CN109743310A - Method and apparatus for analytic message - Google Patents
Method and apparatus for analytic message Download PDFInfo
- Publication number
- CN109743310A CN109743310A CN201811625725.4A CN201811625725A CN109743310A CN 109743310 A CN109743310 A CN 109743310A CN 201811625725 A CN201811625725 A CN 201811625725A CN 109743310 A CN109743310 A CN 109743310A
- Authority
- CN
- China
- Prior art keywords
- instruction
- message
- vehicle bus
- need
- attribute information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 7
- 230000006854 communication Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000007405 data analysis Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000005291 magnetic effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
Embodiment of the disclosure discloses the method and apparatus for analytic message.One specific embodiment of this method includes: to obtain vehicle bus message;According to the predetermined attribute information that need to be analyzed the instruction, the instruction that attribute information and predetermined attribute information match is parsed from vehicle bus message.This embodiment improves packet parsing efficiency.
Description
Technical field
Embodiment of the disclosure is related to field of computer technology, and in particular to the method and apparatus for analytic message.
Background technique
Car borne gateway (Gateway) is usually for forwarding vehicle bus data.Car borne gateway parses the efficiency of data, directly
Connect the performance for influencing vehicle control system.
Summary of the invention
Embodiment of the disclosure proposes the method and apparatus for analytic message.
In a first aspect, embodiment of the disclosure provides a kind of method for analytic message, this method comprises: obtaining vehicle
Bus message;According to the predetermined attribute information that need to be analyzed the instruction, attribute information is parsed from vehicle bus message
The instruction to match with predetermined attribute information.
In some embodiments, this method further include: according to the instruction parsed, determine whether vehicle bus message is to attack
Hit message.
In some embodiments, it need to analyze the instruction and determine as follows: obtain Rule Information;Rule Information is carried out
Semantic analysis obtains the associated instruction of Rule Information, and obtained instruction is determined as to analyze the instruction.
In some embodiments, the attribute information that need to be analyzed the instruction, comprising: need to analyze the instruction in vehicle bus message
Initial position, the command length that need to be analyzed the instruction.
In some embodiments, vehicle bus message is that deep message parses (Deep Packet Inspection, DPI)
Message.
Second aspect, embodiment of the disclosure provide a kind of device for analytic message, which includes: that message obtains
Unit is taken, is configured to obtain vehicle bus message;Packet parsing unit is configured to be analyzed the instruction according to predetermined
Attribute information, parse attribute information from vehicle bus message and instruction that predetermined attribute information matches.
In some embodiments, device further include: attack judging unit is configured to according to the instruction parsed, really
Determine whether vehicle bus message is attack message.
In some embodiments, it need to analyze the instruction and determine as follows: obtain Rule Information;Rule Information is carried out
Semantic analysis obtains the associated instruction of Rule Information, and obtained instruction is determined as to analyze the instruction.
In some embodiments, the attribute information that need to be analyzed the instruction, comprising: need to analyze the instruction in vehicle bus message
Initial position, the command length that need to be analyzed the instruction.
In some embodiments, vehicle bus message is deep message analytic message.
The third aspect, embodiment of the disclosure provide a kind of server, comprising: one or more processors;Storage dress
Set, be stored thereon with one or more programs, when one or more programs are executed by one or more processors so that one or
Multiple processors are realized such as the method for any embodiment in the method for analytic message.
Fourth aspect, embodiment of the disclosure provide a kind of computer readable storage medium, are stored thereon with computer
Program is realized when the computer program is executed by processor such as the method for any embodiment in the method for analytic message.
The method and apparatus for analytic message that embodiment of the disclosure provides, can obtain vehicle bus report first
Text.Then, according to the predetermined attribute information that need to be analyzed the instruction, attribute information and pre- is parsed from vehicle bus message
The first instruction that determining attribute information matches.The method and apparatus that embodiment of the disclosure provides, only to vehicle bus message
In the resolved instruction of needs parsed, it is possible to reduce the unnecessary data-analysis time, help to improve packet parsing
Efficiency.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is that one embodiment of the application can be applied to exemplary system architecture figure therein;
Fig. 2 is the flow chart according to one embodiment of the method for analytic message of the application;
Fig. 3 is the schematic diagram of an application scenarios of the method according to an embodiment of the present disclosure for analytic message;
Fig. 4 is the flow chart according to another embodiment of the method for analytic message of the application;
Fig. 5 is the structural schematic diagram according to one embodiment of the device for analytic message of the application;
Fig. 6 is adapted for the structural schematic diagram for the computer system for realizing the server of embodiment of the disclosure.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to
Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 is shown can the method for analytic message using embodiment of the disclosure or the dress for analytic message
The exemplary system architecture 100 set.
As shown in Figure 1, system architecture 100 may include vehicle bus system 101, network 102 and gateway 103.Net
Network 102 between vehicle bus system 101 and gateway 103 to provide the medium of communication link.Network 102 may include
Various connection types, such as wired, wireless communication link or fiber optic cables etc..
Vehicle bus system 101 can be interacted by network 102 with gateway 103, to receive or send message etc..Vehicle
Bus system 101 can be the vehicle bus system with various bus functionalities, for example, by vehicle bus message transmissions to net
Close the vehicle bus system of equipment.Vehicle bus system can be by vehicle bus message transmissions to gateway.
Gateway 103 can be various gateways, such as to the vehicle bus report that vehicle bus system 101 is transmitted
The gateway that text is handled.Gateway can be total from vehicle according to the predetermined attribute information that need to be analyzed the instruction
The instruction that attribute information and predetermined attribute information match is parsed in report from a liner text.
It should be noted that the method provided by embodiment of the disclosure for analytic message is generally by gateway
103 execute, and correspondingly, the device for analytic message is generally positioned in gateway 103.
It should be understood that the vehicle bus system, the number of network and gateway equipment in Fig. 1 are only schematical.According to
It realizes and needs, can have any number of vehicle bus system, network and gateway equipment.
With continued reference to Fig. 2, the process of one embodiment of the method for analytic message according to the application is shown
200.This is used for the method for analytic message, comprising the following steps:
Step 201, vehicle bus message is obtained.
It in the present embodiment, can for the executing subject of the method for analytic message (such as gateway 103 shown in FIG. 1)
To get vehicle bus message from the vehicle bus system of communication connection.Wherein, above-mentioned vehicle bus message is usually vehicle
The message transmitted in bus.
It should be pointed out that above-mentioned vehicle can be various vehicles in each embodiment of the application.For example, nobody
Vehicle.Above-mentioned vehicle is also possible to the various other vehicles.For example, aircraft, steamer.
Step 202, according to the predetermined attribute information that need to be analyzed the instruction, attribute is parsed from vehicle bus message
The instruction that information and predetermined attribute information match.
In the present embodiment, since vehicle bus message often has specific message format, executing subject is obtaining
After getting vehicle bus message, acquired vehicle bus message can be parsed.In one vehicle bus message usually
It may include multiple instruction.Wherein, it need to analyze the instruction, usually technical staff is preset, the need in vehicle bus message
The instruction to be resolved.Above-mentioned attribute information can be the information of certain characteristic for describing to analyze the instruction.As an example,
Above-mentioned attribute information can be the identity that need to be analyzed the instruction.At this point, executing subject can be using the identity that need to be analyzed the instruction
Mark finds the instruction with the attribute information to match with the identity that need to be analyzed the instruction from vehicle bus message, from
And the instruction found is parsed.Here, the above-mentioned instruction to match with identity that is need to analyzing the instruction, can refer to
The identical instruction of the two identity.It should be pointed out that need to analyze the instruction there can be one, can also have a plurality of.It is needing to solve
When analysis instruction has a plurality of, executing subject can use each attribute information that need to be analyzed the instruction, and parse from vehicle bus message
The instruction that attribute information and the attribute information that need to be analyzed the instruction match out.
Optionally, the above-mentioned attribute information that need to be analyzed the instruction can include but is not limited to: need to analyze the instruction in vehicle bus
Initial position in message, the command length that need to be analyzed the instruction.Here, executing subject can be using the start bit that need to be analyzed the instruction
It sets and command length, is found from vehicle bus message and the finger with this attribute information of above-mentioned initial position and command length
It enables.To which the instruction found be parsed.
To need resolved instruction it should be pointed out that predefining, i.e., need to analyze the instruction, it can be subsequent each
In the parsing of secondary vehicle bus message, only the instruction to match with the attribute information that need to be analyzed the instruction is parsed, do not need by
All instructions in vehicle bus message parses, it is possible to reduce the unnecessary data-analysis time, helps to improve message
Analyzing efficiency.
In some optional implementations of the present embodiment, vehicle bus message is deep message analytic message.Upper
It states in implementation, when vehicle bus message is deep message analytic message, executing subject can use deep message parsing side
Method parses vehicle bus message.Here, since executing subject is using deep message analytic method to vehicle bus message
When being parsed, accurate Analysis can be carried out to vehicle bus message, but need to expend more computing resource.Therefore, only right
The instruction that needs in vehicle bus message are resolved is parsed, and may be implemented to carry out accurate Analysis to vehicle bus message
Meanwhile reducing the consuming of computing resource.
In some optional implementations of the present embodiment, above-mentioned need to analyze the instruction determines as follows:
The first step obtains Rule Information.Here, Rule Information can be the preset Rule Information of technical staff.Its
In, above-mentioned Rule Information can be the various information for characterizing rule.As an example, Rule Information can be character group " if A
+ B, then X ", for characterizing, " if instruction A and instruction B while when occurring, for assault X ", this is regular.It may be noted that
, above-mentioned Rule Information can be directly stored in local, be stored in other electronics with executing subject communication connection
Equipment.It is stored when local in Rule Information, executing subject can extract the local Rule Information stored directly to be located
Reason.It stores in Rule Information in other electronic equipments communicated to connect with executing subject, executing subject can pass through wired company
It connects mode or radio connection obtains Rule Information to be handled.
Second step carries out semantic analysis to Rule Information, obtains the associated instruction of Rule Information, and obtained instruction is true
Being set to need to analyze the instruction.Here, executing subject can carry out semantic analysis to the Rule Information, be closed with obtaining the Rule Information
The instruction of connection.As an example, if Rule Information is " if A+B, X ".Wherein, A is instruction A, and B is instruction B, and X is network attack
Event X.Then executing subject can carry out semantic analysis to Rule Information, obtain instruction A associated by Rule Information and instruction B.
In addition, executing subject after obtaining instruction associated by Rule Information, obtained instruction can be determined as analyzing the instruction.
It should be pointed out that may include having a plurality of instruction in a rule information.It, can also be in addition, Rule Information can have one
Have a plurality of.When Rule Information has a plurality of, executing subject can carry out every rule information in a plurality of Rule Information semantic
Analysis obtains the associated instruction of Rule Information, and obtained instruction is determined as to analyze the instruction.
It should be pointed out that after executing subject analyzes set strictly all rules information (one or more), if
Obtaining a plurality of (two or two or more) need to analyze the instruction, at this point, it is obtained it is a plurality of need to analyze the instruction, can be to need to parse
Instruction set.
With continued reference to the signal that Fig. 3, Fig. 3 are according to the application scenarios of the method for analytic message of the present embodiment
Figure.In the application scenarios 300 of Fig. 3, gateway 301 gets vehicle bus message from vehicle bus system 302 first.
At this point, instruction included in vehicle bus message has: A, B, C, D, E.Then, according to the predetermined category that need to be analyzed the instruction
Property information, vehicle bus message is parsed, parses attribute information and instruction that above-mentioned attribute information matches: A, B.
The method provided by the above embodiment for analytic message of the application, can obtain vehicle bus message first.
Then, according to the predetermined attribute information that need to be analyzed the instruction, attribute information and in advance is parsed from vehicle bus message
The instruction that determining attribute information matches.The method that embodiment of the disclosure provides, only to the needs in vehicle bus message
Resolved instruction is parsed, it is possible to reduce the unnecessary data-analysis time helps to improve packet parsing efficiency.
With further reference to Fig. 4, it illustrates the processes 400 of another embodiment of the method for analytic message.The use
In the process 400 of the method for analytic message, comprising the following steps:
Step 401, vehicle bus message is obtained.
Step 402, according to the predetermined attribute information that need to be analyzed the instruction, attribute is parsed from vehicle bus message
The instruction that information and predetermined attribute information match.
In the present embodiment, the behaviour of the concrete operations of step 401-402 and step 201-202 in embodiment shown in Fig. 2
Make essentially identical, details are not described herein.
Step 403, according to the instruction parsed, determine whether vehicle bus message is attack message.
Wherein, attack message typically refers to the network insertion bandwidth or system resource by occupying host, so that host is not
The message that can be operated normally.Wherein, above-mentioned host can be onboard servers.
In the present embodiment, executing subject can by analyzing instruction, come determine vehicle bus message whether be
Attack message.Wherein, executing subject, which can be, once analyzes an instruction, can also once divide a plurality of instruction
Analysis, can also once analyze obtained all instructions together.It should be pointed out that usually may include: in instruction
At least one of data and address information.Optionally, executing subject can will meet vehicle corresponding to the instruction of preset condition
Bus message is determined as attack message.As an example, can then recognize if it is identical with source address to meet destination address in instruction
It is attack message for the corresponding vehicle bus message of the instruction.As another example, if being all satisfied mesh in continuous a plurality of instruction
It is identical with source address to mark address, it may be considered that the corresponding vehicle bus message of a plurality of instruction is attack message.
Figure 4, it is seen that the method for analytic message compared with the corresponding embodiment of Fig. 2, in the present embodiment
Process 400 embody based on the step of whether determining vehicle bus message is attack message need to be analyzed the instruction.This implementation as a result,
The scheme of example description can help improve packet parsing efficiency, while the safety detection to vehicle bus message can be improved
Efficiency.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, this application provides one kind for parsing report
One embodiment of the device of text, the Installation practice is corresponding with embodiment of the method shown in Fig. 2, which can specifically answer
For in various servers.
As shown in figure 5, the device 500 for analytic message of the present embodiment includes: Receive message unit 501, it is configured
At acquisition vehicle bus message;Packet parsing unit 502, according to the predetermined attribute information that need to be analyzed the instruction, from vehicle
The instruction that attribute information and predetermined attribute information match is parsed in bus message.
In some optional implementations of the present embodiment, which can also include attacking judging unit (in figure not
It shows).Attack judging unit may be configured to determine whether vehicle bus message is attack report according to the instruction parsed
Text.
In some optional implementations of the present embodiment, it need to analyze the instruction and determine as follows: firstly, obtaining
Rule Information.Then, semantic analysis is carried out to Rule Information, obtains the associated instruction of the Rule Information.Finally, by obtained
Instruction is determined as to analyze the instruction.
In some optional implementations of the present embodiment, the attribute information that need to analyze the instruction, comprising: need to analyze the instruction
Initial position in vehicle bus message, the command length that need to be analyzed the instruction.
In some optional implementations of the present embodiment, vehicle bus message is deep message analytic message.
The device provided by the above embodiment of the application, Receive message unit 501 obtain vehicle bus message.Then, it reports
Literary resolution unit 502 parses attribute letter according to the predetermined attribute information that need to be analyzed the instruction from vehicle bus message
The instruction that breath matches with predetermined attribute information.The device of the present embodiment, only in vehicle bus message need by
The instruction of parsing is parsed, it is possible to reduce the unnecessary data-analysis time helps to improve packet parsing efficiency.
Below with reference to Fig. 6, it illustrates the computer systems 600 for the server for being suitable for being used to realize embodiment of the disclosure
Structural schematic diagram.Server shown in Fig. 6 is only an example, function to embodiment of the disclosure and should not use model
Shroud carrys out any restrictions.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in
Program in memory (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage section 608 and
Execute various movements appropriate and processing.In RAM 603, also it is stored with system 600 and operates required various programs and data.
CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always
Line 604.
I/O interface 605 is connected to lower component: the importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 608 including hard disk etc.;
And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because
The network of spy's net executes communication process.Driver 610 is also connected to I/O interface 605 as needed.Detachable media 611, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 610, in order to read from thereon
Computer program be mounted into storage section 608 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 609, and/or from detachable media
611 are mounted.When the computer program is executed by central processing unit (CPU) 601, limited in execution the present processes
Above-mentioned function.It should be noted that the computer-readable medium of the application can be computer-readable signal media or calculating
Machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but it is unlimited
In system, device or the device of --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or any above combination.It calculates
The more specific example of machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, portable of one or more conducting wires
Formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory
(EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In this application, computer readable storage medium can be it is any include or storage program
Tangible medium, which can be commanded execution system, device or device use or in connection.And in this Shen
Please in, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable
Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by
Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium
Sequence code can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. are above-mentioned
Any appropriate combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are actually
It can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it to infuse
Meaning, the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart can be with holding
The dedicated hardware based system of functions or operations as defined in row is realized, or can use specialized hardware and computer instruction
Combination realize.
Being described in unit involved in embodiment of the disclosure can be realized by way of software, can also be passed through
The mode of hardware is realized.Described unit also can be set in the processor, for example, can be described as: a kind of processor
Including Receive message unit, packet parsing unit and instructions match unit.Wherein, the title of these units is under certain conditions simultaneously
The restriction to the unit itself is not constituted, for example, Receive message unit is also described as " obtaining the list of vehicle bus message
Member ".
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be
Included in device described in above-described embodiment;It is also possible to individualism, and without in the supplying device.Above-mentioned calculating
Machine readable medium carries one or more program, when said one or multiple programs are executed by the device, so that should
Device: vehicle bus message is obtained;According to the predetermined attribute information that need to be analyzed the instruction, parsed from vehicle bus message
The instruction that attribute information and predetermined attribute information match out.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from foregoing invention design, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein
Can technical characteristic replaced mutually and the technical solution that is formed.
Claims (12)
1. a kind of method for analytic message, comprising:
Obtain vehicle bus message;
According to the predetermined attribute information that need to be analyzed the instruction, attribute information and pre- is parsed from the vehicle bus message
The instruction that the attribute information first determined matches.
2. according to the method described in claim 1, wherein, the method also includes:
According to the instruction parsed, determine whether the vehicle bus message is attack message.
3. according to the method described in claim 1, wherein, described need to analyze the instruction determines as follows:
Obtain Rule Information;
Semantic analysis is carried out to the Rule Information, obtains the associated instruction of the Rule Information, obtained instruction is determined
For that need to analyze the instruction.
4. according to the method described in claim 3, wherein, the attribute information that need to be analyzed the instruction, comprising:
The initial position that need to be analyzed the instruction in vehicle bus message, the command length that need to be analyzed the instruction.
5. method described in one of -4 according to claim 1, wherein the vehicle bus message is deep message analytic message.
6. a kind of device for analytic message, comprising:
Receive message unit is configured to obtain vehicle bus message;
Packet parsing unit is configured to according to the predetermined attribute information that need to be analyzed the instruction, from the vehicle bus report
The instruction that attribute information and the predetermined attribute information match is parsed in text.
7. device according to claim 6, wherein described device further include:
Judging unit is attacked, is configured to determine whether the vehicle bus message is attack message according to the instruction parsed.
8. device according to claim 6, wherein described need to analyze the instruction determines as follows:
Obtain Rule Information;
Semantic analysis is carried out to the Rule Information, obtains the associated instruction of the Rule Information, obtained instruction is determined
For that need to analyze the instruction.
9. device according to claim 8, wherein the attribute information that need to be analyzed the instruction, comprising:
The initial position that need to be analyzed the instruction in vehicle bus message, the command length that need to be analyzed the instruction.
10. the device according to one of claim 6-9, wherein the vehicle bus message is deep message analytic message.
11. a kind of server, comprising:
One or more processors;
Storage device is stored thereon with one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
Now such as method as claimed in any one of claims 1 to 5.
12. a kind of computer-readable medium, is stored thereon with computer program, wherein the realization when program is executed by processor
Such as method as claimed in any one of claims 1 to 5.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111247588.7A CN113904864A (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN202111246587.0A CN113992391B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN201811625725.4A CN109743310B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811625725.4A CN109743310B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111246587.0A Division CN113992391B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN202111247588.7A Division CN113904864A (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109743310A true CN109743310A (en) | 2019-05-10 |
