CN109873835B - Message processing system and method - Google Patents
Message processing system and method Download PDFInfo
- Publication number
- CN109873835B CN109873835B CN201910249433.3A CN201910249433A CN109873835B CN 109873835 B CN109873835 B CN 109873835B CN 201910249433 A CN201910249433 A CN 201910249433A CN 109873835 B CN109873835 B CN 109873835B
- Authority
- CN
- China
- Prior art keywords
- message
- gateway
- abnormal
- cycle
- routing module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 title abstract description 22
- 230000002159 abnormal effect Effects 0.000 claims abstract description 94
- 238000001914 filtration Methods 0.000 claims abstract description 68
- 238000001514 detection method Methods 0.000 claims abstract description 10
- 238000003672 processing method Methods 0.000 claims description 20
- 230000003247 decreasing effect Effects 0.000 claims description 15
- 230000000737 periodic effect Effects 0.000 claims description 11
- 206010033799 Paralysis Diseases 0.000 abstract description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000011084 recovery Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a message processing system and a method, wherein the method comprises the following steps: the method comprises the steps that a first message filtering device is arranged, cycle abnormal message detection is carried out on a second message which needs to be received by a gateway routing module in a first message sent by a source network segment controller, and when a first difference value of receiving times of the cycle abnormal message and a normal cycle message in the second message is larger than or equal to a preset threshold value, abnormal processing is carried out, so that a high-frequency message can be prevented from being sent to a gateway maliciously, and the problem of network paralysis caused by the fact that the gateway sends the message outwards is avoided. In addition, a second message filtering device is arranged to detect a cycle abnormal message of a third message sent by the gateway routing module, and when a second difference value between the receiving times of the cycle abnormal message and the receiving times of a normal cycle message in the third message is greater than or equal to a preset threshold value, abnormal processing is performed, namely, when the message is sent to a target network segment at high frequency by the gateway, abnormal processing can be performed in time, and the bus load of the target network segment is prevented from being too high.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a message processing system and method.
Background
With the development of the internet of vehicles, the security of the CAN bus, which is one of the main communication buses of the vehicle interior network, is also more and more important.
The malicious user can enable the controller to maliciously send the high-frequency message to the gateway by breaking the automobile controller connected with the gateway in the automobile, and the gateway forwards the message to the target network segment according to the same frequency, so that the network load of the target network segment is higher, and the network paralysis is further caused. In addition, malicious users can also crack the gateway, which causes the gateway to send messages to the target network segment at high frequency, and causes the bus load of the target network segment to be too high, and the function to be influenced.
Disclosure of Invention
In view of this, the present invention provides a message processing system and method, so as to solve the problem that a controller maliciously sends a high frequency message to a gateway, and the gateway forwards the message to a target network segment according to the same frequency, which causes a higher network load of the target network segment and further causes network paralysis; and malicious users cause the gateway to send messages to the target network segment at high frequency by cracking the gateway, thereby causing the problem that the bus load of the target network segment is too high and the function is influenced.
In order to solve the technical problems, the invention adopts the following technical scheme:
a message processing system, comprising:
the gateway comprises a source network segment controller, a first message filtering device, a gateway routing module, a second message filtering device and a target network segment controller; the source network segment controller, the first message filtering device, the gateway routing module, the second message filtering device and the target network segment controller are sequentially connected;
the first message filtering device is configured to: performing cycle abnormal message detection on a second message which needs to be received by the gateway routing module in a first message sent by the source network segment controller, and performing abnormal processing when a first difference value of the receiving times of the cycle abnormal message and a normal cycle message in the second message is greater than or equal to a preset threshold value; when the first difference value is smaller than the preset threshold value, forwarding the first packet to the gateway routing module; the cycle abnormal message is a message of which the message sending cycle is not within a preset cycle range;
the second message filtering device is configured to: performing cycle abnormal message detection on a third message sent by the gateway routing module, and performing abnormal processing when a second difference value of the receiving times of the cycle abnormal message and the normal cycle message in the third message is greater than or equal to the preset threshold value; and when the second difference is smaller than the preset threshold value, forwarding a fourth message, which needs to be sent to the target network segment controller, in the third message to the target network segment controller.
Preferably, the first message filtering device is further configured to:
filtering the messages which are not in the white list received by the gateway in the first message; the gateway receiving the message in the white list comprises allowing the gateway routing module to receive the message; the gateway receives the messages in the white list, wherein the messages comprise the second message;
the second message filtering device is further configured to:
filtering the messages which are not in the white list sent by the gateway in the third message; the message in the white list sent by the gateway comprises a message which is allowed to be sent by the gateway routing module; and the message sent by the gateway in the white list comprises the fourth message.
A message processing method applied to the first message filtering device in the message processing system, the message processing method comprising:
receiving a first message sent by the source network segment controller;
calculating the difference value of the receiving times of the abnormal messages and the normal messages in the first message;
if the difference value is larger than or equal to the preset threshold value, stopping outputting the first message to the gateway routing module;
and if the difference value is smaller than the preset threshold value, outputting the first message to the gateway routing module.
Preferably, after receiving the first packet sent by the source segment controller, the method further includes:
acquiring a white list received by a gateway; the gateway receiving white list comprises an identifier allowing the gateway routing module to receive the message;
and filtering the message of which the corresponding identifier in the first message is not positioned in the gateway receiving white list.
Preferably, calculating a difference between the number of times of receiving the abnormal message in the first message and the normal message in the first message includes:
when the cycle abnormal message appears in the received first message for the first time, timing is started;
in a first preset time period after timing is started, if the cycle abnormal message appears, the counter is controlled to be increased by one, and if the normal cycle message appears, the counter is controlled to be decreased by one; the initial data of the counter is zero;
and taking the value of the counter as the difference value of the receiving times of the abnormal periodic message and the normal periodic message in the first message.
Preferably, after stopping outputting the first packet to the gateway routing module, the method further includes:
if the normal period message appears, controlling a counter to be decreased by one;
judging whether the value of the counter is not greater than a specified value;
if not, when the first messages received in a second preset time period after the value of the counter is not larger than the designated value are all the normal cycle messages, outputting the first messages.
A message processing method applied to the second message filtering device in the message processing system, the message processing method comprising:
receiving a third message sent by the gateway routing module;
calculating the difference value of the receiving times of the abnormal messages and the normal messages in the third message;
if the difference value is larger than or equal to the preset threshold value, stopping outputting the third message to the target network segment controller;
and if the difference value is smaller than the preset threshold value, outputting the third message to the target network segment controller.
Preferably, after receiving the third packet sent by the gateway routing module, the method further includes:
acquiring a white list sent by a gateway; the gateway sending white list comprises an identifier of a message which is allowed to be sent by the gateway routing module;
and filtering the message of which the corresponding identifier in the third message is not in the white list sent by the gateway.
Preferably, calculating a difference between the number of times of receiving the abnormal message in the third message and the normal message in the third message includes:
when the cycle abnormal message appears in the received third message for the first time, timing is started;
in a first preset time period after timing is started, if the cycle abnormal message appears, the counter is controlled to be increased by one, and if the normal cycle message appears, the counter is controlled to be decreased by one; the initial data of the counter is zero;
and taking the value of the counter as the difference value of the receiving times of the abnormal periodic message and the normal periodic message in the third message.
Preferably, after stopping outputting the third packet to the gateway routing module, the method further includes:
if the normal period message appears, controlling a counter to be decreased by one;
judging whether the value of the counter is not greater than a specified value;
if not, when the third message received in a second preset time period after the value of the counter is not greater than the designated value is the normal cycle message, outputting the third message.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a message processing system and a message processing method, wherein a first message filtering device is arranged between a source network segment controller and a gateway routing module, the first message filtering device is used for carrying out cycle abnormal message detection on a second message which needs to be received by the gateway routing module in the first message sent by the source network segment controller, and when a first difference value of the receiving times of the cycle abnormal message and the normal cycle message in the second message is more than or equal to a preset threshold value, abnormal processing is carried out, so that a high-frequency message can be prevented from being sent to a gateway maliciously, and the problem of network paralysis caused by the fact that the gateway sends the message outwards is avoided. In addition, a second message filtering device is arranged between the gateway routing module and the target network segment controller, the second message filtering device detects a cycle abnormal message of a third message sent by the gateway routing module, and when a second difference value of the receiving times of the cycle abnormal message and a normal cycle message in the third message is larger than or equal to a preset threshold value, abnormal processing is carried out, namely, when the message is sent to the target network segment by the gateway at high frequency, abnormal processing can be carried out timely, and the bus load of the target network segment is prevented from being too high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a network topology relationship diagram of an in-vehicle circuit according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a message processing system according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for processing a message according to an embodiment of the present invention;
fig. 4 is a flowchart of another method for processing a message according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a number of times update according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a message processing system which CAN be applied to a gateway in CAN network safety equipment in an automobile, namely, the function of the gateway is improved, and firstly, a network topology relation in the automobile is introduced by combining with a figure 1.
Specifically, an IP protocol stack 601 interconnecting networks in an automobile is connected to a gateway 501, a router 5011 is built in the gateway 501, and the gateway 501 is connected to different types of electronic control units ECU. Such as P-ECU 101-. The P-ECU101-104, the B-ECU 201 204, the C-ECU 301 304 and the D-ECU 401 can be a power network segment, a control network segment, a communication network segment, etc. The embodiment is provided to avoid that the controller maliciously sends the high-frequency message to the gateway 501 and the gateway 501 maliciously sends the high-frequency message to each network segment. The CAN network security device CAN be arranged between the controller and each network segment.
Referring to fig. 2, a message processing system, comprising:
a source network segment controller 11, a first message filtering device 12, a gateway routing module 13, a second message filtering device 14 and a target network segment controller 15; the source network segment controller 11, the first message filtering device 12, the gateway routing module 13, the second message filtering device 14 and the target network segment controller 15 are connected in sequence;
the first message filtering means 12 is configured to: performing cycle abnormal message detection on a second message which needs to be received by the gateway routing module 13 in a first message sent by the source network segment controller 11, and performing abnormal processing when a first difference value of the receiving times of the cycle abnormal message and a normal cycle message in the second message is greater than or equal to a preset threshold value; when the first difference is smaller than the preset threshold, forwarding the first packet to the gateway routing module 13; the cycle abnormal message is a message of which the message sending cycle is not within the range of a preset cycle;
the second message filtering means 14 is configured to: performing cycle abnormal message detection on a third message sent by the gateway routing module 13, and performing abnormal processing when a second difference value between the receiving times of the cycle abnormal message and the receiving times of the normal cycle message in the third message is greater than or equal to a preset threshold value; and when the second difference is smaller than the preset threshold, forwarding a fourth packet, which needs to be sent to the target network segment controller 15, in the third packet to the target network segment controller 15.
The target segment controller 15 may be, among others, various ECUs in fig. 1. The preset threshold is set by a technician according to a specific use scenario.
In this embodiment, the contents of the first packet and the second packet are not limited, and may be a control packet or a data packet.
In a preferred implementation manner of the present invention, referring to fig. 3, a calculation process of a first difference value between the reception times of the cycle abnormal packet and the normal cycle packet in the second packet is as follows:
and S11, when the cycle abnormal message appears in the received second message for the first time, timing is started.
The cycle abnormal message is a message of which the message sending cycle is not within a preset cycle range, and the cycle abnormal message is not within the preset cycle range and can be less than or equal to 5 ms. Each received message has a message period, and when the period time of the message period is less than or equal to 5ms, the message with the abnormal period is considered to appear. When the cycle abnormal message occurs, it indicates that a high frequency message may occur, that is, the source segment controller 11 may be attacked.
And S12, in a first preset time period after the timing is started, if the cycle abnormal message occurs, controlling the counter to increase by one, and if the normal cycle message occurs, controlling the counter to decrease by one.
The initial data of the counter is zero and the minimum value of the counter is zero. I.e. when the counter counts to zero, it does not count to a negative number.
The normal cycle message means that the message cycle of the received message is a normal receiving cycle. The normal reception period may be 10 ms.
For example, when the received sequence is a cycle abnormal message, and a normal cycle message, the change of the counter is 1-2-1, that is, the value of the counter is 1 finally.
S13, taking the value of the counter as the first difference value of the receiving times of the cycle abnormal message and the normal cycle message in the second message.
Specifically, the explanation is made with reference to the content in step S12.
The first message filtering device 12 is arranged between the source network segment controller 11 and the gateway routing module 13, and can prevent the source network segment controller 11 from sending a high-frequency message to the gateway routing module 13.
Optionally, on the basis of this embodiment, the first packet filtering device 12 is further configured to:
and filtering the messages which are not in the white list received by the gateway in the first message.
The gateway receives the message in the white list including the message that allows the gateway routing module 13 to receive, and the gateway receives the message in the white list including the second message.
Specifically, the gateway receiving white list includes an identifier of a message that allows the gateway routing module 13 to receive, and the message whose corresponding identifier is not in the gateway receiving white list in the first message is filtered to obtain the second message.
And setting a message receiving white list filtering mechanism for detecting whether the received first message is a message needing to be processed, and if the message is not the message in the gateway receiving white list configured by the gateway, not processing the message. If the message is received by the gateway, the subsequent operation is carried out on the first message, namely the second message after the received filtration.
The first step of filtering operation of the message is realized through the filtering operation, the message transmitted to the next step is ensured to be the message which needs to be processed by the gateway, and the processing burden of the gateway routing module 13 for processing the next step is reduced.
It should be noted that this embodiment is also a specific explanation of "a second message that needs to be received by the gateway routing module 13 in the first message sent by the source segment controller 11".
In a preferred implementation manner of the present invention, the process of calculating the second difference between the number of times of receiving the cycle abnormal packet and the number of times of receiving the normal cycle packet in the third packet may include:
1) when the cycle abnormal message appears in the received third message for the first time, timing is started;
2) in a first preset time period after timing is started, if a cycle abnormal message occurs, the counter is controlled to be increased by one, and if a normal cycle message occurs, the counter is controlled to be decreased by one; the initial data of the counter is zero;
3) and taking the value of the counter as a second difference value of the receiving times of the abnormal message and the normal message in the third message.
For a detailed explanation of steps 1, 2 and 3 in this embodiment, please refer to the contents of steps S11-S13 in the above embodiment, which is not repeated herein.
The second message filtering device 14 is arranged between the target network segment controller 15 and the gateway routing module 13, and can prevent the gateway routing module 13 from sending high-frequency messages to the target network segment controller 15.
Optionally, on the basis of this embodiment, the second packet filtering device 14 is further configured to:
filtering the messages which are not in the white list sent by the gateway in the third message; the message in the white list sent by the gateway includes a message which allows the gateway routing module 13 to send; the message sent by the gateway in the white list comprises a fourth message.
Specifically, the gateway transmission white list includes an identifier of a packet that is allowed to be transmitted by the gateway routing module 13, and the packet whose corresponding identifier is not in the gateway transmission white list is filtered.
The second message filtering device 14 is different from the first message filtering device 12 in that the first message filtering device 12 filters messages that are not allowed to be received by the gateway, and the first message filtering device 12 filters messages that are not allowed to be sent by the gateway.
By setting a message filtering mechanism, the gateway can be prevented from sending a fast-cycle message after being illegally invaded, so that the target network segment bus is abnormal.
It should be noted that this embodiment is also a specific explanation of "the fourth message that needs to be sent to the target network segment controller 15 in the third message".
In this embodiment, a first packet filtering device 12 is disposed between the source segment controller 11 and the gateway routing module 13, the first packet filtering device 12 performs cycle abnormal packet detection on a second packet that needs to be received by the gateway routing module 13 in the first packet sent by the source segment controller 11, and when a first difference between the receiving times of the cycle abnormal packet in the second packet and the receiving times of the normal cycle packet is greater than or equal to a preset threshold, performs abnormal processing, that is, can prevent a high-frequency packet from being maliciously sent to the gateway, thereby avoiding a network paralysis problem caused by the gateway sending a packet to the outside. In addition, a second message filtering device 14 is arranged between the gateway routing module 13 and the target network segment controller 15, the second message filtering device 14 performs cycle abnormal message detection on a third message sent by the gateway routing module 13, and when a second difference value between the receiving times of the cycle abnormal message and the receiving times of the normal cycle message in the third message is greater than or equal to a preset threshold value, abnormal processing is performed, that is, when the message is sent to the target network segment at high frequency by the gateway, abnormal processing is performed in time, and the bus load of the target network segment is prevented from being too high.
In addition, the embodiment can prevent the source network segment node of the gateway from sending the message to the gateway at high frequency because of abnormality, and the route of the gateway leads to the bus fault of the target network segment. Meanwhile, the gateway itself is prevented from sending messages to the target network segment controller at high frequency after being attacked abnormally, and the bus fault or paralysis of the target network segment is directly caused. The invention is also applicable to gateways with or without operating systems, and does not depend on hardware and operating systems. The invention CAN be applied to CAN networks.
In addition, a message filtering mechanism is arranged, so that the workload of the gateway routing module 13 and the target network segment controller 15 in the message processing system can be reduced.
Optionally, on the basis of the embodiment of the message processing system, another embodiment of the present invention provides a message processing method, which is applied to the first message filtering apparatus 12 in the message processing system, and referring to fig. 4, the message processing method may include:
s21, receiving a first message sent by the source network segment controller 11;
s22, calculating the difference value of the receiving times of the cycle abnormal message and the normal cycle message in the first message;
it should be noted that, for the specific explanation of step S11-12, please refer to the corresponding explanation in the above embodiments, which is not repeated herein.
And S23, if the difference is greater than or equal to the preset threshold, stopping outputting the first message to the gateway routing module 13.
Specifically, in the above embodiment, the specific implementation manner of the exception handling in the "when the first difference between the receiving times of the cycle exception packet in the second packet and the receiving time of the normal cycle packet is greater than or equal to the preset threshold, the high frequency packet is prevented from being sent to the gateway routing module 13 by stopping outputting the first packet. That is, the received first message is a malicious message, and the output of the first message should be prohibited.
Message fault information may also be recorded and output after the first message stops being output.
Specifically, if the output of the first message is stopped, the relevant fault is recorded and fault information is output, for example, the fault information is output to a display interface of the instrument panel.
And when the receiving period of the message is recovered to the normal state, outputting the message and transmitting normal information to a display interface of the instrument panel.
The module for recording and outputting message fault information is a fault module in a gateway in the CAN network safety equipment, and the module is responsible for the recovery and notification mechanism of relevant faults. The processing mechanism of the part mainly depends on the processing mode of the fault in the actual vehicle.
And S24, if the difference is smaller than the preset threshold, outputting the first message to the gateway routing module 13.
When the difference is smaller than the preset threshold, it indicates that an abnormal packet occasionally occurs, that is, most of the abnormal packet is a normal packet, and the performance of the gateway routing module 13 is not affected at this time, and the first packet may be output at this time.
Specifically, several letters having specific meanings are set in the present embodiment.
T R _ cycle: the period of the current message received;
TR _ normal: a normal receiving period of the message;
TR _ min: a minimum period threshold value of the message;
t R _ error: the message considers the error duration value;
TR _ receiver: and after the message is recovered to be normal, considering the duration of the message without problems.
Referring to fig. 5, assuming that a normal transmission of a first message MsgA, i.e. a period in a normal Normol state, is TR _ normal, and a minimum period that the message can tolerate is TR _ min (T R _ min < T R _ normal), when the period T R _ cycle of the received first message is less than or equal to T R _ min, the counter N of the first message is incremented by 1 every time a frame is received, and the message state is Warning. When the counter N is added to T R _ error/T R _ min times (when T R _ error/T R _ min is not an integer, the count is rounded down), namely after a preset threshold value, the first message is considered to be abnormal, and the state of the message is an error. And after the abnormity is found, the first message is not output but the abnormity is directly processed.
If the received first message cycle is detected to be less than TR _ min, but the cycle of a few frames of messages is normal occasionally, namely greater than T R _ min, every time a message of a normal cycle is received, N is reduced by 1, and if an abnormal message is received again, N continues to be accumulated.
Optionally, on the basis of this embodiment, after step S21, the method may further include:
acquiring a white list received by a gateway; the gateway reception white list includes an identifier of a packet that allows the gateway routing module 13 to receive, and performs filtering processing on a packet whose corresponding identifier is not in the gateway reception white list in the first packet.
For a detailed explanation of this step, please refer to the corresponding explanation in the above embodiments, which is not repeated herein.
Optionally, on the basis of this embodiment, step S22 may include:
1) when a first received message has a cycle abnormal message for the first time, timing is started;
2) in a first preset time period after timing is started, if a cycle abnormal message occurs, the counter is controlled to be increased by one, and if a normal cycle message occurs, the counter is controlled to be decreased by one; the initial data of the counter is zero;
3) and taking the value of the counter as the difference value of the receiving times of the abnormal message and the normal message in the first message.
It should be noted that, for explanation of each step in this embodiment, please refer to corresponding descriptions in the above embodiments, which are not described herein again.
Optionally, on the basis of this embodiment, after step S24, the method may further include:
1) if the normal period message appears, controlling the counter to be decreased by one;
2) judging whether the value of the counter is not greater than a specified value;
3) if not, when the first messages received in a second preset time period after the value of the counter is not larger than the designated value are all normal cycle messages, outputting the first messages.
Specifically, referring to fig. 5, after the first message is stopped being output, the first message is continuously received at this time, and the counter is updated according to the above manner, and if the count of the counter is gradually decreased and is decreased to a specified value, for example, zero, a second preset time period is entered.
If the time of TR _ receiver (N is TR _ receiver/TR _ normal) continues, that is, no cycle abnormal message is received in the second preset time period, the fault is considered to be recovered, and the first message needs to be output. And simultaneously carrying out related fault recovery processing.
In this embodiment, a message abnormal cycle number updating mechanism is set, and whether an abnormal message is received can be determined according to the change of the number. In addition, a message exception handling mechanism is also arranged, and exception handling can be carried out when a message exception occurs.
Optionally, on the basis of the above embodiment of the message processing system and the message processing method applied to the first message filtering device 12, another embodiment of the present invention provides a message processing method applied to the second message filtering device 14 in the above message processing system, where the message processing method includes:
1) receiving a third message sent by the gateway routing module 13;
2) calculating the difference value of the receiving times of the cycle abnormal message and the normal cycle message in the third message;
3) if the difference is greater than or equal to the preset threshold, stopping outputting the third message to the target network segment controller 15;
4) and if the difference is smaller than the preset threshold, outputting a third message to the target network segment controller 15.
Optionally, on the basis of this embodiment, after receiving the third packet sent by the gateway routing module 13, the method further includes:
acquiring a white list sent by a gateway; the gateway transmission white list includes an identifier of a packet allowed to be transmitted by the gateway routing module 13;
and filtering the message of which the corresponding identifier in the third message is not in the white list sent by the gateway.
Optionally, on the basis of this embodiment, calculating a difference between the number of times of receiving the abnormal periodic packet and the normal periodic packet in the third packet includes:
when the cycle abnormal message appears in the received third message for the first time, timing is started;
in a first preset time period after timing is started, if a cycle abnormal message occurs, the counter is controlled to be increased by one, and if a normal cycle message occurs, the counter is controlled to be decreased by one; the initial data of the counter is zero;
and taking the value of the counter as the difference value of the receiving times of the abnormal message and the normal message in the third message.
Optionally, on the basis of this embodiment, after stopping outputting the third packet to the gateway routing module 13, the method further includes:
if the normal period message appears, controlling the counter to be decreased by one;
judging whether the value of the counter is not greater than a specified value;
if not, when the third messages received in a second preset time period after the value of the counter is not larger than the designated value are all normal periodic messages, outputting the third messages.
It should be noted that the working process of the second message filtering device 14 is similar to the working process of the first message filtering device 12, please refer to the working process of the first message filtering device 12, and details are not repeated herein.
In this embodiment, a message abnormal cycle number updating mechanism is set, and whether an abnormal message is received can be determined according to the change of the number. In addition, a message exception handling mechanism is also arranged, and exception handling can be carried out when a message exception occurs.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A message processing system, comprising:
the gateway comprises a source network segment controller, a first message filtering device, a gateway routing module, a second message filtering device and a target network segment controller; the source network segment controller, the first message filtering device, the gateway routing module, the second message filtering device and the target network segment controller are sequentially connected;
the first message filtering device is configured to: performing cycle abnormal message detection on a second message which needs to be received by the gateway routing module in a first message sent by the source network segment controller, and performing abnormal processing when a first difference value of the receiving times of the cycle abnormal message and a normal cycle message in the second message is greater than or equal to a preset threshold value; when the first difference value is smaller than the preset threshold value, forwarding the first packet to the gateway routing module; the cycle abnormal message is a message of which the message sending cycle is not within a preset cycle range;
the second message filtering device is configured to: performing cycle abnormal message detection on a third message sent by the gateway routing module, and performing abnormal processing when a second difference value of the receiving times of the cycle abnormal message and the normal cycle message in the third message is greater than or equal to the preset threshold value; and when the second difference is smaller than the preset threshold value, forwarding a fourth message, which needs to be sent to the target network segment controller, in the third message to the target network segment controller.
2. The message processing system of claim 1, wherein the first message filtering means is further configured to:
filtering the messages which are not in the white list received by the gateway in the first message; the gateway receiving the message in the white list comprises allowing the gateway routing module to receive the message; the gateway receives the messages in the white list, wherein the messages comprise the second message;
the second message filtering device is further configured to:
filtering the messages which are not in the white list sent by the gateway in the third message; the message in the white list sent by the gateway comprises a message which is allowed to be sent by the gateway routing module; and the message sent by the gateway in the white list comprises the fourth message.
3. A message processing method applied to the first message filtering apparatus in the message processing system according to claim 1, the message processing method comprising:
receiving a first message sent by the source network segment controller;
calculating the difference value of the receiving times of the abnormal messages and the normal messages in the first message;
if the difference value is larger than or equal to the preset threshold value, stopping outputting the first message to the gateway routing module;
and if the difference value is smaller than the preset threshold value, outputting the first message to the gateway routing module.
4. The message processing method according to claim 3, further comprising, after receiving the first message sent by the source segment controller:
acquiring a white list received by a gateway; the gateway receiving white list comprises an identifier allowing the gateway routing module to receive the message;
and filtering the message of which the corresponding identifier in the first message is not positioned in the gateway receiving white list.
5. The message processing method according to claim 3, wherein calculating the difference between the number of times of receiving the abnormal message in the first message and the normal message in the first message comprises:
when the cycle abnormal message appears in the received first message for the first time, timing is started;
in a first preset time period after timing is started, if the cycle abnormal message appears, the counter is controlled to be increased by one, and if the normal cycle message appears, the counter is controlled to be decreased by one; the initial data of the counter is zero;
and taking the value of the counter as the difference value of the receiving times of the abnormal periodic message and the normal periodic message in the first message.
6. The message processing method according to claim 3, further comprising, after stopping outputting the first message to the gateway routing module:
if the normal period message appears, controlling a counter to be decreased by one;
judging whether the value of the counter is not greater than a specified value;
if not, when the first messages received in a second preset time period after the value of the counter is not larger than the designated value are all the normal cycle messages, outputting the first messages.
7. A message processing method applied to the second message filtering apparatus in the message processing system according to claim 1, the message processing method comprising:
receiving a third message sent by the gateway routing module;
calculating the difference value of the receiving times of the abnormal messages and the normal messages in the third message;
if the difference value is larger than or equal to the preset threshold value, stopping outputting the third message to the target network segment controller;
and if the difference value is smaller than the preset threshold value, outputting the third message to the target network segment controller.
8. The message processing method according to claim 7, further comprising, after receiving the third message sent by the gateway routing module:
acquiring a white list sent by a gateway; the gateway sending white list comprises an identifier of a message which is allowed to be sent by the gateway routing module;
and filtering the message of which the corresponding identifier in the third message is not in the white list sent by the gateway.
9. The message processing method according to claim 7, wherein calculating the difference between the number of times of receiving the abnormal message in the third message and the normal message in the third message comprises:
when the cycle abnormal message appears in the received third message for the first time, timing is started;
in a first preset time period after timing is started, if the cycle abnormal message appears, the counter is controlled to be increased by one, and if the normal cycle message appears, the counter is controlled to be decreased by one; the initial data of the counter is zero;
and taking the value of the counter as the difference value of the receiving times of the abnormal periodic message and the normal periodic message in the third message.
10. The message processing method according to claim 7, further comprising, after stopping outputting the third message to the gateway routing module:
if the normal period message appears, controlling a counter to be decreased by one;
judging whether the value of the counter is not greater than a specified value;
if not, when the third message received in a second preset time period after the value of the counter is not greater than the designated value is the normal cycle message, outputting the third message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910249433.3A CN109873835B (en) | 2019-03-29 | 2019-03-29 | Message processing system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910249433.3A CN109873835B (en) | 2019-03-29 | 2019-03-29 | Message processing system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109873835A CN109873835A (en) | 2019-06-11 |
| CN109873835B true CN109873835B (en) | 2021-03-23 |
Family
ID=66921663
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910249433.3A Active CN109873835B (en) | 2019-03-29 | 2019-03-29 | Message processing system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109873835B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110149348A (en) * | 2019-06-20 | 2019-08-20 | 北京经纬恒润科技有限公司 | The means of defence and device of In-vehicle networking |
| CN110881212B (en) * | 2019-12-09 | 2023-08-25 | Oppo广东移动通信有限公司 | Method and device for saving power of equipment, electronic equipment and medium |
| CN111641542B (en) * | 2020-05-27 | 2021-08-06 | 东风柳州汽车有限公司 | Adaptive adjustment control method and device, gateway terminal and storage medium |
| CN113904922B (en) * | 2021-09-06 | 2024-04-19 | 东风柳州汽车有限公司 | Gateway configuration method and device |
| CN113946147A (en) * | 2021-09-26 | 2022-01-18 | 东风商用车有限公司 | CAN message diagnosis method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100576013B1 (en) * | 2004-10-27 | 2006-05-02 | 삼성전자주식회사 | Method for defence of communication network from tcp syn flood attack |
| CN105592055A (en) * | 2015-09-18 | 2016-05-18 | 杭州华三通信技术有限公司 | Anti-attack method and device for TCP SYN FLOOD |
| CN106357688A (en) * | 2016-11-04 | 2017-01-25 | 中国联合网络通信集团有限公司 | Method and device for defending Internet Control Message Protocol (ICMP) flood attack |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7609625B2 (en) * | 2005-07-06 | 2009-10-27 | Fortinet, Inc. | Systems and methods for detecting and preventing flooding attacks in a network environment |
-
2019
- 2019-03-29 CN CN201910249433.3A patent/CN109873835B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100576013B1 (en) * | 2004-10-27 | 2006-05-02 | 삼성전자주식회사 | Method for defence of communication network from tcp syn flood attack |
| CN105592055A (en) * | 2015-09-18 | 2016-05-18 | 杭州华三通信技术有限公司 | Anti-attack method and device for TCP SYN FLOOD |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN106357688A (en) * | 2016-11-04 | 2017-01-25 | 中国联合网络通信集团有限公司 | Method and device for defending Internet Control Message Protocol (ICMP) flood attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109873835A (en) | 2019-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109873835B (en) | Message processing system and method | |
| US11438355B2 (en) | In-vehicle network anomaly detection system and in-vehicle network anomaly detection method | |
| JP6093031B2 (en) | Data transmission using protocol exception status | |
| US11711384B2 (en) | Method and system for detecting message injection anomalies | |
| CN109716711B (en) | Gateway, in-vehicle communication system, communication control method, and computer-readable recording medium | |
| WO2014115455A1 (en) | Network device and data sending and receiving system | |
| JP5486131B2 (en) | Method and apparatus for data transmission with variable bit length | |
| US20180255072A1 (en) | Communication device | |
| US11888866B2 (en) | Security module for a CAN node | |
| CN111147437A (en) | Attributing bus disconnect attacks based on erroneous frames | |
| CN110808873A (en) | Method and device for detecting link failure | |
| WO2017006537A1 (en) | Communication method, program and communication device using same | |
| US20200136861A1 (en) | Switch device, communication control method, and recording medium | |
| CN113924753A (en) | Vehicle-mounted communication system, vehicle-mounted device, and vehicle communication method | |
| US11700271B2 (en) | Device and method for anomaly detection in a communications network | |
| CN113169966A (en) | Method for monitoring a data transmission system, data transmission system and motor vehicle | |
| US12009945B2 (en) | Communication system, relay device, reception device, and communication control method | |
| JP2009105549A (en) | Communication apparatus and communication system | |
| EP2182674A1 (en) | Method for updating the status of network devices and device implementing the method | |
| KR20180029848A (en) | System for verification of non-registered device based on imformation of ethernet switch and method for the same | |
| US20200177414A1 (en) | Relay Device | |
| WO2020105657A1 (en) | Onboard relay device and relay method | |
| US20180241770A1 (en) | Communication system and repeater | |
| CN115346287B (en) | Information configuration method and device | |
| WO2023174055A1 (en) | Message transmission method and communication apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 4 / F, building 1, No.14 Jiuxianqiao Road, Chaoyang District, Beijing 100020 Applicant after: Beijing Jingwei Hirain Technologies Co.,Inc. Address before: 8 / F, block B, No. 11, Anxiang Beili, Chaoyang District, Beijing 100101 Applicant before: Beijing Jingwei HiRain Technologies Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |