network data of acquisition and the target network data, sentence
Whether the target network data of breaking are aggressive network data.
3. the method according to claim 1, wherein the feature of the aggressive network data according to acquisition is believed
Breath, before judging whether the target network data are aggressive network data, the method also includes;
The target network data are parsed, the target information of the target network data is obtained, wherein the target letter
Breath includes the source-information and/or purpose information of the target network data;
The characteristic information of the aggressive network data according to acquisition judges whether the target network data are aggressive net
Network data, comprising:
In the case where the target information meets default filter condition, believed according to the feature of the aggressive network data of acquisition
Breath, judges whether the target network data are aggressive network data.
4. the method according to claim 1, wherein described if it is determined that the target network data are aggressive net
Network data then carry out target processing to the target network data, comprising:
If it is determined that the target network data are first kind aggressiveness network data, then it is legal for modifying the target network data
The network data of format;
If it is determined that the target network data are the second class aggressiveness network data, then the target network data are abandoned.
5. method according to claim 1 to 4, which is characterized in that the target network data include described
It is communicated between network data, the vehicle device and the network equipment of internet communicated between vehicle device and the network node of in-vehicle network
At least one of in the network data communicated between network data and the vehicle device and external equipment.
6. method according to claim 1 to 4, which is characterized in that
The characteristic information according to aggressive network data judges whether the target network data are aggressive network data
Before, the method also includes:
Receive the characteristic information for the aggressive network data that cloud server is sent;And/or
After determining the target network data for aggressive network data, the method also includes:
The target network data are reported to the cloud server.
7. method according to claim 1 to 4, which is characterized in that the method also includes:
If the corresponding loophole of target property information in the characteristic information of the aggressiveness network data has been repaired, institute is deleted
State target property information.
8. a kind of network attack processing unit, which is characterized in that described device includes:
Module is obtained, for obtaining the target network data for passing through vehicle device;
Whether judgment module judges the target network data for the characteristic information according to the aggressive network data of acquisition
For aggressive network data;
Processing module is used for if it is determined that the target network data are aggressive network data, then to the target network data
Carry out target processing.
9. device according to claim 8, which is characterized in that the characteristic information of the aggressiveness network data includes described
The format character information of aggressive network data;The judgment module, comprising:
Resolution unit, for carrying out protocol analysis to the target network data, the format for obtaining the target network data is special
Reference breath;
Judging unit, for according to the format character information of the aggressive network data of acquisition and the lattice of the target network data
Formula characteristic information judges whether the target network data are aggressive network data.
10. device according to claim 8, which is characterized in that described device further includes;
Parsing module judges the target network data for the characteristic information of the aggressive network data according to acquisition
Before whether being aggressive network data, the target network data are parsed, obtain the mesh of the target network data
Mark information, wherein the target information includes the source-information and/or purpose information of the target network data;
The judgment module is specifically used for:
In the case where the target information meets default filter condition, believed according to the feature of the aggressive network data of acquisition
Breath, judges whether the target network data are aggressive network data.
11. a kind of network attack processing unit, which is characterized in that including processor, memory and be stored on the memory
And the computer program that can be run on the processor, such as right is realized when the computer program is executed by the processor
It is required that described in any one of 1 to 7 the step of network attack processing method.
12. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the network attack processing as described in any one of claims 1 to 7 when the computer program is executed by processor
The step of method.
13. a kind of vehicle, which is characterized in that including network attack processing unit described in any one of claim 8 to 10, or
Network attack processing unit described in person's claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810690119.4A CN108965267B (en) | 2018-06-28 | 2018-06-28 | Network attack processing method and device and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810690119.4A CN108965267B (en) | 2018-06-28 | 2018-06-28 | Network attack processing method and device and vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108965267A true CN108965267A (en) | 2018-12-07 |
| CN108965267B CN108965267B (en) | 2021-04-02 |
Family
ID=64487730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810690119.4A Active CN108965267B (en) | 2018-06-28 | 2018-06-28 | Network attack processing method and device and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108965267B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110460573A (en) * | 2019-07-08 | 2019-11-15 | 上海赫千电子科技有限公司 | One kind being applied to automobile ECU safety upgrade management system and method |
| CN111181967A (en) * | 2019-12-30 | 2020-05-19 | 奇安信科技集团股份有限公司 | Data stream identification method and device, electronic equipment and medium |
| CN111327587A (en) * | 2018-12-17 | 2020-06-23 | 罗伯特·博世有限公司 | Method and device for operating a communication network |
| CN111565202A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Intranet vulnerability attack defense method and related device |
| CN111669303A (en) * | 2020-06-08 | 2020-09-15 | 湖北阿桑奇汽车电子科技有限公司 | FOTA safety application process |
| CN113904864A (en) * | 2018-12-28 | 2022-01-07 | 阿波罗智联(北京)科技有限公司 | Method and device for analyzing message |
| WO2022047617A1 (en) * | 2020-09-01 | 2022-03-10 | 华为技术有限公司 | Method and system for improving vehicle security |
| CN115883226A (en) * | 2022-12-07 | 2023-03-31 | 中国第一汽车股份有限公司 | Vehicle network attack analysis method, device, equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136813A1 (en) * | 2005-12-08 | 2007-06-14 | Hsing-Kuo Wong | Method for eliminating invalid intrusion alerts |
| CN101945109A (en) * | 2010-09-16 | 2011-01-12 | 电子科技大学 | Method for carrying out path recording and source tracing on signaling No.7 network transmitting process |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN105208040A (en) * | 2015-10-12 | 2015-12-30 | 北京神州绿盟信息安全科技股份有限公司 | Network attack detection method and device |
| CN107579995A (en) * | 2017-09-30 | 2018-01-12 | 北京奇虎科技有限公司 | The network protection method and device of onboard system |
| CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
| CN107835149A (en) * | 2017-09-13 | 2018-03-23 | 杭州安恒信息技术有限公司 | Network based on DNS flow analyses is stolen secret information behavioral value method and device |
| CN108011917A (en) * | 2017-09-29 | 2018-05-08 | 北京车和家信息技术有限公司 | The method, apparatus and system of data sharing |
| CN108200042A (en) * | 2017-12-28 | 2018-06-22 | 北京奇虎科技有限公司 | A kind of detection method of vehicle safety and vehicle safety management platform |
-
2018
- 2018-06-28 CN CN201810690119.4A patent/CN108965267B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136813A1 (en) * | 2005-12-08 | 2007-06-14 | Hsing-Kuo Wong | Method for eliminating invalid intrusion alerts |
| CN101945109A (en) * | 2010-09-16 | 2011-01-12 | 电子科技大学 | Method for carrying out path recording and source tracing on signaling No.7 network transmitting process |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN105208040A (en) * | 2015-10-12 | 2015-12-30 | 北京神州绿盟信息安全科技股份有限公司 | Network attack detection method and device |
| CN107835149A (en) * | 2017-09-13 | 2018-03-23 | 杭州安恒信息技术有限公司 | Network based on DNS flow analyses is stolen secret information behavioral value method and device |
| CN108011917A (en) * | 2017-09-29 | 2018-05-08 | 北京车和家信息技术有限公司 | The method, apparatus and system of data sharing |
| CN107579995A (en) * | 2017-09-30 | 2018-01-12 | 北京奇虎科技有限公司 | The network protection method and device of onboard system |
| CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
| CN108200042A (en) * | 2017-12-28 | 2018-06-22 | 北京奇虎科技有限公司 | A kind of detection method of vehicle safety and vehicle safety management platform |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111327587A (en) * | 2018-12-17 | 2020-06-23 | 罗伯特·博世有限公司 | Method and device for operating a communication network |
| CN113904864A (en) * | 2018-12-28 | 2022-01-07 | 阿波罗智联(北京)科技有限公司 | Method and device for analyzing message |
| CN113992391A (en) * | 2018-12-28 | 2022-01-28 | 阿波罗智联(北京)科技有限公司 | Method and device for analyzing message |
| CN113992391B (en) * | 2018-12-28 | 2023-12-29 | 阿波罗智联(北京)科技有限公司 | Method and device for analyzing message |
| CN110460573A (en) * | 2019-07-08 | 2019-11-15 | 上海赫千电子科技有限公司 | One kind being applied to automobile ECU safety upgrade management system and method |
| CN111181967A (en) * | 2019-12-30 | 2020-05-19 | 奇安信科技集团股份有限公司 | Data stream identification method and device, electronic equipment and medium |
| CN111669303A (en) * | 2020-06-08 | 2020-09-15 | 湖北阿桑奇汽车电子科技有限公司 | FOTA safety application process |
| CN111565202A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Intranet vulnerability attack defense method and related device |
| WO2022047617A1 (en) * | 2020-09-01 | 2022-03-10 | 华为技术有限公司 | Method and system for improving vehicle security |
| CN115883226A (en) * | 2022-12-07 | 2023-03-31 | 中国第一汽车股份有限公司 | Vehicle network attack analysis method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108965267B (en) | 2021-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108965267A (en) | network attack processing method, device and vehicle | |
| CN101582905B (en) | Attack Protection for Packet-Based Networks | |
| US7592906B1 (en) | Network policy evaluation | |
| CN105262722B (en) | Terminal malicious traffic stream rule update method, cloud server and security gateway | |
| KR100800370B1 (en) | Network attack signature generation | |
| CN104115463B (en) | For processing the streaming method and system of network metadata | |
| CN107222491B (en) | Intrusion detection rule creating method based on industrial control network variant attack | |
| CN105262738B (en) | A kind of method of router and its preventing ARP aggression | |
| CN109711171A (en) | Localization method and device, system, storage medium, the electronic device of software vulnerability | |
| CN106330849A (en) | Method and device for preventing domain name hijack | |
| CN109818970B (en) | Data processing method and device | |
| CN106302318A (en) | A kind of website attack defense method and device | |
| US8903749B2 (en) | Method of identifying a protocol giving rise to a data flow | |
| US12021836B2 (en) | Dynamic filter generation and distribution within computer networks | |
| CN109889546B (en) | Rapid fine-grained multi-domain network interconnection security control method | |
| CN111901317B (en) | Access control policy processing method, system and equipment | |
| CN111404768A (en) | DPI recognition realization method and equipment | |
| CN113194065A (en) | DNS attack protection method and system | |
| CN107690004A (en) | The processing method and processing device of address analysis protocol message | |
| CN106953770B (en) | A kind of lightweight network function virtualization system and its virtual method | |
| CN104038488A (en) | System network safety protection method and device | |
| US20230327956A1 (en) | Network configuration estimation apparatus, network configuration estimation method and program | |
| CN116471592A (en) | Network-connected automobile network communication process analysis method and related equipment thereof | |
| CN106682508B (en) | The checking and killing method and device of virus | |
| CN103581156A (en) | Trusted network and operating method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211122 Address after: Room 103, building 1, yard 4, Hengxing Road, Gaoliying Town, Shunyi District, Beijing Patentee after: Beijing Rockwell Technology Co.,Ltd. Address before: Room 801, 8 / F, building 3, No.10 courtyard, Wangjing street, Chaoyang District, Beijing 100102 Patentee before: BEIJING CHJ AUTOMOTIVE TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |