CN109743310B - Method and device for analyzing message - Google Patents

Method and device for analyzing message Download PDF

Info

Publication number
CN109743310B
CN109743310B CN201811625725.4A CN201811625725A CN109743310B CN 109743310 B CN109743310 B CN 109743310B CN 201811625725 A CN201811625725 A CN 201811625725A CN 109743310 B CN109743310 B CN 109743310B
Authority
CN
China
Prior art keywords
instruction
message
analyzed
vehicle bus
attribute information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811625725.4A
Other languages
Chinese (zh)
Other versions
CN109743310A (en
Inventor
申杜波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apollo Zhilian Beijing Technology Co Ltd
Original Assignee
Apollo Zhilian Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apollo Zhilian Beijing Technology Co Ltd filed Critical Apollo Zhilian Beijing Technology Co Ltd
Priority to CN202111246587.0A priority Critical patent/CN113992391B/en
Priority to CN201811625725.4A priority patent/CN109743310B/en
Priority to CN202111247588.7A priority patent/CN113904864A/en
Publication of CN109743310A publication Critical patent/CN109743310A/en
Application granted granted Critical
Publication of CN109743310B publication Critical patent/CN109743310B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the disclosure discloses a method and a device for analyzing a message. One embodiment of the method comprises: acquiring a vehicle bus message; and analyzing the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed. The embodiment improves the message analysis efficiency.

Description

Method and device for analyzing message
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a method and a device for analyzing messages.
Background
Gateway (Gateway) is typically used to forward vehicle bus data. The efficiency of the vehicle-mounted gateway for analyzing data directly influences the performance of a vehicle control system.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for analyzing a message.
In a first aspect, an embodiment of the present disclosure provides a method for parsing a packet, where the method includes: acquiring a vehicle bus message; and analyzing the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed.
In some embodiments, the method further comprises: and determining whether the vehicle bus message is an attack message or not according to the analyzed instruction.
In some embodiments, the instruction to be parsed is determined by: acquiring rule information; and performing semantic analysis on the rule information to obtain an instruction associated with the rule information, and determining the obtained instruction as an instruction to be analyzed.
In some embodiments, the attribute information of the instruction to be parsed includes: the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed.
In some embodiments, the vehicle bus message is a Deep Packet Inspection (DPI) message.
In a second aspect, an embodiment of the present disclosure provides an apparatus for parsing a packet, where the apparatus includes: a message acquisition unit configured to acquire a vehicle bus message; and the message analysis unit is configured to analyze the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed.
In some embodiments, the apparatus further comprises: and the attack judging unit is configured to determine whether the vehicle bus message is an attack message according to the analyzed instruction.
In some embodiments, the instruction to be parsed is determined by: acquiring rule information; and performing semantic analysis on the rule information to obtain an instruction associated with the rule information, and determining the obtained instruction as an instruction to be analyzed.
In some embodiments, the attribute information of the instruction to be parsed includes: the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed.
In some embodiments, the vehicle bus message is a deep message parsing message.
In a third aspect, an embodiment of the present disclosure provides a server, including: one or more processors; a storage device having one or more programs stored thereon which, when executed by one or more processors, cause the one or more processors to implement a method as in any embodiment of a method for parsing a message.
In a fourth aspect, embodiments of the disclosure provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as in any one of the embodiments of the method for parsing a message.
The method and the device for analyzing the message provided by the embodiment of the disclosure can firstly obtain the vehicle bus message. And then, analyzing the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed. According to the method and the device provided by the embodiment of the disclosure, only the instruction needing to be analyzed in the vehicle bus message is analyzed, so that unnecessary data analysis time can be reduced, and the message analysis efficiency is improved.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which one embodiment of the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for parsing messages according to the present application;
fig. 3 is a schematic diagram of an application scenario of a method for parsing a message according to an embodiment of the present disclosure;
FIG. 4 is a flow diagram of yet another embodiment of a method for parsing messages according to the present application;
FIG. 5 is a schematic diagram illustrating an embodiment of an apparatus for parsing messages according to the present application;
FIG. 6 is a schematic block diagram of a computer system suitable for use as a server for implementing embodiments of the present disclosure.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 illustrates an exemplary system architecture 100 of a method for parsing a message or an apparatus for parsing a message to which embodiments of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include a vehicle bus system 101, a network 102, and a gateway device 103. The network 102 serves as a medium to provide a communication link between the vehicle bus system 101 and the gateway device 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The vehicle bus system 101 may interact with a gateway device 103 through a network 102 to receive or transmit messages or the like. The vehicle bus system 101 may be a vehicle bus system having various bus functions, for example, a vehicle bus system that transmits vehicle bus messages to a gateway device. The vehicle bus system may transmit the vehicle bus message to the gateway device.
The gateway device 103 may be various gateway devices, such as a gateway device that processes vehicle bus messages transmitted by the vehicle bus system 101. The gateway equipment can analyze the instruction of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be analyzed.
It should be noted that the method for parsing the packet provided by the embodiment of the present disclosure is generally executed by the gateway device 103, and accordingly, the apparatus for parsing the packet is generally disposed in the gateway device 103.
It should be understood that the number of vehicle bus systems, networks, and gateway devices in fig. 1 is merely illustrative. There may be any number of vehicle bus systems, networks, and gateway devices, as desired for implementation.
Continuing to refer to fig. 2, a flow 200 of one embodiment of a method for parsing a message according to the present application is shown. The method for analyzing the message comprises the following steps:
step 201, a vehicle bus message is obtained.
In this embodiment, an execution subject of the method for parsing a message (e.g., the gateway device 103 shown in fig. 1) may acquire a vehicle bus message from a vehicle bus system of a communication connection. The vehicle bus message is typically a message transmitted on a vehicle bus.
It should be noted that, in the embodiments of the present application, the vehicle may be various vehicles. Such as an unmanned vehicle. The vehicle may be a variety of other vehicles. Such as an aircraft, a ship.
Step 202, analyzing an instruction with attribute information matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be analyzed.
In this embodiment, since the vehicle bus message often has a specific message format, after the execution main body obtains the vehicle bus message, the execution main body may parse the obtained vehicle bus message. A vehicle bus message may typically include a plurality of commands. The command to be analyzed is usually a command to be analyzed in a vehicle bus message, which is preset by a technician. The attribute information may be information describing a certain characteristic of the instruction to be parsed. As an example, the attribute information may be an identity of the instruction to be resolved. At this time, the execution main body may find the instruction having the attribute information matched with the identity of the instruction to be analyzed from the vehicle bus message by using the identity of the instruction to be analyzed, so as to analyze the found instruction. Here, the instruction matching the id of the instruction to be analyzed may be an instruction with the same id. It should be noted that there may be one or more instructions to be parsed. When there are multiple instructions to be analyzed, the execution main body can analyze the instruction with the attribute information matched with the attribute information of the instruction to be analyzed from the vehicle bus message by adopting the attribute information of each instruction to be analyzed.
Optionally, the attribute information of the instruction to be analyzed may include, but is not limited to: the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed. Here, the execution subject may find the instruction having the attribute information of the start position and the instruction length from the vehicle bus message by using the start position and the instruction length of the instruction to be analyzed. Thereby resolving out the found instructions.
It should be noted that the instruction to be analyzed, that is, the instruction to be analyzed, is determined in advance, and only the instruction matched with the attribute information of the instruction to be analyzed may be analyzed in each subsequent vehicle bus message analysis, and all the instructions in the vehicle bus message do not need to be analyzed, so that unnecessary data analysis time may be reduced, and the message analysis efficiency may be improved.
In some optional implementations of this embodiment, the vehicle bus packet is a deep packet parsing packet. In the foregoing implementation manner, when the vehicle bus packet is a deep packet parsing packet, the execution main body may parse the vehicle bus packet by using a deep packet parsing method. Here, when the execution subject analyzes the vehicle bus message by using the deep message analysis method, the vehicle bus message can be accurately analyzed, but a large amount of computing resources are consumed. Therefore, only the command needing to be analyzed in the vehicle bus message is analyzed, and the vehicle bus message can be accurately analyzed, and meanwhile, the consumption of computing resources is reduced.