| CN109743310B CN109743310B (en) | 2021-11-16 |
Family
ID=66361857
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111246587.0A Active CN113992391B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN202111247588.7A Pending CN113904864A (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN201811625725.4A Active CN109743310B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
Family Applications Before (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111246587.0A Active CN113992391B (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
| CN202111247588.7A Pending CN113904864A (en) | 2018-12-28 | 2018-12-28 | Method and device for analyzing message |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN113992391B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314354A (en) * | 2020-02-19 | 2020-06-19 | 北京天融信网络安全技术有限公司 | Intelligent vehicle communication method and device |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020003781A1 (en) * | 2000-07-06 | 2002-01-10 | Hajime Kikkawa | Readily reconfigurable data relay device and multiplex communication system |
| CN104156565A (en) * | 2014-07-21 | 2014-11-19 | 北京航天发射技术研究所 | System state analysis method and analysis device based on offline CAN bus data |
| CN104216391A (en) * | 2013-05-31 | 2014-12-17 | 广州汽车集团股份有限公司 | Automobile decoder and automotive type recognition method thereof |
| CN105564439A (en) * | 2015-12-28 | 2016-05-11 | 广州汽车集团股份有限公司 | Vehicle control method and system |
| CN105681199A (en) * | 2015-12-29 | 2016-06-15 | 北京经纬恒润科技有限公司 | Method and device for processing message data in vehicular bus |
| CN105703990A (en) * | 2014-11-28 | 2016-06-22 | 联创汽车电子有限公司 | Analysis method and construction method of CAN communication message of vehicle controller |
| CN106130855A (en) * | 2016-07-18 | 2016-11-16 | 珠海格力电器股份有限公司 | Data processing method and device |
| CN106817366A (en) * | 2016-12-31 | 2017-06-09 | 惠州市蓝微新源技术有限公司 | A kind of CAN document analysis and again store method |
| CN107231279A (en) * | 2016-03-26 | 2017-10-03 | 深圳市沃特玛电池有限公司 | A kind of message parsing method based on CAN communication |
| CN107656520A (en) * | 2017-10-24 | 2018-02-02 | 厦门市福工动力技术有限公司 | CAN data analysis method and computer-readable recording medium |
| US20180062988A1 (en) * | 2016-08-31 | 2018-03-01 | Faraday&Future Inc. | Ethernet communication of can signals |
| CN108415408A (en) * | 2018-03-16 | 2018-08-17 | 宁波杉杉汽车有限公司 | Automobile packet parsing based on CAN communication and method for diagnosing faults |
| CN108965293A (en) * | 2018-07-13 | 2018-12-07 | 智车优行科技(北京)有限公司 | Message parsing method and device, electronic equipment |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI409645B (en) * | 2009-05-27 | 2013-09-21 | Ibm | Communication server and method and computer readable medium of processing messages utilizing the server |
| EP2786543B1 (en) * | 2011-12-01 | 2019-03-27 | Intel Corporation | Secure message filtering to vehicle electronic control units with secure provisioning of message filtering rules |
| US8983714B2 (en) * | 2012-11-16 | 2015-03-17 | Robert Bosch Gmbh | Failsafe communication system and method |
| CN103997489B (en) * | 2014-05-09 | 2017-02-22 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for recognizing DDoS bot network communication protocol |
| CN105279421B (en) * | 2014-06-19 | 2019-07-12 | 上海辇联网络科技有限公司 | A kind of detection system and method for the information security based on car networking access OBD II |
| US10120843B2 (en) * | 2014-08-26 | 2018-11-06 | International Business Machines Corporation | Generation of parsable data for deep parsing |
| CN105025011B (en) * | 2015-06-12 | 2016-10-19 | 吉林大学 | The evaluation methodology of on-vehicle information safety |
| US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
| CN107566316A (en) * | 2016-06-30 | 2018-01-09 | 中兴通讯股份有限公司 | A kind of message parsing method, device and network processing unit |
| CN108076010B (en) * | 2016-11-10 | 2020-09-08 | 中国移动通信集团广东有限公司 | XML message parsing method and server |
| KR101856487B1 (en) * | 2017-03-03 | 2018-06-19 | 주식회사 티맥스데이터 | Computing device for processing parsing |
| JP2018170591A (en) * | 2017-03-29 | 2018-11-01 | パナソニックIpマネジメント株式会社 | Communication device, communication method, and control program |
| CN107547572B (en) * | 2017-10-13 | 2021-03-02 | 北京梆梆安全科技有限公司 | CAN bus communication method based on pseudo-random number |
| CN108965267B (en) * | 2018-06-28 | 2021-04-02 | 北京车和家信息技术有限公司 | Network attack processing method and device and vehicle |
-
2018
- 2018-12-28 CN CN202111246587.0A patent/CN113992391B/en active Active
- 2018-12-28 CN CN202111247588.7A patent/CN113904864A/en active Pending
- 2018-12-28 CN CN201811625725.4A patent/CN109743310B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020003781A1 (en) * | 2000-07-06 | 2002-01-10 | Hajime Kikkawa | Readily reconfigurable data relay device and multiplex communication system |
| CN104216391A (en) * | 2013-05-31 | 2014-12-17 | 广州汽车集团股份有限公司 | Automobile decoder and automotive type recognition method thereof |
| CN104156565A (en) * | 2014-07-21 | 2014-11-19 | 北京航天发射技术研究所 | System state analysis method and analysis device based on offline CAN bus data |
| CN105703990A (en) * | 2014-11-28 | 2016-06-22 | 联创汽车电子有限公司 | Analysis method and construction method of CAN communication message of vehicle controller |
| CN105564439A (en) * | 2015-12-28 | 2016-05-11 | 广州汽车集团股份有限公司 | Vehicle control method and system |
| CN105681199A (en) * | 2015-12-29 | 2016-06-15 | 北京经纬恒润科技有限公司 | Method and device for processing message data in vehicular bus |
| CN105681199B (en) * | 2015-12-29 | 2018-12-14 | 北京经纬恒润科技有限公司 | The processing method and processing device of message data in a kind of vehicle bus |
| CN107231279A (en) * | 2016-03-26 | 2017-10-03 | 深圳市沃特玛电池有限公司 | A kind of message parsing method based on CAN communication |
| CN106130855A (en) * | 2016-07-18 | 2016-11-16 | 珠海格力电器股份有限公司 | Data processing method and device |
| US20180062988A1 (en) * | 2016-08-31 | 2018-03-01 | Faraday&Future Inc. | Ethernet communication of can signals |
| CN106817366A (en) * | 2016-12-31 | 2017-06-09 | 惠州市蓝微新源技术有限公司 | A kind of CAN document analysis and again store method |
| CN107656520A (en) * | 2017-10-24 | 2018-02-02 | 厦门市福工动力技术有限公司 | CAN data analysis method and computer-readable recording medium |
| CN108415408A (en) * | 2018-03-16 | 2018-08-17 | 宁波杉杉汽车有限公司 | Automobile packet parsing based on CAN communication and method for diagnosing faults |
| CN108965293A (en) * | 2018-07-13 | 2018-12-07 | 智车优行科技(北京)有限公司 | Message parsing method and device, electronic equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314354A (en) * | 2020-02-19 | 2020-06-19 | 北京天融信网络安全技术有限公司 | Intelligent vehicle communication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992391B (en) | 2023-12-29 |
| CN109743310B (en) | 2021-11-16 |
| CN113992391A (en) | 2022-01-28 |
| CN113904864A (en) | 2022-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106815031B (en) | Kernel module loading method and device | |
| CN109976995B (en) | Method and apparatus for testing | |
| CN108694104A (en) | A kind of interface function contrast test method, apparatus, electronic equipment and storage medium | |
| EP2763069A1 (en) | Method and device for multiple engine virus killing | |
| CN109739478A (en) | Front end project automated construction method, device, storage medium and electronic equipment | |
| CN109284198A (en) | A kind of method and apparatus verifying data | |
| US9495542B2 (en) | Software inspection system | |
| EP1403781A1 (en) | Validation system and method | |
| EP4102772B1 (en) | Method and apparatus of processing security information, device and storage medium | |
| CN109543068A (en) | Method and apparatus for generating the comment information of video | |
| US20190155588A1 (en) | Systems and methods for transforming machine language models for a production environment | |
| CN109743310A (en) | Method and apparatus for analytic message | |
| CN109218024A (en) | Method and apparatus for control authority | |
| EP3608786A1 (en) | Systems and methods of requirements chaining and applications thereof | |
| CN115412346B (en) | Message detection method and device, electronic equipment and storage medium | |
| CN110213281A (en) | Safety protecting method and device | |
| CN109933926A (en) | Method and apparatus for predicting flight reliability | |
| CN110796021A (en) | Identity authentication method and device applied to self-service equipment | |
| CN109977011A (en) | Automatic generation method, device, storage medium and the electronic equipment of test script | |
| CN110348438A (en) | A kind of picture character identifying method, device and electronic equipment based on artificial nerve network model | |
| CN109145591A (en) | The plug-in loading method of application program | |
| CN110276403A (en) | Method for establishing model and device | |
| EP3629173A1 (en) | Event log processing | |
| CN110322350A (en) | Cut method, apparatus, equipment and the storage medium of the common recognition hollow block of network | |
| CN110378641A (en) | A kind of method and apparatus counting unmanned vehicle information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211012 Address after: 100176 Room 101, 1st floor, building 1, yard 7, Ruihe West 2nd Road, economic and Technological Development Zone, Daxing District, Beijing Applicant after: Apollo Intelligent Connectivity (Beijing) Technology Co., Ltd. Address before: 100085 Baidu Building, 10 Shangdi Tenth Street, Haidian District, Beijing Applicant before: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |