CN109347823A - A kind of CAN bus method for detecting abnormality based on comentropy - Google Patents

A kind of CAN bus method for detecting abnormality based on comentropy Download PDF

Info

Publication number
CN109347823A
CN109347823A CN201811208480.5A CN201811208480A CN109347823A CN 109347823 A CN109347823 A CN 109347823A CN 201811208480 A CN201811208480 A CN 201811208480A CN 109347823 A CN109347823 A CN 109347823A
Authority
CN
China
Prior art keywords
message
bus
comentropy
relative distance
detecting abnormality
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811208480.5A
Other languages
Chinese (zh)
Other versions
CN109347823B (en
Inventor
朱双华
陈慧芝
胥刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhizunbao Automobile Technology Co ltd
Original Assignee
Hunan Automotive Engineering Vocational College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Automotive Engineering Vocational College filed Critical Hunan Automotive Engineering Vocational College
Priority to CN201811208480.5A priority Critical patent/CN109347823B/en
Publication of CN109347823A publication Critical patent/CN109347823A/en
Application granted granted Critical
Publication of CN109347823B publication Critical patent/CN109347823B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of CAN bus method for detecting abnormality based on comentropy, comprising the following steps: establish baseline sample database;It acquires CAN bus message to be measured and message data is pre-processed;To treated, message data carries out the calculating of information entropy, relative distance calculates;The entropy being calculated and relative distance are compared and analyzed with baseline database, detect whether to occur abnormal.The present invention obtains baseline sample database by the message data of normal vehicle-mounted CAN bus network, as judging whether bus network abnormal baseline occurs;When detecting, it is for statistical analysis to vehicle-mounted CAN bus network data to be detected, calculate the comentropy and relative distance of Current bus network, it is detected by the variation tendency of comentropy and relative distance in current CAN bus network and whether exception occurs, the present invention is able to detect the attacks such as vehicle-mounted CAN bus playback, detection precisely, is easy to Project Realization.

Description

A kind of CAN bus method for detecting abnormality based on comentropy
Technical field
The present invention relates to CAN bus technical field of communication safety and comprising, and in particular, to a kind of CAN bus based on comentropy Method for detecting abnormality.
Background technique
Intelligence, the networking of automobile make automotive interior number of electronic devices increase sharply, and electric-control system is increasingly complicated, Vehicle electronic device, electronic control unit and extraneous information exchange are also more and more, and these vehicle electronic devices, electronic control unit The overwhelming majority has been all connected to the bus network of automotive interior, and the security threat for carrying out automatic network can be connect by automobile and external Mouth penetrates into crucial vehicle bus network system.Existing vehicle bus network during design and application never Have and considered information security issue, only basic integrity checking, there is a serious shortage of Protective Information Security Techniques and means.
As mobile information system, the research work of information security issue has great importance net connection automobile, main It may be embodied in:
(1) information exchange of net connection automobile is related to vehicle and internet, Che Yuche, vehicle and infrastructure, vehicle bus net The data exchange of the multi-internet integrations such as network, the analysis method and preventive means of computer network security cannot be directly used to net connection vapour The information security issue of vehicle.The information security issue of analysis net connection automobile and research are suitble to the security protection of vehicle bus network Technology is of great practical significance;
(2) external that the research work of automobile information safety and vehicle bus safety has been unfolded, and domestic relevant vapour The research achievement of vehicle information security, especially vehicle bus information security is still rarely seen;
(3) information security issue of net connection automobile is more than privacy leakage, and is related to the safety of lives and properties.It is anti- Only automobile information security breaches jeopardize the person, property and personal secrets of vehicle occupant, avoid endangering public transport peace Entirely, enough attention should be given for the information security issue of net connection automobile;
(4) safe network communication is the basis of net connection development of automobile, and automobile information safety problem is that automobile industry is necessary Facing and solving for task, the information security issue of analysis net connection automobile, studies the protecting information safety skill of vehicle bus network Art is the joint demand of automotive research field and industrial field.
Therefore, research network connection automotive networking information security issue has a very important significance, and studies and is suitble to vehicle bus The Protective Information Security Techniques of network are extremely urgent.
Existing CAN bus abnormality detection is the general design of hardware and software using change automobile gateway, higher cost;And needle It is computationally intensive to the detection method of net connection automobile, it realizes difficult.
Replay Attack refers to that attacker sends the packet that a destination host had received, to achieve the purpose that fraud system, It is mainly used for authentication procedures, destroys the correctness of certification.
Summary of the invention
Simple, detection that in order to solve the above technical problem, the present invention provides a kind of algorithms is accurately based on the CAN of comentropy Bus method for detecting abnormality.
Technical proposal that the invention solves the above-mentioned problems is: a kind of CAN bus method for detecting abnormality based on comentropy, packet Include following steps:
Step 1: baseline sample database is established;
Step 2: it acquires CAN bus message to be measured and message data is pre-processed;
Step 3: to treated, message data carries out the calculating of information entropy, relative distance calculates;
Step 4: the entropy being calculated and relative distance are compared and analyzed with baseline database, detected whether out It is now abnormal.
The above-mentioned CAN bus method for detecting abnormality based on comentropy in the step 1, establishes the specific of baseline sample database Step includes:
1-1) message in the CAN bus network under acquisition simulation true environment is as initial data;
1-2) initial data is pre-processed, counts message flow in the unit time, message self-information;
1-3) determining entropy, threshold value determination and relative distance is carried out to pretreated data to determine;
1-4) obtain baseline sample database.
The above-mentioned CAN bus method for detecting abnormality based on comentropy, the step 1-3) in, the determining specific steps of entropy Are as follows:
E is enabled to be expressed as the CAN message massage set of the n kind different identification occurred in T time symbol, wherein E={ ε1, ε2,..., εn, { C1, C2 ..., Cn } is the sending cycle of the CAN message of the n kind different identification symbol occurred in T time;
The sum of the CAN message message of time T internal bus are as follows:
I-th kind of message εi, the quantity n that is sent in T timeiFor
I-th kind of message, the Probability p (ε occurred in T timei) indicate are as follows:
Obviously have
The uncertainty for defining i-th kind of message is the self-information I (ε of message ii)
Then the comentropy of CAN bus is defined as the average uncertainty of message, as the mathematics phase of self-information in time T It hopes:
The above-mentioned CAN bus method for detecting abnormality based on comentropy, the step 1-3) in, relative distance determines specific Step are as follows:
I-th kind of message is defined in the relative distance of two adjacent T time section massage sets
Under Replay Attack scene,
Under Replay Attack scene, the relative distance of i-th kind of message
Further, threshold value D is 0.01~0.02, and the range that network normally detects is (H (E)-D/2, H (E)+D/2), is surpassed The bus message entropy for crossing this range will be determined as exception.
The above-mentioned CAN bus method for detecting abnormality based on comentropy in the step 4, passes through comentropy and relative distance Variation tendency to determine whether occurring abnormal.
Further, specific judgment method includes according to I: when the increase of CAN bus system comentropy, being judged in original message On the basis of, occur new message in CAN bus, CAN bus is abnormal.
Further, specific judgment method includes according to II: when relative distance obtains the variation tendency of positive value, judging CAN Occurs the message being played out in bus;When obtaining the variation tendency of negative value, judge that the playback of the message disappears;When opposite Apart from it is constant when, judge that the message is not played out.
Compared with prior art, the beneficial effects of the present invention are:
The present invention obtains baseline sample database by the message data of normal vehicle-mounted CAN bus network, as judging bus network Whether network there is abnormal baseline;When detecting, the change of comentropy and relative distance when CAN bus exception is dexterously utilized Law, it is for statistical analysis to vehicle-mounted CAN bus network data to be detected, calculate Current bus network comentropy and Relative distance detects in current CAN bus network whether exception occur by the variation tendency of comentropy and relative distance, The present invention is specifically able to detect the attacks such as vehicle-mounted CAN playback, and reaches expected detection effect, and accuracy in detection is high.
Detailed description of the invention
Fig. 1 is the flow chart of calibration phase of the present invention.
Fig. 2 is the flow chart of detection-phase of the present invention.
Specific embodiment
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;In order to better illustrate this embodiment, attached Scheme certain components to have omission, zoom in or out, does not represent the size of actual product;To those skilled in the art, The omitting of some known structures and their instructions in the attached drawings are understandable.For the ordinary skill in the art, Above-mentioned term can be understood in concrete meaning of the invention with concrete condition.With reference to the accompanying drawings and examples to skill of the invention Art scheme is described further.
Embodiment 1
The present embodiment provides a kind of CAN bus method for detecting abnormality based on comentropy, comprising the following steps:
Step 1 establishes baseline sample database;
Step 2 acquires CAN bus message to be measured and pre-processes to message data;
To treated, message data carries out the calculating of information entropy to step 3, relative distance calculates;
Step 4 compares and analyzes the entropy being calculated and relative distance with baseline database, detects whether out It is now abnormal.
Specifically, wherein step 1 is calibration phase.
As shown in Figure 1, step 1 specifically includes the following steps:
1-1) message in the CAN bus network under acquisition simulation true environment is as initial data.
1-2) initial data is pre-processed, counts message flow in the unit time, message self-information.
1-3) determining entropy, threshold value determination and relative distance is carried out to pretreated data to determine.
Wherein, the specific steps that entropy determines are as follows:
Assuming that load of the CAN bus in time T is moderate, all message can be sent completely at the appointed time, then, The quantity of CAN bus message can be obtained by message period and time span in the T time.
E is enabled to be expressed as the CAN message massage set of the n kind different identification occurred in T time symbol, wherein E={ ε1, ε2,..., εn, { C1, C2 ..., Cn } is the sending cycle of the CAN message of the n kind different identification symbol occurred in T time;
In the ideal case, the sum of the CAN message message of time T internal bus are as follows:
I-th kind of message εi, the quantity n that is sent in T timeiFor
I-th kind of message, the Probability p (ε occurred in T timei) indicate are as follows:
Obviously have
The uncertainty for defining i-th kind of message is the self-information I (ε of message ii)
Then the comentropy of CAN bus is defined as the average uncertainty of message, as the mathematics phase of self-information in time T It hopes:
Threshold value D is 0.01~0.02 in the present embodiment, then the range that network normally detects is (H (E)-D/2, H (E)+D/ 2), judge whether information entropy belongs to this range, using as foundation whether judging that information entropy is normally in baseline sample database.
The specific steps that relative distance determines are as follows:
I-th kind of message is defined in the relative distance of two adjacent T time section massage sets
Under Replay Attack scene,
Under Replay Attack scene, the relative distance of i-th kind of message
1-4) obtain baseline sample database.
As shown in Fig. 2, step 2 to step 4 is detection-phase.
Step 2 acquires CAN bus message to be measured and pre-processes to message data.
To treated, message data carries out the calculating of information entropy to step 3, relative distance calculates.
According to the calculation method in step 1, the information entropy of CAN bus, relative distance after processing to be measured are correspondingly calculated Value.
Step 4 compares and analyzes the entropy being calculated and relative distance with baseline database, detects whether out It is now abnormal.
The entropy being calculated and relative distance are compared and analyzed with baseline database, by comentropy and it is opposite away from From variation tendency to determine whether occurring abnormal.
Specific judgment basis is, according to I: when the increase of CAN bus system comentropy, judging on the basis of original message, CAN Occurs new message in bus, CAN bus is abnormal.
According to I process of argumentation are as follows:
It enablesThen haveIt is monotonically increasing function in x > 0, works as CAN network It is middle when there is new message,
Function f (x) value increases, HiIncrease,Increase;
Therefore, it obtains according to I.
According in I, whether comentropy increases, by by the comentropy measured in step 4 and the letter measured in step 1 Breath entropy is compared to judge.
It, can also be using the abnormal feelings for judge according to II CAN as a specific embodiment of the present embodiment Condition.According to II: when relative distance obtains the variation tendency of positive value, judging the message for occurring being played out in CAN bus;When The variation tendency of negative value is obtained, judges that the playback of the message disappears;When relative distance is constant, judge that the message is not weighed It puts.
According to II process of argumentation are as follows:
Due to period c' > 0, thenHave again In x > 0 Locate monotonic increase, then diiΙΙε'i) variation tendency only need investigate diiΙΙε'i) transition formula evaluation whether be greater than 1, that ?
Assuming that other messages are not played out, the period of other messages is constant, becauseOnly It needs molecule to be greater than 0, then has
The message c' being played outi>ci, c'i-ci> 0, therefore
That is: diiΙΙε'i)>0
The variation tendency for the message relative distance for being played out attack is thus obtained, proving by the same methods does not have when attacking disappearance The period for having attack and the relative distance for being mixed with attack time section will obtain the variation tendency of negative value, diiΙΙε'i)<0; Theoretical value when not being played out is answered constant.
Therefore, it obtains according to II.
According in II, the variation tendency of relative distance is judged, by by the relative distance measured in step 4 and step The relative distance measured in one is compared to judge.
In the present embodiment, can judge whether CAN bus is abnormal in combination with foundation I and according to II.
In conclusion the present embodiment can be used to detect the abnormal behaviour in vehicle-mounted CAN bus, particularly for inspection Measuring car carries Replay Attack in CAN bus.The present embodiment algorithm is simplified, and detection is accurate, is easy to Project Realization.
Described in attached drawing positional relationship for only for illustration, should not be understood as the limitation to this patent.It is aobvious So, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be to reality of the invention Apply the restriction of mode.For those of ordinary skill in the art, it can also make on the basis of the above description other Various forms of variations or variation.There is no necessity and possibility to exhaust all the enbodiments.It is all in spirit of the invention With any modifications, equivalent replacements, and improvements made within principle etc., the protection scope of the claims in the present invention should be included in Within.

Claims (8)

1. a kind of CAN bus method for detecting abnormality based on comentropy, which comprises the following steps:
Step 1 establishes baseline sample database;
Step 2 acquires CAN bus message to be measured and pre-processes to message data;
To treated, message data carries out the calculating of information entropy to step 3, relative distance calculates;
Step 4 compares and analyzes the entropy being calculated and relative distance with baseline database, detects whether to occur different Often.
2. the CAN bus method for detecting abnormality according to claim 1 based on comentropy, which is characterized in that the step One specific steps include:
1-1) message in the CAN bus network under acquisition simulation true environment is as initial data;
1-2) initial data is pre-processed, counts message flow in the unit time, message self-information;
1-3) determining entropy, threshold value determination and relative distance is carried out to pretreated data to determine;
1-4) obtain baseline sample database.
3. the CAN bus method for detecting abnormality according to claim 2 based on comentropy, which is characterized in that the step In 1-3), the specific steps that entropy determines include:
E is enabled to be expressed as the CAN message massage set of the n kind different identification occurred in T time symbol, wherein E={ ε12,..., εn, { C1, C2 ..., Cn } is the sending cycle of the CAN message of the n kind different identification symbol occurred in T time;
The sum of the CAN message message of time T internal bus are as follows:
I-th kind of message εi, the quantity n that is sent in T timeiFor
I-th kind of message, the Probability p (ε occurred in T timei) indicate are as follows:
Obviously have
The uncertainty for defining i-th kind of message is the self-information I (ε of message ii)
Then the comentropy of CAN bus is defined as the average uncertainty of message, the as mathematic expectaion of self-information in time T:
4. the CAN bus method for detecting abnormality according to claim 3 based on comentropy, which is characterized in that the step In 1-3), the specific steps that relative distance determines include:
I-th kind of message is defined in the relative distance of two adjacent T time section massage sets
Under Replay Attack scene,
Under Replay Attack scene, the relative distance of i-th kind of message
5. the CAN bus method for detecting abnormality according to claim 2 to 4 any one based on comentropy, feature exist In the step 1-3), threshold value D is 0.01~0.02, and the range that network normally detects is (H (E)-D/2, H (E)+D/2), Bus message entropy more than this range will be determined as exception.
6. the CAN bus method for detecting abnormality according to claim 5 based on comentropy, which is characterized in that the step In four, by the variation tendency of comentropy and relative distance to determine whether occurring abnormal.
7. the CAN bus method for detecting abnormality according to claim 6 based on comentropy, which is characterized in that the step In four, specific judgment method includes according to I: when the increase of CAN bus system comentropy, judging that on the basis of original message, CAN is total Occurs new message in line, CAN bus is abnormal.
8. the CAN bus method for detecting abnormality according to claim 6 or 7 based on comentropy, which is characterized in that the step In rapid four, specific judgment method includes according to II: when relative distance obtains the variation tendency of positive value, judging occur in CAN bus The message being played out;When obtaining the variation tendency of negative value, judge that the playback of the message disappears;When relative distance is constant, Judge that the message is not played out.
CN201811208480.5A 2018-10-17 2018-10-17 CAN bus abnormality detection method based on information entropy Expired - Fee Related CN109347823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811208480.5A CN109347823B (en) 2018-10-17 2018-10-17 CAN bus abnormality detection method based on information entropy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811208480.5A CN109347823B (en) 2018-10-17 2018-10-17 CAN bus abnormality detection method based on information entropy

Publications (2)

Publication Number Publication Date
CN109347823A true CN109347823A (en) 2019-02-15
CN109347823B CN109347823B (en) 2021-04-09

Family

ID=65309068

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811208480.5A Expired - Fee Related CN109347823B (en) 2018-10-17 2018-10-17 CAN bus abnormality detection method based on information entropy

Country Status (1)

Country Link
CN (1) CN109347823B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110275508A (en) * 2019-05-08 2019-09-24 西安电子科技大学 Vehicle-mounted CAN bus network method for detecting abnormality and system
CN110505134A (en) * 2019-07-04 2019-11-26 国家计算机网络与信息安全管理中心 A kind of car networking CAN bus data detection method and device
CN111885060A (en) * 2020-07-23 2020-11-03 上海交通大学 Internet of vehicles-oriented nondestructive information security vulnerability detection system and method
CN111966083A (en) * 2020-09-18 2020-11-20 大连理工大学 Automobile CAN bus information safety simulation device
CN111970229A (en) * 2020-06-23 2020-11-20 北京航空航天大学 CAN bus data anomaly detection method aiming at multiple attack modes
CN112153070A (en) * 2020-09-28 2020-12-29 安徽江淮汽车集团股份有限公司 Abnormality detection method, device, storage medium and apparatus for vehicle-mounted CAN bus
CN112448947A (en) * 2020-11-10 2021-03-05 奇安信科技集团股份有限公司 Network anomaly determination method, equipment and storage medium
CN114745148A (en) * 2022-01-06 2022-07-12 华东师范大学 Vehicle-mounted network CAN bus intrusion detection method and system based on dynamic programming
CN115220973A (en) * 2022-07-05 2022-10-21 长春大学 Vehicle-mounted CAN bus information security anomaly detection method, system and equipment based on Tsallis entropy
CN115499340A (en) * 2022-09-29 2022-12-20 吉林大学 Dual detection technology for abnormal state of vehicle-mounted CANFD network
US12028365B2 (en) * 2019-07-25 2024-07-02 Battelle Memorial Institute CAN bus protection systems and methods

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645884A (en) * 2009-08-26 2010-02-10 西安理工大学 Multi-measure network abnormity detection method based on relative entropy theory
CN106650505A (en) * 2016-12-28 2017-05-10 北京奇虎科技有限公司 Vehicle attack detection method and device
CN107566402A (en) * 2017-10-13 2018-01-09 成都信息工程大学 Vehicle electronics information system intrusion detection method based on SOEKS is with realizing
WO2018067227A1 (en) * 2016-10-07 2018-04-12 Hrl Laboratories, Llc System for anomaly detection on can bus data with sparse and low rank decomposition of transfer entropy matrix
CN108173856A (en) * 2017-12-28 2018-06-15 北京奇虎科技有限公司 Vehicle communication data safety detection method, device and car-mounted terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645884A (en) * 2009-08-26 2010-02-10 西安理工大学 Multi-measure network abnormity detection method based on relative entropy theory
WO2018067227A1 (en) * 2016-10-07 2018-04-12 Hrl Laboratories, Llc System for anomaly detection on can bus data with sparse and low rank decomposition of transfer entropy matrix
CN106650505A (en) * 2016-12-28 2017-05-10 北京奇虎科技有限公司 Vehicle attack detection method and device
CN107566402A (en) * 2017-10-13 2018-01-09 成都信息工程大学 Vehicle electronics information system intrusion detection method based on SOEKS is with realizing
CN108173856A (en) * 2017-12-28 2018-06-15 北京奇虎科技有限公司 Vehicle communication data safety detection method, device and car-mounted terminal

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杨宏: "基于智能网联汽车的CAN总线攻击与防御检测技术研究", 《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》 *
闫鑫: "基于Renyi信息熵的CAN总线异常检测方法", 《中国优秀硕士学位论文全文数据库 工程科技II辑》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110275508B (en) * 2019-05-08 2021-09-28 西安电子科技大学 Vehicle-mounted CAN bus network anomaly detection method and system
CN110275508A (en) * 2019-05-08 2019-09-24 西安电子科技大学 Vehicle-mounted CAN bus network method for detecting abnormality and system
CN110505134A (en) * 2019-07-04 2019-11-26 国家计算机网络与信息安全管理中心 A kind of car networking CAN bus data detection method and device
CN110505134B (en) * 2019-07-04 2021-10-01 国家计算机网络与信息安全管理中心 Internet of vehicles CAN bus data detection method and device
US12028365B2 (en) * 2019-07-25 2024-07-02 Battelle Memorial Institute CAN bus protection systems and methods
CN111970229A (en) * 2020-06-23 2020-11-20 北京航空航天大学 CAN bus data anomaly detection method aiming at multiple attack modes
CN111885060B (en) * 2020-07-23 2021-08-03 上海交通大学 Internet of vehicles-oriented nondestructive information security vulnerability detection system and method
CN111885060A (en) * 2020-07-23 2020-11-03 上海交通大学 Internet of vehicles-oriented nondestructive information security vulnerability detection system and method
CN111966083A (en) * 2020-09-18 2020-11-20 大连理工大学 Automobile CAN bus information safety simulation device
CN112153070A (en) * 2020-09-28 2020-12-29 安徽江淮汽车集团股份有限公司 Abnormality detection method, device, storage medium and apparatus for vehicle-mounted CAN bus
CN112153070B (en) * 2020-09-28 2021-11-26 安徽江淮汽车集团股份有限公司 Abnormality detection method, device, storage medium and apparatus for vehicle-mounted CAN bus
CN112448947A (en) * 2020-11-10 2021-03-05 奇安信科技集团股份有限公司 Network anomaly determination method, equipment and storage medium
CN112448947B (en) * 2020-11-10 2022-10-28 奇安信科技集团股份有限公司 Network anomaly determination method, equipment and storage medium
CN114745148A (en) * 2022-01-06 2022-07-12 华东师范大学 Vehicle-mounted network CAN bus intrusion detection method and system based on dynamic programming
CN114745148B (en) * 2022-01-06 2023-02-07 华东师范大学 Vehicle-mounted network CAN bus intrusion detection method and system based on dynamic programming
CN115220973A (en) * 2022-07-05 2022-10-21 长春大学 Vehicle-mounted CAN bus information security anomaly detection method, system and equipment based on Tsallis entropy
CN115499340A (en) * 2022-09-29 2022-12-20 吉林大学 Dual detection technology for abnormal state of vehicle-mounted CANFD network

Also Published As

Publication number Publication date
CN109347823B (en) 2021-04-09

Similar Documents

Publication Publication Date Title
CN109347823A (en) A kind of CAN bus method for detecting abnormality based on comentropy
CN101741633B (en) Association analysis method and system for massive logs
CN105447388B (en) A kind of Android malicious code detection system based on weight and method
EP3176699A1 (en) System and method for applying aggregated cable test result data
CN107612698A (en) A kind of commercial cipher detection method, device and system
CN107612927B (en) Safety detection method for power dispatching automation system
CN106254318A (en) A kind of Analysis of Network Attack method
CN109936848A (en) A kind of detection method, device and the computer readable storage medium of puppet access point
CN105873085B (en) Node recognition methods is cloned based on physic channel information and the wireless sensor network of degree of belief
Kuznetsov et al. Variance analysis of networks traffic for intrusion detection in smart grids
CN107070941A (en) The method and apparatus of abnormal traffic detection
CN105407527B (en) Wireless sensor network security locating and tracking and quantitative evaluating method
CN103235914B (en) A kind of cloud malice detection engine identification method
CN111800427B (en) Internet of things equipment evaluation method, device and system
KR100520687B1 (en) Apparatus and method for displaying states of the network
CN105516164A (en) P2P botnet detection method based on fractal and self-adaptation fusion
Li et al. Exploiting temperature-varied voltage fingerprints for in-vehicle CAN intrusion detection
Meng et al. GB-IDS: An Intrusion Detection System for CAN Bus Based on Graph Analysis
CN108306890B (en) Computer network security detection method
CN110324881A (en) Security protection information transferring method, security protection system and computer-readable medium based on Internet of Things
CN105471632B (en) A kind of detection method of autoregression line fault
CN112383565B (en) IPSEC communication is with anti DOS attack system
JP5968148B2 (en) Method and apparatus for highly reliable estimation of network traffic
CN108809967A (en) rail traffic signal system information security risk monitoring method
Milliken et al. Development of device identity using wifi Layer 2 management frames for combating rogue APs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211229

Address after: 518054 Room 501, unit C, building 7, Nanguang garden, Haide Erdao, Nanshan street, Nanshan District, Shenzhen, Guangdong

Patentee after: Shenzhen zhizunbao Automobile Technology Co.,Ltd.

Address before: 412001 no.476, Hongqi North Road, Hetang District, Zhuzhou City, Hunan Province

Patentee before: HUNAN AUTOMOTIVE ENGINEERING VOCATIONAL College

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210409