In some optional implementation manners of this embodiment, the instruction to be analyzed is determined by the following steps:
first, rule information is obtained. Here, the rule information may be rule information preset by a technician. The rule information may be various information for characterizing a rule. As an example, the rule information may be a character set "X if a + B" for characterizing a rule "X if instruction a and instruction B occur simultaneously" for a network attack event. It should be noted that the rule information may be directly stored locally, or may be stored in other electronic devices communicatively connected to the execution main body. When the rule information is stored locally, the executing agent may directly extract the locally stored rule information for processing. When the rule information is stored in another electronic device that is communicatively connected to the execution main body, the execution main body may acquire the rule information for processing by a wired connection manner or a wireless connection manner.
And secondly, performing semantic analysis on the rule information to obtain an instruction associated with the rule information, and determining the obtained instruction as an instruction to be analyzed. Here, the execution subject may perform semantic analysis on the rule information to obtain an instruction associated with the rule information. As an example, if the rule information is "if a + B, then X". Wherein, A is an instruction A, B is an instruction B, and X is a network attack event X. The execution subject may perform semantic analysis on the rule information to obtain an instruction a and an instruction B associated with the rule information. In addition, after obtaining the instruction associated with the rule information, the execution agent may determine the obtained instruction as the instruction to be analyzed. It should be noted that a plurality of instructions may be included in one piece of rule information. In addition, there may be one or more pieces of rule information. When there are multiple pieces of rule information, the execution main body may perform semantic analysis on each piece of rule information in the multiple pieces of rule information to obtain an instruction associated with the rule information, and determine the obtained instruction as an instruction to be analyzed.
It should be noted that, after the execution main body analyzes all set rule information (one or more) to obtain a plurality of (two or more) instructions to be analyzed, at this time, the obtained plurality of instructions to be analyzed may be an instruction set to be analyzed.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the method for parsing a packet according to the present embodiment. In the application scenario 300 of fig. 3, a gateway device 301 first obtains a vehicle bus packet from a vehicle bus system 302. In this case, the instructions included in the vehicle bus message include: a, B, C, D and E. Then, according to the attribute information of the predetermined command to be analyzed, analyzing the vehicle bus message to obtain a command with the attribute information matched with the attribute information: a and B.
The method for analyzing the message provided by the above embodiment of the application may first obtain the vehicle bus message. And then, analyzing the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed. According to the method provided by the embodiment of the disclosure, only the instruction needing to be analyzed in the vehicle bus message is analyzed, so that unnecessary data analysis time can be reduced, and the message analysis efficiency is improved.
With further reference to fig. 4, a flow 400 of yet another embodiment of a method for parsing a message is shown. The process 400 of the method for parsing a packet includes the following steps:
step 401, obtaining a vehicle bus message.
Step 402, analyzing an instruction with attribute information matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be analyzed.
In the present embodiment, the specific operations of steps 401-402 are substantially the same as the operations of steps 201-202 in the embodiment shown in fig. 2, and are not repeated herein.
And step 403, determining whether the vehicle bus message is an attack message or not according to the analyzed instruction.
The attack packet generally refers to a packet that occupies a network access bandwidth or a system resource of the host, so that the host cannot normally operate. The host may be an in-vehicle server.
In this embodiment, the execution subject may determine whether the vehicle bus message is an attack message by analyzing the instruction. The execution main body may analyze one instruction at a time, may analyze multiple instructions at a time, and may analyze all obtained instructions at a time. It should be noted that the instructions may generally include: at least one of data and address information. Optionally, the execution subject may determine a vehicle bus message corresponding to the instruction meeting the preset condition as an attack message. As an example, if the target address and the source address in the command are the same, the vehicle bus message corresponding to the command may be considered as an attack message. As another example, if a plurality of consecutive instructions all satisfy that the destination address and the source address are the same, the vehicle bus messages corresponding to the plurality of instructions may be considered as attack messages.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the flow 400 of the method for parsing a message in this embodiment represents a step of determining whether a vehicle bus message is an attack message based on a command to be parsed. Therefore, the scheme described in this embodiment can help to improve the message parsing efficiency, and can improve the security detection efficiency of the vehicle bus message.
With further reference to fig. 5, as an implementation of the methods shown in the above diagrams, the present application provides an embodiment of an apparatus for parsing a packet, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various servers.
As shown in fig. 5, the apparatus 500 for parsing a packet according to this embodiment includes: a message acquisition unit 501 configured to acquire a vehicle bus message; the message parsing unit 502 parses an instruction with attribute information matched with predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be parsed.
In some optional implementations of this embodiment, the apparatus may further include an attack determination unit (not shown in the figure). The attack determination unit may be configured to determine whether the vehicle bus message is an attack message according to the parsed instruction.
In some optional implementations of this embodiment, the instruction to be parsed is determined by: first, rule information is acquired. And then, performing semantic analysis on the rule information to obtain an instruction associated with the rule information. And finally, determining the obtained instruction as an instruction to be analyzed.
In some optional implementation manners of this embodiment, the attribute information of the instruction to be analyzed includes: the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed.
In some optional implementations of this embodiment, the vehicle bus packet is a deep packet parsing packet.
In the apparatus provided in the foregoing embodiment of the present application, the message obtaining unit 501 obtains a vehicle bus message. Then, the message parsing unit 502 parses an instruction with attribute information matched with predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be parsed. The device of the embodiment only analyzes the instruction needing to be analyzed in the vehicle bus message, can reduce unnecessary data analysis time, and is beneficial to improving message analysis efficiency.
Referring now to FIG. 6, shown is a block diagram of a computer system 600 suitable for use as a server in implementing embodiments of the present disclosure. The server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the method of the present application when executed by a Central Processing Unit (CPU) 601. It should be noted that the computer readable medium of the present application can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes a message acquisition unit, a message parsing unit, and an instruction matching unit. The names of these units do not in some cases form a limitation on the unit itself, and for example, the message acquisition unit may also be described as a "unit that acquires a vehicle bus message".
As another aspect, the present application also provides a computer-readable medium, which may be contained in the apparatus described in the above embodiments; or may be present separately and not assembled into the device. The computer readable medium carries one or more programs which, when executed by the apparatus, cause the apparatus to: acquiring a vehicle bus message; and analyzing the command of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the command to be analyzed.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (10)

1. A method for parsing a message, comprising:
acquiring a vehicle bus message;
analyzing an instruction of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be analyzed;
the instruction to be analyzed is determined through the following steps: acquiring rule information; and performing semantic analysis on the rule information to obtain an instruction associated with the rule information, and determining the obtained instruction as an instruction to be analyzed.
2. The method of claim 1, wherein the method further comprises:
and determining whether the vehicle bus message is an attack message or not according to the analyzed instruction.
3. The method of claim 1, wherein the attribute information of the instruction to be parsed comprises:
the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed.
4. The method according to one of claims 1 to 3, wherein the vehicle bus message is a deep message parsing message.
5. An apparatus for parsing a message, comprising:
a message acquisition unit configured to acquire a vehicle bus message;
the message analysis unit is configured to analyze an instruction of which the attribute information is matched with the predetermined attribute information from the vehicle bus message according to the predetermined attribute information of the instruction to be analyzed;
the instruction to be analyzed is determined through the following steps: acquiring rule information; and performing semantic analysis on the rule information to obtain an instruction associated with the rule information, and determining the obtained instruction as an instruction to be analyzed.
6. The apparatus of claim 5, wherein the apparatus further comprises:
and the attack judging unit is configured to determine whether the vehicle bus message is an attack message according to the analyzed instruction.
7. The apparatus of claim 5, wherein the attribute information of the instruction to be parsed includes:
the initial position of the command to be analyzed in the vehicle bus message and the command length of the command to be analyzed.
8. The apparatus of one of claims 5-7, wherein the vehicle bus message is a deep message resolution message.
9. A server, comprising:
one or more processors;
a storage device having one or more programs stored thereon,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4.
10. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-4.
CN201811625725.4A 2018-12-28 2018-12-28 Method and device for analyzing message Active CN109743310B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202111246587.0A CN113992391B (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN201811625725.4A CN109743310B (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN202111247588.7A CN113904864A (en) 2018-12-28 2018-12-28 Method and device for analyzing message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811625725.4A CN109743310B (en) 2018-12-28 2018-12-28 Method and device for analyzing message

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN202111247588.7A Division CN113904864A (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN202111246587.0A Division CN113992391B (en) 2018-12-28 2018-12-28 Method and device for analyzing message

Publications (2)

Publication Number Publication Date
CN109743310A CN109743310A (en) 2019-05-10
CN109743310B true CN109743310B (en) 2021-11-16

Family

ID=66361857

Family Applications (3)

Application Number Title Priority Date Filing Date
CN201811625725.4A Active CN109743310B (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN202111247588.7A Pending CN113904864A (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN202111246587.0A Active CN113992391B (en) 2018-12-28 2018-12-28 Method and device for analyzing message

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN202111247588.7A Pending CN113904864A (en) 2018-12-28 2018-12-28 Method and device for analyzing message
CN202111246587.0A Active CN113992391B (en) 2018-12-28 2018-12-28 Method and device for analyzing message

Country Status (1)

Country Link
CN (3) CN109743310B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314354B (en) * 2020-02-19 2021-11-16 北京天融信网络安全技术有限公司 Intelligent vehicle communication method and device, electronic equipment and readable storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156565A (en) * 2014-07-21 2014-11-19 北京航天发射技术研究所 System state analysis method and analysis device based on offline CAN bus data
CN104216391A (en) * 2013-05-31 2014-12-17 广州汽车集团股份有限公司 Automobile decoder and automotive type recognition method thereof
CN105564439A (en) * 2015-12-28 2016-05-11 广州汽车集团股份有限公司 Vehicle control method and system
CN105681199A (en) * 2015-12-29 2016-06-15 北京经纬恒润科技有限公司 Method and device for processing message data in vehicular bus
CN105703990A (en) * 2014-11-28 2016-06-22 联创汽车电子有限公司 Analysis method and construction method of CAN communication message of vehicle controller
CN106130855A (en) * 2016-07-18 2016-11-16 珠海格力电器股份有限公司 The method and device that data process
CN106817366A (en) * 2016-12-31 2017-06-09 惠州市蓝微新源技术有限公司 A kind of CAN document analysis and again store method
CN107231279A (en) * 2016-03-26 2017-10-03 深圳市沃特玛电池有限公司 A kind of message parsing method based on CAN communication
CN107656520A (en) * 2017-10-24 2018-02-02 厦门市福工动力技术有限公司 CAN data analysis method and computer-readable recording medium
CN108415408A (en) * 2018-03-16 2018-08-17 宁波杉杉汽车有限公司 Automobile packet parsing based on CAN communication and method for diagnosing faults
CN108965293A (en) * 2018-07-13 2018-12-07 智车优行科技(北京)有限公司 Message parsing method and device, electronic equipment

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002026924A (en) * 2000-07-06 2002-01-25 Denso Corp Data repeater and multiplex communication system
TWI409645B (en) * 2009-05-27 2013-09-21 Ibm Communication server and method and computer readable medium of processing messages utilizing the server
CN104247361B (en) * 2011-12-01 2018-07-24 英特尔公司 For method, equipment and the associated vehicle control system of security message filtering, and the computer-readable memory containing corresponding instruction
US8983714B2 (en) * 2012-11-16 2015-03-17 Robert Bosch Gmbh Failsafe communication system and method
CN103997489B (en) * 2014-05-09 2017-02-22 北京神州绿盟信息安全科技股份有限公司 Method and device for recognizing DDoS bot network communication protocol
CN105279421B (en) * 2014-06-19 2019-07-12 上海辇联网络科技有限公司 A kind of detection system and method for the information security based on car networking access OBD II
US10120843B2 (en) * 2014-08-26 2018-11-06 International Business Machines Corporation Generation of parsable data for deep parsing
CN105025011B (en) * 2015-06-12 2016-10-19 吉林大学 The evaluation methodology of on-vehicle information safety
US10425447B2 (en) * 2015-08-28 2019-09-24 International Business Machines Corporation Incident response bus for data security incidents
CN107566316A (en) * 2016-06-30 2018-01-09 中兴通讯股份有限公司 A kind of message parsing method, device and network processing unit
US20180062988A1 (en) * 2016-08-31 2018-03-01 Faraday&Future Inc. Ethernet communication of can signals
CN108076010B (en) * 2016-11-10 2020-09-08 中国移动通信集团广东有限公司 XML message parsing method and server
KR101856487B1 (en) * 2017-03-03 2018-06-19 주식회사 티맥스데이터 Computing device for processing parsing
JP2018170591A (en) * 2017-03-29 2018-11-01 パナソニックIpマネジメント株式会社 Communication device, communication method, and control program
CN107547572B (en) * 2017-10-13 2021-03-02 北京梆梆安全科技有限公司 CAN bus communication method based on pseudo-random number
CN108965267B (en) * 2018-06-28 2021-04-02 北京车和家信息技术有限公司 Network attack processing method and device and vehicle

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104216391A (en) * 2013-05-31 2014-12-17 广州汽车集团股份有限公司 Automobile decoder and automotive type recognition method thereof
CN104156565A (en) * 2014-07-21 2014-11-19 北京航天发射技术研究所 System state analysis method and analysis device based on offline CAN bus data
CN105703990A (en) * 2014-11-28 2016-06-22 联创汽车电子有限公司 Analysis method and construction method of CAN communication message of vehicle controller
CN105564439A (en) * 2015-12-28 2016-05-11 广州汽车集团股份有限公司 Vehicle control method and system
CN105681199A (en) * 2015-12-29 2016-06-15 北京经纬恒润科技有限公司 Method and device for processing message data in vehicular bus
CN105681199B (en) * 2015-12-29 2018-12-14 北京经纬恒润科技有限公司 The processing method and processing device of message data in a kind of vehicle bus
CN107231279A (en) * 2016-03-26 2017-10-03 深圳市沃特玛电池有限公司 A kind of message parsing method based on CAN communication
CN106130855A (en) * 2016-07-18 2016-11-16 珠海格力电器股份有限公司 The method and device that data process
CN106817366A (en) * 2016-12-31 2017-06-09 惠州市蓝微新源技术有限公司 A kind of CAN document analysis and again store method
CN107656520A (en) * 2017-10-24 2018-02-02 厦门市福工动力技术有限公司 CAN data analysis method and computer-readable recording medium
CN108415408A (en) * 2018-03-16 2018-08-17 宁波杉杉汽车有限公司 Automobile packet parsing based on CAN communication and method for diagnosing faults
CN108965293A (en) * 2018-07-13 2018-12-07 智车优行科技(北京)有限公司 Message parsing method and device, electronic equipment

Also Published As

Publication number Publication date
CN109743310A (en) 2019-05-10
CN113904864A (en) 2022-01-07
CN113992391A (en) 2022-01-28
CN113992391B (en) 2023-12-29

Similar Documents

Publication Publication Date Title
CN107330522B (en) Method, device and system for updating deep learning model
CN109766082B (en) Method and device for application program page jump
CN106815031B (en) Kernel module loading method and device
CN109976995B (en) Method and apparatus for testing
US11019096B2 (en) Combining apparatus, combining method, and combining program
CN110719215B (en) Flow information acquisition method and device of virtual network
CN109766148B (en) Method and apparatus for processing interface method calls
CN109831466B (en) Micro-service business processing method and nginx server
CN109766127B (en) Method for updating application version information
CN109669787B (en) Data transmission method and device, storage medium and electronic equipment
CN111510466B (en) Data updating method and device for client, electronic equipment and readable medium
CN114675820A (en) Service arrangement data processing method and device, electronic equipment and storage medium
CN109656799B (en) Test method and device
CN108733527B (en) System, method and apparatus for testing server functionality
CN109743310B (en) Method and device for analyzing message
CN109410920B (en) Method and device for acquiring information
CN116893912B (en) Inter-core communication method, system, device, equipment and medium for vehicle-mounted software
CN107229565B (en) Test method and device
CN109144864B (en) Method and device for testing window
CN109145591B (en) Plug-in loading method of application program
CN112948138A (en) Method and device for processing message
CN113946729A (en) Data processing method and device for vehicle, electronic equipment and medium
CN113627526A (en) Vehicle identification recognition method and device, electronic equipment and medium
CN110209959B (en) Information processing method and device
CN109298831B (en) Information storage method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20211012

Address after: 100176 Room 101, 1st floor, building 1, yard 7, Ruihe West 2nd Road, economic and Technological Development Zone, Daxing District, Beijing

Applicant after: Apollo Zhilian (Beijing) Technology Co.,Ltd.

Address before: 100085 Baidu Building, 10 Shangdi Tenth Street, Haidian District, Beijing

Applicant before: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant