CN110445810B - Vehicle control system network security detection method based on multistage feedback queue - Google Patents

Vehicle control system network security detection method based on multistage feedback queue Download PDF

Info

Publication number
CN110445810B
CN110445810B CN201910863033.1A CN201910863033A CN110445810B CN 110445810 B CN110445810 B CN 110445810B CN 201910863033 A CN201910863033 A CN 201910863033A CN 110445810 B CN110445810 B CN 110445810B
Authority
CN
China
Prior art keywords
security
detection
event
queue
security event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910863033.1A
Other languages
Chinese (zh)
Other versions
CN110445810A (en
Inventor
何占博
王颖
陈慧龙
郑德利
宋悦
高飞
刘军
王黎
朱琳
闫丛
张晛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jinghang Computing Communication Research Institute
Original Assignee
Beijing Jinghang Computing Communication Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jinghang Computing Communication Research Institute filed Critical Beijing Jinghang Computing Communication Research Institute
Priority to CN201910863033.1A priority Critical patent/CN110445810B/en
Publication of CN110445810A publication Critical patent/CN110445810A/en
Application granted granted Critical
Publication of CN110445810B publication Critical patent/CN110445810B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention belongs to the technical field of vehicle control system network security detection, and particularly relates to a vehicle control system network security detection method based on a multistage feedback queue, which is implemented based on a detection system, and comprises the following steps: the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network device vulnerability scanning module, a security vulnerability and security event POC (point of sale) library, a security event priority queuing module, a security event backup queue registering module and a security event injection detection module; according to the method, the safety event queues for injection detection are sequentially generated, and the safety events are injected and detected by adopting a multi-stage feedback queue rotary scheduling mechanism, so that the vehicle control network security loopholes and vulnerabilities can be accurately positioned, and the network security detection target of the autonomous controllable vehicle control system is achieved. The scheme has high automation degree, a safety event injection detection mechanism is reasonable, efficient and accurate, a detection scene is matched with the real attack behavior of an attacker, and the whole process of network safety detection is independently controllable.

Description

Vehicle control system network security detection method based on multistage feedback queue
Technical Field
The invention belongs to the technical field of vehicle control system network security detection, and particularly relates to a vehicle control system network security detection method based on a multistage feedback queue.
Background
The vehicle Control system is one of the important branches of an industrial Control system, and a vehicle Control system network mainly comprises a gateway, a system bus, an Electronic Control Unit (ECU), various vehicle-mounted devices, a subsystem function module and the like. A vehicle control Network generally implements a distributed electronic system control of a vehicle in a bus combination manner in which a Controller Area Network (CAN) bus is used as a main bus and a Local Interconnect Network (LIN) and other low-cost buses are used as auxiliary buses. The vehicle control network generally integrates five CAN subnets of a power assembly, vehicle body control, chassis control, diagnostic control and commercial information through a gateway, each CAN subnet is used for mounting a related subordinate subsystem ECU, in addition, part of vehicle controllers such as a vehicle key switch, a constant speed cruise switch and the like are directly connected with the gateway or a CAN bus, and a vehicle body control LIN network such as a vehicle window, a steering lamp and the like is accessed to the vehicle body control CAN through a vehicle Body Control Module (BCM). With the development of wireless network technology, most vehicle models are currently provided with wireless communication modules, the wireless communication modules are accessed into a bus network in a Bluetooth (such as tire pressure monitoring) mode, a radio frequency signal (such as an electronic key) mode and the like, and equipment modules such as a vehicle-mounted central control computer and a remote control Tbox are interconnected with an external network through a wireless mobile communication technology.
The traditional vehicle control system network integrates a large number of personalized and customized bus states, electronic equipment and application systems, and faces a plurality of security risks such as network protocol attack, replay attack, reverse engineering, vulnerability injection, unauthorized access, illegal access of physical ports and the like. For emerging automatic driving technologies, the safety of a vehicle control network is more complex, the risk points are more, and the autonomous controllability is poorer, and automatic driving means that once the vehicle control right is maliciously hijacked, personal safety, traffic safety and even social safety are directly threatened. At present, the network security risk of the vehicle control system is mainly embodied in three aspects: 1) the lack of network protection devices results in insufficient boundary protection capabilities: the vehicle control network has the characteristics of mobility, specificity, closure and the like, and the limit factors such as computing resources, equipment power consumption, performance attenuation and the like are considered, so that the vehicle control network cannot be adapted to perfect safety reinforcement and protection equipment such as a firewall, intrusion prevention, flow control, access authentication and the like, and the boundary protection capability of the vehicle control network is limited; 2) the design of the vehicle control network protocol has security holes: the vehicle control network adopts standard buses such as a public CAN (controller area network), the perfect security encryption, security authentication and boundary protection mechanisms are lacked, part of electronic equipment is directly connected with the control bus, and the risk of malicious intrusion of the vehicle control network is further increased based on application scenes such as electronic keys of near-field wireless networks such as Bluetooth and radio frequency signals, Tire Pressure Monitoring (TPMS) and the like. An attacker can easily access the vehicle control network through an OBD debugging interface or a bus node, forge control information and inject the forged control information into the vehicle control network, and crack and tamper a vehicle control protocol message transmitted in a clear text by means of message interception, protocol analysis and the like, so that the vehicle control network is controlled or damaged; 3) the network security detection method of the vehicle control system needs to be improved: the traditional vehicle control network security detection adopts manual work, sequentially accesses a vehicle control bus through an OBD interface one by one, intercepts messages, cracks a protocol, and injects security events by using vulnerabilities to verify the network security level of a vehicle control system, the whole process of security event injection detection needs high participation of manual work, the automation degree is low, in addition, attacker behaviors have no invariable fixed mode, and the existing non-autonomous controllable security event injection detection mechanism cannot simulate scenes such as more real attacker attack behaviors.
From the above analysis, the network security detection technology of the current vehicle control system mainly has the following defects: due to the insufficient protection capability of the vehicle control network boundary and the security loophole of the protocol design, the existing vehicle control system network security detection technology has no detection target which has the advantages of higher automation degree, more reasonable security event injection detection mechanism, more fit real attack behavior in the detection scene and more autonomous and controllable detection process. Therefore, for accurately verifying the network security level of the vehicle control system, it is necessary to design a vehicle control system network security detection method based on a multistage feedback queue, which has the advantages of higher automation degree, more reasonable, more efficient and more accurate security event injection detection mechanism, more appropriate real attack behavior in detection scene, and more autonomous and controllable vehicle control system network security detection in the whole security detection process.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: aiming at the technical field of vehicle control system network safety detection, how to overcome the defects of the prior art, a vehicle control system network safety detection method based on a multistage feedback queue is provided.
(II) technical scheme
In order to solve the technical problems, the invention provides a vehicle control system network security detection method based on a multistage feedback queue, which is implemented based on a vehicle control system network security detection system, wherein the vehicle control system network security detection system based on the multistage feedback queue comprises a security event matching generation area and a security event injection detection area;
wherein the security event matching generation area comprises: the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network device vulnerability scanning module, a security vulnerability and security event POC (point of sale) library, a security event priority queuing module and a security event backup queue registering module; the security event injection detection zone comprises: a safety event injection detection module and a target vehicle control system network;
the vehicle control network topology detection module comprises: the system comprises a bus network topology detection unit, a vehicle-mounted wireless communication equipment detection unit and a network topology information sending unit;
the vehicle control network protocol analysis module comprises: the device comprises a protocol data message storage unit, a bus protocol vulnerability scanning unit, a bus protocol analysis unit, a bus protocol comparison unit, a known protocol detection unit, an unknown protocol detection unit, a data message replay detection unit and a network protocol analysis information sending unit;
the vulnerability scanning module of the vehicle control network equipment comprises: the system comprises a bus gateway firmware safety detection unit, a bus gateway flow control detection unit, an OBD interface safety detection unit and a vulnerability scanning result information sending unit;
the security hole and security event POC library comprises: the system comprises a security vulnerability database, a security event POC database, a security event set generation unit and a security event set sending unit; the security vulnerability database is used for storing vehicle control network security vulnerabilities, and the vulnerabilities comprise five attributes of CVE numbers, vulnerability names, vulnerability feature descriptions, vulnerability threat levels and associated security event identifications; the security event POC library is used for storing security events for detecting vulnerabilities, the security events are correlated with vulnerabilities in the security vulnerability library, a bidirectional tracking relation is established, the security event POC library configures an attribute state control table for each security event, and the attribute state control table comprises unique identification of the security events, correlated vulnerability CVE _ ID, security event priority, scheduling state information of an injection detection process, signature state information of an injection detection result, a detection standard time period and a detection unfinished counter;
the security event injection detection module comprises: the system comprises a safety event ready queue set, a safety event blocking queue, a ready scheduling unit, a blocking scheduling unit, a multi-level feedback scheduling unit and an injection detection execution unit; the safety event ready queue set comprises safety event ready queues R1, R2, …, Rk and k can be defined by users, the queue lengths are all Rlen and are used for storing safety events waiting for being scheduled by a multi-stage feedback scheduling unit, and the scheduling priority is R1, R2, … and Rk; the safety event blocking queue is used for storing safety events which need to be rescheduled or are inapplicable and are returned by the injection detection execution unit in the injection detection process, and storing inapplicable safety events returned by the multistage feedback scheduling unit in the multistage feedback scheduling process, wherein the queue length is Blen;
the method comprises the following steps:
step 1: the bus network topology detection unit in the vehicle control network topology detection module detects a bus network topology structure of a target vehicle control system network according to a user instruction and acquires subnet state information of the target vehicle control system network; the vehicle-mounted wireless communication equipment detection unit detects vehicle-mounted wireless communication equipment information;
the network topology information sending unit receives the bus network topology structure, the subnet state information and the vehicle-mounted wireless communication equipment information, sends the bus network topology structure and the subnet state information to the vehicle control network protocol analysis module, and sends the bus network topology structure and the vehicle-mounted wireless communication equipment information to the vehicle control network equipment vulnerability scanning module;
step 2: the protocol data message storage unit in the vehicle control network protocol analysis module receives the bus network topology structure and the subnet state information sent by the network topology information sending unit, and collects and stores the protocol data message in the bus network;
the bus protocol vulnerability scanning unit carries out bus protocol vulnerability scanning on the protocol data message to generate a bus protocol vulnerability scanning result;
the bus protocol analysis unit is used for carrying out bus protocol analysis on the protocol data message to generate a bus protocol analysis result;
the bus protocol comparison unit compares the bus protocol of the protocol data message, judges whether the bus network is illegally tampered, and generates a bus protocol comparison result;
the known protocol detection unit carries out the security test of the known protocol on the protocol data message to generate a known protocol detection result;
the unknown protocol detection unit carries out security test of an unknown protocol on the protocol data message to generate an unknown protocol detection result;
the data message replay detection unit replays the acquired protocol data message, detects the replay attack resistance of the bus protocol, and generates a data message replay detection result;
the network protocol analysis information sending unit integrates a bus protocol vulnerability scanning result, a bus protocol analysis result, a bus protocol comparison result, a known protocol detection result, an unknown protocol detection result and a data message replay detection result into vehicle control network protocol analysis result information and sends the vehicle control network protocol analysis result information to the security vulnerability and security event POC library;
and step 3: the bus gateway firmware safety detection unit in the vehicle control network equipment vulnerability scanning module receives the bus network topological structure and the vehicle-mounted wireless communication equipment information sent by the network topological information sending unit, detects the safety of the bus network gateway firmware, detects whether the firmware has a logic vulnerability or not and has an illegal upgrading and tampering prevention mechanism or not, and generates a bus gateway firmware safety detection result;
the bus gateway flow control detection unit detects whether the gateway can control the flow of each subnet according to the bus network topology structure, and generates a bus gateway flow control detection result;
the OBD interface safety detection unit detects the safety of the OBD interface according to the bus network topological structure, detects whether a full-network message can be acquired through the OBD interface or not, and generates an OBD interface safety detection result;
the vulnerability scanning result information sending unit integrates the bus gateway firmware security detection result, the bus gateway flow control detection result and the OBD interface security detection result into vehicle control network equipment vulnerability scanning result information and sends the vulnerability scanning result information to a security vulnerability and security event POC (point of sale) library;
and 4, step 4: the security event set generation unit in the security vulnerability and security event POC library receives vehicle control network protocol analysis result information sent by a vehicle control network protocol analysis module and vehicle control network equipment vulnerability scanning result information sent by a vehicle control network equipment vulnerability scanning module, extracts the CVE number, vulnerability name and vulnerability feature description information of each vulnerability in the vehicle control network protocol analysis result information and the vehicle control network equipment vulnerability scanning result information, matches the corresponding attributes of the existing vulnerabilities in the security vulnerability library according to the three vulnerability attribute information, generates a discovered vulnerability set after matching is completed, and further searches and generates a security event set associated with all discovered vulnerabilities according to the associated security event identification in the vulnerability attributes;
the security event set comprises security events and an attribute state control table thereof, the priority of the security events in the attribute state control table is assigned according to the threat level of corresponding vulnerabilities tracked reversely, and the higher the threat level of the vulnerabilities is, the higher the priority of the security events is and the larger the numerical value is;
the security event set sending unit sends the generated security event set to a security event priority queuing module;
and 5: the security event priority queuing module receives a security vulnerability and a security event set sent by a security event POC library, performs bubbling sequencing according to the security event priority numerical value in an attribute state control table of the security event, generates a security event backup queue taking the security event with the largest event priority numerical value as the head of the queue and the security event with the smallest event priority numerical value as the tail of the queue, and sends the security event backup queue to a security event backup queue registering module, wherein the queue length is Olen;
step 6: the security event backup queue registering module receives a security event backup queue sent by the security event priority queuing module, stores the security event backup queue in a queue form in sequence, and sends a detection start trigger signal to the security event injection detection module after the storage is finished;
and 7: in the safety event injection detection module, the ready scheduling unit continuously monitors whether a detection start trigger signal is received, monitors the states of a safety event ready queue R1, a safety event blocking queue and a safety event backup queue under the condition of receiving the detection start trigger signal, and schedules the safety events in the safety event blocking queue or the safety event backup queue into a safety event ready queue R1 according to the scheduling rules and procedures of the ready scheduling unit and the blocking scheduling unit;
the multi-stage feedback scheduling unit takes down the safety events from the head of a safety event ready queue Ri one by one and sends the safety events to the injection detection execution unit for executing safety detection, the multi-stage feedback scheduling unit monitors the detection state of the injection detection execution unit in real time, and when no safety event which is detecting is being implemented in the injection detection execution unit, the multi-stage feedback scheduling unit schedules the next safety event to the injection detection execution unit;
the injection detection execution unit sets the scheduling state information of the injection detection process of the attribute state control table of the safety event as 'injection' after receiving the safety event sent by the multi-stage feedback scheduling unit, starts to execute safety detection to a target vehicle control system network, monitors the detection time and result in real time, and receives the next safety event sent by the multi-stage feedback scheduling unit when no safety event which is currently detected is detected in the injection detection execution unit.
(III) advantageous effects
The invention aims at the technical field of vehicle control system network security detection, overcomes the defects of the prior art, and provides a vehicle control system network security detection method based on a multistage feedback queue.
According to the scheme, a safety event queue for injection detection is generated through automatic control processes such as topology detection, protocol analysis, vulnerability scanning, safety event matching generation, priority queuing and registering and the like aiming at a vehicle control system network, and a multi-level feedback queue rotation scheduling mechanism is adopted to inject detection safety events, so that the network safety vulnerabilities and vulnerabilities of the vehicle control system can be more reasonably, efficiently and accurately positioned, and the target of network safety detection of the autonomous controllable vehicle control system is achieved. The scheme has the advantages of higher automation degree, more reasonable, more efficient and more accurate safety event injection detection mechanism, more fit for real attack behaviors in a detection scene, more independent and controllable overall process of network safety detection of the vehicle control system and the like.
Specifically, compared with the prior art, the invention has the following beneficial effects:
(1) according to the method, by aiming at the automatic control processes of topology detection, protocol analysis, vulnerability scanning, security event matching generation, priority queuing and registering and the like of the vehicle control system network, the precise positioning of the specific vehicle control system network protocol vulnerability and the equipment vulnerability is realized, a security event set which is most suitable for injection detection is generated through full automation, rapid screening and matching, and the automation degree and the matching degree of the generation of the network security detection event aiming at the specific vehicle control system are greatly improved.
(2) The invention adopts a multi-level feedback queue-based round robin scheduling mechanism to execute the injection detection of the security event aiming at the target vehicle control system network, realizes the setting of three scheduling states of 'ready', 'injection' and 'blocking' according to the matching degree of the security event and the scheduling process, sets four signature states of 'completed', 'unfinished', 'rescheduling' and 'unfit' according to the injection detection result, automatically adjusts the injection detection strategy in time according to the change of the scheduling state and the signature state, simultaneously introduces the state control attribute concepts of security event priority, detection standard time period, unfinished counter and the like, realizes a more reasonable and more efficient automatic security event injection detection mechanism, more fits the real intrusion attack scene, and the whole security detection process is more independently controllable.
Therefore, compared with the traditional method that the vehicle control bus is accessed to the vehicle control bus through the OBD interface one by one in sequence for safety detection manually, the method greatly improves the automation degree of the vehicle control system network safety detection, provides a more reasonable, more efficient and more accurate safety event injection detection mechanism, and provides a vehicle control system network safety detection method which is more suitable for a real intrusion attack scene and is more independently controllable in the whole safety detection process. The invention can be widely applied to the technical field of vehicle control system network safety detection of various common vehicles, special vehicles and automatic driving vehicles, in particular to the situations of automatic and autonomous controllable safety detection and the like of a vehicle control system network.
Drawings
FIG. 1 is a schematic diagram of a network security detection system of a vehicle control system based on a multi-stage feedback queue.
FIG. 2 is a flow chart of a vehicle control system network security detection system based on a multi-stage feedback queue.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
Aiming at the problems in the prior art, the invention provides a vehicle control system network security detection method based on a multistage feedback queue, so that the automation degree is higher, a security event injection detection mechanism is more reasonable, more efficient and more accurate, a detection scene is more suitable for real attack behaviors, and the whole security detection process is more independently controllable.
Specifically, the invention provides a vehicle control system network security detection method based on a multistage feedback queue, which is implemented based on a vehicle control system network security detection system, as shown in fig. 1, the vehicle control system network security detection system based on the multistage feedback queue comprises a security event matching generation area and a security event injection detection area;
wherein the security event matching generation area comprises: the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network device vulnerability scanning module, a security vulnerability and security event POC (point of sale) library, a security event priority queuing module and a security event backup queue registering module; the security event injection detection zone comprises: a safety event injection detection module and a target vehicle control system network;
the vehicle control network topology detection module comprises: the system comprises a bus network topology detection unit, a vehicle-mounted wireless communication equipment detection unit and a network topology information sending unit;
the vehicle control network protocol analysis module comprises: the device comprises a protocol data message storage unit, a bus protocol vulnerability scanning unit, a bus protocol analysis unit, a bus protocol comparison unit, a known protocol detection unit, an unknown protocol detection unit, a data message replay detection unit and a network protocol analysis information sending unit;
the vulnerability scanning module of the vehicle control network equipment comprises: the system comprises a bus gateway firmware safety detection unit, a bus gateway flow control detection unit, an OBD interface safety detection unit and a vulnerability scanning result information sending unit;
the security hole and security event POC library comprises: the system comprises a security vulnerability database, a security event POC database, a security event set generation unit and a security event set sending unit; the security vulnerability library is used for storing vehicle control network security vulnerabilities, and the vulnerabilities comprise five attributes of a CVE (CVE _ ID), a vulnerability Name (Vul _ Name), vulnerability feature Description (Vul _ Description), vulnerability Threat Level (Vul _ thread _ Level) and Associated security event identification (Associated _ POC _ SID); the security event POC library is used for storing security events for detecting vulnerabilities, the security events are correlated with vulnerabilities in the security vulnerability library, a bidirectional tracking relationship is established, the security event POC library configures an attribute state control table (PSCT) for each security event, the attribute state control table (PSCT) comprises a unique identifier (SID) of the security event, an Associated vulnerability CVE _ ID (Associated _ CVE _ ID), a security event Priority (POC _ Priority), injection detection process scheduling state information (Dispatch _ Status) (comprising three states of ready, injection and blocking), injection detection result Signature state information (Signature _ Status) (comprising four states of completed, incomplete, rescheduled and Unfinished), a detection Standard time period (nonstandard _ timer) and a detection Counter (unshinished _ Counter) (the initial value is 0);
the security event injection detection module comprises: the system comprises a safety event ready queue set, a safety event blocking queue, a ready scheduling unit, a blocking scheduling unit, a multi-level feedback scheduling unit and an injection detection execution unit; the Set of Ready-to-security-event queues (Ready Queue Set) comprises Ready-to-security-event queues R1, R2, …, Rk, and k are customizable, the Queue lengths are all Rlen (positive integer) and are used for storing security events to be scheduled by a multi-stage feedback scheduling unit, and the scheduling priority is R1> R2> … > Rk; the safety event Blocking Queue (Blocking Queue) is used for storing safety events which need to be rescheduled or are inapplicable and are returned by the injection detection execution unit in the injection detection process, and storing inapplicable safety events returned by the multistage feedback scheduling unit in the multistage feedback scheduling process, wherein the Queue length is Blen (positive integer);
as shown in fig. 2, the method comprises the steps of:
step 1: the bus network topology detection unit in the vehicle control network topology detection module detects a bus network topology structure of a target vehicle control system network according to a user instruction and acquires subnet state information of the target vehicle control system network; the vehicle-mounted wireless communication equipment detection unit detects vehicle-mounted wireless communication equipment information;
the network topology information sending unit receives the bus network topology structure, the subnet state information and the vehicle-mounted wireless communication equipment information, sends the bus network topology structure and the subnet state information to the vehicle control network protocol analysis module, and sends the bus network topology structure and the vehicle-mounted wireless communication equipment information to the vehicle control network equipment vulnerability scanning module;
step 2: the protocol data message storage unit in the vehicle control network protocol analysis module receives the bus network topology structure and the subnet state information sent by the network topology information sending unit, and collects and stores the protocol data message in the bus network;
the bus protocol vulnerability scanning unit carries out bus protocol vulnerability scanning on the protocol data message to generate a bus protocol vulnerability scanning result;
the bus protocol analysis unit is used for carrying out bus protocol analysis on the protocol data message to generate a bus protocol analysis result;
the bus protocol comparison unit compares the bus protocol of the protocol data message, judges whether the bus network is illegally tampered, and generates a bus protocol comparison result;
the known protocol detection unit carries out the security test of the known protocol on the protocol data message to generate a known protocol detection result;
the unknown protocol detection unit carries out security test of an unknown protocol on the protocol data message to generate an unknown protocol detection result;
the data message replay detection unit replays the acquired protocol data message, detects the replay attack resistance of the bus protocol, and generates a data message replay detection result;
the network protocol analysis information sending unit integrates a bus protocol vulnerability scanning result, a bus protocol analysis result, a bus protocol comparison result, a known protocol detection result, an unknown protocol detection result and a data message replay detection result into vehicle control network protocol analysis result information and sends the vehicle control network protocol analysis result information to the security vulnerability and security event POC library;
and step 3: the bus gateway firmware safety detection unit in the vehicle control network equipment vulnerability scanning module receives the bus network topological structure and the vehicle-mounted wireless communication equipment information sent by the network topological information sending unit, detects the safety of the bus network gateway firmware, detects whether the firmware has a logic vulnerability or not and has an illegal upgrading and tampering prevention mechanism or not, and generates a bus gateway firmware safety detection result;
the bus gateway flow control detection unit detects whether the gateway can control the flow of each subnet according to the bus network topology structure, and generates a bus gateway flow control detection result;
the OBD interface safety detection unit detects the safety of the OBD interface according to the bus network topological structure, detects whether a full-network message can be acquired through the OBD interface or not, and generates an OBD interface safety detection result;
the vulnerability scanning result information sending unit integrates the bus gateway firmware security detection result, the bus gateway flow control detection result and the OBD interface security detection result into vehicle control network equipment vulnerability scanning result information and sends the vulnerability scanning result information to a security vulnerability and security event POC (point of sale) library;
and 4, step 4: the security event set generation unit in the security vulnerability and security event POC library receives vehicle control network protocol analysis result information sent by a vehicle control network protocol analysis module and vehicle control network device vulnerability scanning result information sent by a vehicle control network device vulnerability scanning module, extracts the vehicle control network protocol analysis result information and CVE (CVE _ ID), vulnerability Name (Vul _ Name) and vulnerability feature Description (Vul _ Description) information of each vulnerability in the vehicle control network device vulnerability scanning result information, matches the three vulnerability attribute information with corresponding attributes of existing vulnerabilities in the security vulnerability library to generate a discovered vulnerability set after matching is completed, and searches and generates a security event set Associated with all discovered vulnerabilities further according to Associated security event identifiers (Associated _ POC _ SIDs) in the vulnerability attributes;
the security event set comprises security events and an attribute state control table (PSCT) thereof, wherein the security event Priority (POC _ Priority) in the attribute state control table (PSCT) is assigned according to the Threat Level (Vul _ thread _ Level) of corresponding vulnerabilities tracked reversely, and the higher the vulnerability Threat Level (Vul _ thread _ Level), the higher the security event Priority (POC _ Priority) is, and the larger the value is (positive integer);
the security event set sending unit sends the generated security event set to a security event priority queuing module;
and 5: the security event Priority queuing module receives a security event set sent by a security vulnerability and a security event POC library, performs bubble sorting according to the value of the security event Priority (POC _ Priority) in an attribute state control table (PSCT) of the security event, generates a security event backup Queue (Optional Queue) taking the security event with the maximum value of the event Priority (POC _ Priority) as the head of the Queue and the security event with the minimum value of the event Priority (POC _ Priority) as the tail of the Queue, has the Queue length of Olen (positive integer), and finally sends the security event backup Queue to the security event backup Queue registering module;
step 6: the security event backup queue registering module receives a security event backup queue sent by the security event priority queuing module, stores the security event backup queue in a queue form in sequence, and sends a detection start trigger signal to the security event injection detection module after the storage is finished;
and 7: in the safety event injection detection module, the ready scheduling unit continuously monitors whether a detection start trigger signal is received, monitors the states of a safety event ready queue R1, a safety event blocking queue and a safety event backup queue under the condition of receiving the detection start trigger signal, and schedules the safety events in the safety event blocking queue or the safety event backup queue into a safety event ready queue R1 according to the scheduling rules and procedures of the ready scheduling unit and the blocking scheduling unit;
the multi-stage feedback scheduling unit takes down the safety events from the head of a safety event ready queue Ri one by one and sends the safety events to the injection detection execution unit for executing safety detection, the multi-stage feedback scheduling unit monitors the detection state of the injection detection execution unit in real time, and when no safety event which is detecting is being implemented in the injection detection execution unit, the multi-stage feedback scheduling unit schedules the next safety event to the injection detection execution unit;
the injection detection execution unit sets the injection detection process scheduling state information (Dispatch _ Status) of the attribute state control table (PSCT) of the safety event as 'injection' after receiving the safety event sent by the multi-stage feedback scheduling unit, starts to execute safety detection to a target vehicle control system network, monitors the detection time and result in real time, and receives the next safety event sent by the multi-stage feedback scheduling unit when no safety event which is detected is in process in the injection detection execution unit.
Wherein the bus network topology comprises: vehicle CAN bus network topology structure and vehicle LIN bus network topology structure.
Wherein the subnet state information comprises: the running state, the communication state, the firmware model and version, the software system version and the service state information of each network node in the target vehicle control system network.
Wherein the in-vehicle wireless communication device information includes: WIFI equipment information, Bluetooth equipment information, radio frequency equipment information and 2G/3G/4G/5G equipment information.
The injection detection process scheduling state information (Dispatch _ Status) includes ready, injection, and blocking states.
The injection detection result Signature state information (Signature _ Status) includes four states of completed, unfinished, rescheduled and inapplicable.
In step 7, the scheduling rules and procedures of the ready scheduling unit and the blocking scheduling unit are as follows:
1) if the security event ready queue R1 is not full and the security event backup queue is not empty, the ready scheduling unit preferentially sends a ready scheduling signal to the security event backup queue register module, the security events are taken down one by one from the head of the security event backup queue to the tail of the R1 queue, and the scheduling state information (Dispatch _ Status) of the injection detection process of the attribute state control table (PSCT) of the security event is set as 'ready';
2) if the security event ready queue R1 is not full and the security event backup queue is empty, the ready scheduling unit sends a ready scheduling signal to the blocking scheduling unit, and the blocking scheduling unit sends a blocking scheduling signal to the security event blocking queue after receiving the ready scheduling signal: if the safety event blocking queue is empty, entering a 3) scheduling process; if the security event blocking queue is not empty, the blocking scheduling unit takes down the security events from the head of the security event blocking queue one by one, checks the injection detection result Signature state information (Signature _ Status) of the attribute state control table (PSCT) of the security events, and executes the following steps according to a) and b) respectively:
a) if the injection detection result Signature state information (Signature _ Status) of the attribute state control table (PSCT) of the security event is 'rescheduled', the blocking scheduling unit sends the security event to the ready scheduling unit, the ready scheduling unit enqueues the security event to the tail of the R1 queue, and the injection detection process scheduling state information (Dispatch _ Status) of the attribute state control table (PSCT) of the security event is 'ready' from 'blocking';
b) if the Signature state information (Signature _ Status) of the injection detection result of the attribute state control table (PSCT) of the security event is 'inapplicable', the blocking scheduling unit sends the security event to a security vulnerability and security event POC library, the security vulnerability and security event POC library generates a new security event by re-matching according to the CVE number (CVE _ ID) of the relevant vulnerability of the inapplicable security event, and the step 4 is returned, and the process is repeated;
3) if the security event ready queue R1 is not full and the security event backup queue and the security event blocking queue are both empty, the ready scheduling unit continuously monitors the states of the security event backup queue and the security event blocking queue, and enters a scheduling flow of 1) or 2) according to the rule when the security event is monitored to be queued in the backup queue or the blocking queue;
4) if the security event ready queue R1 is full, the ready scheduler automatically enters the sleep state and continuously monitors R1, and if R1 is not full, the scheduling process of 1), 2) or 3) is performed according to the above rules.
In step 7, the scheduling rules and procedures of the multistage feedback scheduling unit are as follows:
1) if the safety event ready queue R1 is not empty, the multi-stage feedback scheduling unit takes the safety events from the head of the R1 queue one by one and sends the safety events to the injection detection execution unit;
2) if and only if the safety event ready queues R1-Ri-1 are empty, the multi-stage feedback scheduling unit sends a multi-stage feedback scheduling signal to the safety event ready queue set, and schedules the safety events in Ri stored in the safety event ready queue set to the injection detection execution unit;
3) the multistage feedback scheduling unit receives a security event of which the injection detection result Signature state information (Signature _ Status) returned by the injection detection execution unit is ' Unfinished ', enqueues the security event to the tail of security event ready queues R2-Rk according to the value of a detection Unfinished Counter (InfinishedCounter) in an attribute state control table (PSCT) of the security event, enqueues to the tail of Ri +1 if the value of the detection Unfinished Counter (InfinishedCounter) in the attribute state control table (PSCT) of the security event is i, and sets the injection detection result Signature state information (Signature _ Status) of the attribute state control table (PSCT) of the security event to ' unfit ' and sets the injection detection process scheduling state information (Dispatch _ Status) to ' blocked ' and sends the blocked ' to a security event blocked queue if i +1 is > k.
In step 7, the scheduling rule and flow of the injection detection execution unit are as follows:
1) if the execution of the security detection is successfully completed, the injection detection execution unit sets the injection detection result Signature state information (Signature _ Status) of the attribute state control table (PSCT) of the security event to be 'completed', and removes the security event;
2) if an inapplicable security event exists in the process of executing the security detection, the injection detection execution unit sets the Signature state information (Signature _ Status) of the injection detection result of the attribute state control table (PSCT) of the security event as inapplicable, sets the scheduling state information (Dispatch _ Status) of the injection detection process as blocked, and returns the security event to a security event blocking queue;
3) if a security event needing to be rescheduled exists in the process of executing security detection, the injection detection execution unit sets Signature state information (Signature _ Status) of an injection detection result of a Property State Control Table (PSCT) of the security event to be rescheduled, sets scheduling state information (Dispatch _ Status) of the injection detection process to be blocked, and returns the security event to a security event blocking queue;
4) if there is a security event which exceeds the Standard _ timed period and is not detected completely in the process of executing security detection, the injection detection execution unit sets the Signature Status information (Signature _ Status) of the injection detection result of the attribute Status control table (PSCT) of the security event to be 'incomplete', adds 1 to the value of the detection incomplete Counter (InfinishedStatus), sets the scheduling Status information (Dispatch _ Status) of the injection detection process to be 'ready', and returns the security event to the multi-stage feedback scheduling unit, and the multi-stage feedback scheduling unit executes the internal scheduling process.
The target vehicle control system network is a tested vehicle control system network used for safety detection.
Example 1
In the embodiment, the vehicle control system network security detection method based on the multistage feedback queue is adopted, so that the higher automation degree is realized, the security event injection detection mechanism is more reasonable, more efficient and more accurate, the detection scene is more suitable for real attack behaviors, and the vehicle control system network security detection is more independently controllable in the whole security detection process.
The method for detecting the network security of the vehicle control system is described in detail below with reference to specific embodiments. Therefore, the method can be extended to the vehicle control system network safety detection application of a wider variety of common vehicles, special vehicles and automatic driving vehicles.
The method comprises the steps of firstly, building a target vehicle control system network, wherein the target vehicle control system network uses a vehicle-mounted CAN and LIN bus network topological structure, integrating five CAN subnets including a power assembly, vehicle body control, chassis control, diagnosis control and commercial information through a gateway, each CAN subnet is used for mounting a related subordinate subsystem ECU, in addition, part of vehicle-mounted controllers such as a vehicle key switch and a constant-speed cruise switch are directly connected with the gateway or the CAN bus, and the vehicle body control LIN networks such as vehicle windows and steering lamps are connected with the vehicle body control CAN through a vehicle Body Control Module (BCM).
The invention discloses a vehicle control system network security detection method based on a multistage feedback queue, which comprises the following steps: a security event matching generation zone and a security event injection detection zone; wherein, the security event matching generation area comprises: the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network device vulnerability scanning module, a security vulnerability and security event POC (point of sale) library, a security event priority queuing module and a security event backup queue registering module; the security event injection detection zone includes: a safety event injection detection module and a target vehicle control system network.
1. Vehicle control network topology detection module
11) The bus network topology detection unit is used for detecting a bus network topology structure network _ topology _ configuration of a target vehicle control system network according to a user instruction and acquiring subnet state information subnet _ status _ info of the target vehicle control system network, wherein the subnet state information subnet _ status _ info comprises an operation state run _ status, a connection state connect _ status, a firmware model and version firmware _ type _ version, a software system version software _ system _ version and service state information service _ status _ info of each network node;
12) the vehicle-mounted wireless communication equipment detection unit is used for detecting vehicle-mounted wireless communication equipment information wireless _ telecommunications _ demand _ info and comprises WIFI equipment WIFI-1, Bluetooth equipment bluetooth-1, radio frequency equipment RF-1 and 2G/3G/4G/5G equipment 4G-1;
13) the network topology information sending unit is used for receiving the bus network topology structure network _ topology _ configuration, the subnet state information subnet _ status _ info and the vehicle-mounted wireless communication equipment information wireless _ telecommunications _ response _ info, integrating the bus network topology structure network _ topology _ configuration and the subnet state information subnet _ status _ info, sending the integrated bus network topology structure network _ topology _ configuration and the vehicle-mounted wireless communication equipment information wireless _ telecommunications _ response _ info to the vehicle control network protocol analysis module, and sending the integrated bus network topology structure network _ topology _ configuration and the vehicle-mounted wireless communication equipment information wireless _ telecommunications _ response _ info to the vehicle control network equipment vulnerability scanning module.
2. Vehicle control network protocol analysis module
21) The protocol data message storage unit is used for receiving the bus network topology structure network _ topology _ configuration and the subnet state information subnet _ status _ info sent by the network topology information sending unit, and collecting and storing the protocol data message datagram in the bus network;
22) the bus protocol vulnerability scanning unit is used for carrying out bus protocol vulnerability scanning on the protocol data message datagram to generate bus protocol vulnerability scanning results Vul1 and Vul 2;
23) the bus protocol analysis unit is used for carrying out bus protocol analysis on the protocol data message datagram and generating a bus protocol analysis result protocol _ analysis _ result;
24) the bus protocol comparison unit is used for comparing the bus protocol of the protocol data message datagram, judging whether the bus network is illegally tampered, and generating a bus protocol comparison result protocol _ compare _ result;
25) the known protocol detection unit is used for carrying out security detection on a known protocol on the protocol data packet datagram and generating a known protocol detection result knock _ protocol _ detection _ result;
26) the unknown protocol detection unit is used for carrying out security detection on an unknown protocol on the protocol data message datagram and generating an unknown _ protocol _ detection _ result of an unknown protocol detection result;
27) the data message replay detection unit is used for replaying the acquired protocol data message datagram, detecting the replay attack resistance of the bus protocol and generating a data message replay detection result, namely, replay _ detection _ result;
28) the network protocol analysis information sending unit is used for integrating bus protocol vulnerability scanning results Vul1, Vul2, bus protocol analysis result protocol _ analysis _ result, bus protocol comparison result protocol _ comparison _ result, known protocol detection result known _ protocol _ detection _ result, unknown protocol detection result non _ protocol _ detection _ result and data message playback detection result response _ playback _ detection _ result into vehicle control network protocol analysis result information network _ protocol _ analysis _ result _ info and sending the vehicle control network protocol analysis result information network _ protocol _ analysis _ result _ info to the security vulnerability and security event POC library.
3. Vulnerability scanning module for vehicle control network equipment
31) The bus gateway firmware safety detection unit is used for receiving a bus network topology structure network _ topology _ configuration and vehicle-mounted wireless communication equipment information wireless _ terminal _ info sent by the network topology information sending unit, detecting bus network gateway firmware safety/security, detecting whether the firmware has a logic bug Y/N and an illegal upgrade and tampering prevention mechanism Y/N, detecting bugs Vul3 and Vul4, and generating a bus gateway firmware safety detection result firmware _ detection _ result;
32) the bus gateway flow control detection unit is used for detecting whether the gateway can perform flow control Y/N on each subnet according to the bus network topology _ configuration and generating a bus gateway flow control detection result flow _ control _ detection _ result;
33) the OBD interface safety detection unit is used for detecting the safety/unsafety of the OBD interface according to the bus network topological structure, detecting whether the full-network message Y/N can be acquired through the OBD interface or not, and generating an OBD interface safety detection result OBD _ port _ detection _ result;
34) the vulnerability scanning result information sending unit is used for integrating the bus gateway firmware security detection result firmware _ detection _ result, the bus gateway flow control detection result flow _ control _ detection _ result and the OBD interface security detection result OBD _ port _ detection _ result into vulnerability scanning result information device _ vul _ scanning _ result _ info of the vehicle control network device and sending the vulnerability scanning result information device _ vul _ scanning _ result _ info to the security vulnerability and security event POC library.
4. POC (Point-of-sale) library for security vulnerabilities and security events
41) The security vulnerability library is used for storing security vulnerabilities of the vehicle control network, and the vulnerabilities comprise CVE numbers (CVE _ ID1, CVE _ ID2, CVE _ ID3 and CVE _ ID4) of discovered vulnerabilities Vul1, Vul2, Vul3 and Vul4, vulnerability names (Vul _ Name1, Vul _ Name2, Vul _ Name3 and Vul _ Name4), vulnerability feature descriptions (Vul _ Description1, Vul _ Description2, Vul _ Description3 and Vul _ Description4), vulnerability Threat levels (Vul _ Threat _ Level1, Vul _ Threat _ Level2, Vul _ Threat _ Level3, Vul _ Threat _ Streat), security event identifiers (Associated _ Association _ SID _ Association _ Ascold _ POC _ S _ Scute _ Sri _ S _ Ser _ Name _ 33, Vul _ Name _ Ser _ Deltay _ Ser _ Name _ Deltay _ 33, Vul _ Ser _ Name # and Vul _ Deltay;
42) the POC library is used for storing security events for detecting vulnerabilities, wherein the POC, POC and vulnerabilities Vul, Vul and Vul in the POC and POC are correlated to each other to establish a bidirectional tracking relationship, the POC library configures an attribute state control table (PSCT, SID) for each POC, POC and POC security event, the PSCT, PSCT and PSCT include unique security event identifiers (SID ), Associated vulnerability CVE _ ID (Associated _ CVE _ ID ), security event Priority (POC _ Priority ), injection detection process scheduling state information (Dispatch _ Sigus, Dispatch _ Status _ ID, Dispatch _ Status, Dispatch _ Status, and Status _ Status (containing three kinds of injection state information), and injection Status information (Dispatch _ Status, Status _ Status, signature _ Status3, Signature _ Status4) (including completed, incomplete, rescheduled, not applicable four states), detection Standard time period (Standard _ timer 1, Standard _ timer 2, Standard _ timer 3, Standard _ timer 4), and detection incomplete Counter (infinished _ Counter1, infinished _ Counter2, infinished _ Counter3, infinished _ Counter4) (initial value is 0);
43) the security event set generation unit is used for receiving protocol vulnerability and equipment vulnerability scanning result information Vul1, Vul2, Vul3 and Vul4 sent by the vehicle control network protocol analysis module and the vehicle control network equipment vulnerability scanning module, extracting CVE number (CVE _ ID1, CVE _ ID2, CVE _ ID3 and CVE _ ID4) of each vulnerability in the vulnerability scanning result information, vulnerability Name (Vul _ Name1, Vul _ Name2, Vul _ Name3, Vul _ Name4), vulnerability feature Description (Vul _ Description1, Vul _ Description2, Vul _ Description3 and Vul _ Description4) information of each vulnerability, matching the vulnerability attribute information with the corresponding attribute of the existing vulnerability in the security vulnerability library, generating vulnerability discovery sets after matching, further associating the discovered vulnerability identification sets (POC _ Association, POC _ Association _ SID _ 4642 and POC _ SID4) information, and generating security vulnerability discovery sets, POC2, POC3, POC 4;
44) the security event set transmitting unit transmits the generated security event sets POC1, POC2, POC3, POC4 to the security event priority queuing module.
The embodiment relates to the set of security events in step 43) includes security events and their PSCT1, PSCT2, PSCT3, PSCT4, PSCT1, PSCT2, PSCT3, security event priorities (POC _ Priority1, POC _ Priority2, POC _ Priority3, POC _ Priority4) in PSCT4, which are assigned according to their Threat levels (vulthrut _ Level1, vulthrut _ Level2, vulthrut _ Level3, vulthrut _ Level4) for reversely tracking corresponding vulnerabilities, and the vulnerability Threat levels vulthrut _ Level2> vulthrut _ Level3> vulthrut _ POC _ Priority 68653, and vulthrut _ Priority _ POC _ Priority4 > vulthrut _ Priority 3.
5. Security event priority queuing module
51) The security event Priority queuing module is used for receiving security event sets POC1, POC2, POC3 and POC4 sent by the security vulnerabilities and the security event POC library, and performing bubble sorting according to the security event priorities (POC _ Priority1, POC _ Priority2, POC _ Priority3 and POC _ Priority4) in the security event PSCT1, PSCT2, PSCT3 and PSCT4 attributes to generatePOC1 with the largest value of POC _ Priority1 is the head of the Queue, POC4 with the smallest value of POC _ Priority4 is the tail of the Queue, POC2 and POC3 are the back-up queues of the security events in the Queue (Optional Queue1), and the Queue length is OlenAnd 4 (positive integer), and finally sending the security event backing Queue Optional Queue1 to the security event backing Queue register module.
6. Security event backup queue register module
61) The security event backing Queue register module receives the security event backing Queue option Queue1 sent by the security event priority queuing module, and stores the security event backing queues POC1, POC2, POC3 and POC4 in sequence in a Queue form, after the storage is completed, the security event backing Queue register module sends a detection start trigger signal detection _ start _ signal to the security event injection detection module.
7. Security event injection detection module
71) The Set of Security event Ready queues (Ready Queue Set1) includes a Security event Ready Queue R1,R2,R3,R4The queue length is Rlen10, the system is used for storing the safety event waiting for the scheduling of the multi-stage feedback scheduling unit, and the scheduling priority is R1>R2>R3>R4
72) The safety event Blocking Queue (Blocking Queue1) is used for storing safety events which need to be rescheduled or are inapplicable and are returned by the injection detection execution unit in the injection detection process, and storing the safety events which are returned by the multistage feedback scheduling unit in the multistage feedback scheduling process and are inapplicable, and the Queue length is Blen=20;
73) The ready scheduling unit is used for continuously monitoring whether a detection start trigger signal detection _ start _ signal is received or not, and monitoring a safety event ready queue R under the condition that the detection start trigger signal detection _ start _ signal is received1According to the states of the Blocking Queue1 and the backup Queue Optional Queue1 of the safety event, the Blocking Queue1 or the backup Queue of the safety event is scheduled according to the scheduling rules and procedures of the ready scheduling unit and the Blocking scheduling unitSecurity event scheduling in column Optional Queue1 to Security event Ready Queue R1Performing the following steps; at this time, security event backing Queue Optional Queue1 has security events POC1, POC2, POC3, POC4 to be scheduled, and thus ready-to-schedule units preferentially schedule POC1, POC2, POC3, POC4 to security event ready Queue R1Performing the following steps;
the scheduling rules and procedures of the ready scheduling unit and the blocking scheduling unit are as follows:
73.1) Ready queue R if Security event1The ready scheduling unit preferentially sends a ready scheduling signal ready _ dispatch _ signal to the security event backing queue register module, and the security events POC1, POC2, POC3 and POC4 are sequentially taken down from the head of the security event backing queue to be enqueued to R1The queue tail, and the scheduling states of the security events PSCT1, PSCT2, PSCT3 and PSCT4 are set as 'ready';
73.2) Ready queue R if Security event1If the safety event backup queue is not full and the safety event backup queue is empty, the ready scheduling unit sends a ready scheduling signal ready _ dispatch _ signal to the blocking scheduling unit, and the blocking scheduling unit sends a blocking scheduling signal block _ dispatch _ signal to the safety event blocking queue after receiving the ready scheduling signal: if the safety event blocking queue is empty, entering 73.3) a scheduling process; if the security event blocking queue has POC2 and POC3, the blocking scheduling unit takes down the security events POC2 and POC3 one by one from the head of the security event blocking queue, checks the signature status of the security events PSCT2 and PSCT3, and executes the following steps of 73.2.1) and 73.2.2):
73.2.1) if the signature status of PSCT3 is "rescheduled", the blocking SCU sends POC3 to the Ready Schedule Unit, which enqueues POC3 to R1The tail of the queue, and the scheduling state of the security event PSCT3 is set to be ready from 'blocking';
73.2.2) if the signature status of the security event PSCT2 is "not applicable", the blocking scheduling unit sends the security event POC2 to the security vulnerability and security event POC library, the security vulnerability and security event POC library generates a new security event by re-matching according to the associated vulnerability CVE _ ID2 of the security event POC2, and the above-mentioned process is repeated;
73.3) Ready queue R if Security event1If the safety event queue is not full and the safety event backup queue and the safety event blocking queue are both empty, the ready scheduling unit continuously monitors the states of the safety event backup queue and the safety event blocking queue, and when the safety event is monitored to be enqueued in the backup queue or the blocking queue, the ready scheduling unit enters a 73.1) or 73.2) scheduling flow according to the rule;
73.4) Ready queue R if Security event1When full, the ready dispatch unit automatically enters the sleep state and continuously monitors R1Monitoring of R1If the current flow is not satisfied, entering 73.1), 73.2) or 73.3) a scheduling flow according to the rule;
74) multiple stage feedback scheduling unit for slave security event ready queue RiThe method comprises the following steps that a queue head takes down safety events one by one and sends the safety events to an injection detection execution unit for executing safety detection, a multi-stage feedback scheduling unit monitors the detection state of the injection detection execution unit in real time, and when no safety event which is detecting is implemented in the injection detection execution unit, the next safety event is scheduled to the injection detection execution unit;
the scheduling rules and the flow of the multistage feedback scheduling unit are as follows:
74.1) Ready queue R if Security event1Not empty, multistage feedback scheduling unit slave R1The team head takes down the security events POC1, POC2, POC3 and POC4 one by one and sends the events to the injection detection execution unit;
74.2) if and only if Security event Ready queue R1When the multi-stage feedback scheduling unit is empty, the multi-stage feedback scheduling unit schedules R by sending a multi-stage feedback scheduling signal multi-stage _ feedback _ dispatch _ signal2The security event POC4 in (1) to the injection detection performing unit;
74.3) the multistage feedback dispatching unit receives the security event POC4 with the signature status of "unfinished" from the PSCT4 returned by the injection detection execution unit, and enqueues the security event POC4 into the security event ready queue R according to the detection of the value of the unfinished counter1 in the security event PSCT42At the end of the queue, if an incomplete counter detected in the security event PSCT is i, enqueuing to Ri+1At the end of the team, if i +1>4, the multi-stage feedback scheduling unit sets the signature state of the security event PSCT as 'inapplicable', sets the scheduling state as 'blocked', and sends the signature state to a security event blocking queue;
75) the injection detection execution unit is used for setting the scheduling states of the safety events PSCT1, PSCT2, PSCT3 and PSCT4 as 'injection' after receiving the safety events POC1, POC2, POC3 and POC4 sent by the multistage feedback scheduling unit, starting to execute safety detection on a target vehicle control system network, monitoring the detection time and result in real time, and receiving the next safety event sent by the multistage feedback scheduling unit when no safety event which is detected is currently executed in the injection detection execution unit;
the injection detection execution unit scheduling rule and the flow are as follows:
75.1) if POC1 performs the security check successfully, the injection check performing unit sets the signature status of the security event PSCT1 to "completed", and removes the security event POC 1;
75.2) if the inapplicable security event POC2 exists in the process of executing the security detection, the injection detection execution unit sets the signature state of the security event PSCT2 as inapplicable and the scheduling state as blocked, and returns the security event POC2 to the security event blocking queue;
75.3) if a security event POC3 needing rescheduling exists in the process of executing security detection, the injection detection execution unit sets the signature state of the security event PSCT3 to be rescheduled and the scheduling state to be blocked, and returns the security event POC3 to the security event blocking queue;
75.4) if there is a security event POC4 that exceeds the detection standard time period and is not detected completely in the process of performing security detection, the injection detection execution unit sets the signature status of the security event PSCT4 to "not complete", the detection incomplete counter is incremented by 1, and the scheduling status is set to "ready", and returns the security event POC4 to the multi-stage feedback scheduling unit, which executes its internal scheduling process.
8. Target vehicle control system network
81) The target vehicle control system network is a tested vehicle control system network for performing security detection.
In summary, compared with the conventional method for manually accessing the vehicle control bus to perform security detection through the OBD interface one by one in sequence, the method for detecting the network security of the vehicle control system based on the multistage feedback queue provided by the embodiment of the invention greatly improves the automation degree of the network security detection of the vehicle control system, provides a more reasonable, more efficient and more accurate security event injection detection mechanism, and provides a vehicle control system network security detection method which is more suitable for a real intrusion attack scene and is more autonomously controllable in the whole security detection process. The invention can be widely applied to the technical field of vehicle control system network safety detection of various common vehicles, special vehicles and automatic driving vehicles, in particular to the situations of automatic and autonomous controllable safety detection and the like of a vehicle control system network.
The above embodiments are only for illustrating the invention and are not to be construed as limiting the invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the invention, therefore, all equivalent technical solutions also belong to the scope of the invention, and the scope of the invention is defined by the claims.

Claims (10)

1. The vehicle control system network safety detection method based on the multistage feedback queue is characterized by being implemented based on a vehicle control system network safety detection system, wherein the vehicle control system network safety detection system based on the multistage feedback queue comprises a safety event matching generation area and a safety event injection detection area;
wherein the security event matching generation area comprises: the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network device vulnerability scanning module, a security vulnerability and security event POC (point of sale) library, a security event priority queuing module and a security event backup queue registering module; the security event injection detection zone comprises: a safety event injection detection module and a target vehicle control system network;
the vehicle control network topology detection module comprises: the system comprises a bus network topology detection unit, a vehicle-mounted wireless communication equipment detection unit and a network topology information sending unit;
the vehicle control network protocol analysis module comprises: the device comprises a protocol data message storage unit, a bus protocol vulnerability scanning unit, a bus protocol analysis unit, a bus protocol comparison unit, a known protocol detection unit, an unknown protocol detection unit, a data message replay detection unit and a network protocol analysis information sending unit;
the vulnerability scanning module of the vehicle control network equipment comprises: the system comprises a bus gateway firmware safety detection unit, a bus gateway flow control detection unit, an OBD interface safety detection unit and a vulnerability scanning result information sending unit;
the security hole and security event POC library comprises: the system comprises a security vulnerability database, a security event POC database, a security event set generation unit and a security event set sending unit; the security vulnerability database is used for storing vehicle control network security vulnerabilities, and the vulnerabilities comprise five attributes of CVE numbers, vulnerability names, vulnerability feature descriptions, vulnerability threat levels and associated security event identifications; the security event POC library is used for storing security events for detecting vulnerabilities, the security events are correlated with vulnerabilities in the security vulnerability library, a bidirectional tracking relation is established, the security event POC library configures an attribute state control table for each security event, and the attribute state control table comprises unique identification of the security events, correlated vulnerability CVE _ ID, security event priority, scheduling state information of an injection detection process, signature state information of an injection detection result, a detection standard time period and a detection unfinished counter;
the security event injection detection module comprises: the system comprises a safety event ready queue set, a safety event blocking queue, a ready scheduling unit, a blocking scheduling unit, a multi-level feedback scheduling unit and an injection detection execution unit; wherein the set of security event ready queues includes a security event ready queue R1,R2,…,RkK is customizable, queue lengthAre all RlenFor storing the safety event waiting for the scheduling of the multi-stage feedback scheduling unit, with the scheduling priority of R1>R2>…>Rk(ii) a The safety event blocking queue is used for storing safety events which need to be rescheduled or are inapplicable and are returned by the injection detection execution unit in the injection detection process, and storing the safety events which are returned by the multistage feedback scheduling unit in the multistage feedback scheduling process and are inapplicable, and the queue length is Blen
The method comprises the following steps:
step 1: the bus network topology detection unit in the vehicle control network topology detection module detects a bus network topology structure of a target vehicle control system network according to a user instruction and acquires subnet state information of the target vehicle control system network; the vehicle-mounted wireless communication equipment detection unit detects vehicle-mounted wireless communication equipment information;
the network topology information sending unit receives the bus network topology structure, the subnet state information and the vehicle-mounted wireless communication equipment information, sends the bus network topology structure and the subnet state information to the vehicle control network protocol analysis module, and sends the bus network topology structure and the vehicle-mounted wireless communication equipment information to the vehicle control network equipment vulnerability scanning module;
step 2: the protocol data message storage unit in the vehicle control network protocol analysis module receives the bus network topology structure and the subnet state information sent by the network topology information sending unit, and collects and stores the protocol data message in the bus network;
the bus protocol vulnerability scanning unit carries out bus protocol vulnerability scanning on the protocol data message to generate a bus protocol vulnerability scanning result;
the bus protocol analysis unit is used for carrying out bus protocol analysis on the protocol data message to generate a bus protocol analysis result;
the bus protocol comparison unit compares the bus protocol of the protocol data message, judges whether the bus network is illegally tampered, and generates a bus protocol comparison result;
the known protocol detection unit carries out the security test of the known protocol on the protocol data message to generate a known protocol detection result;
the unknown protocol detection unit carries out security test of an unknown protocol on the protocol data message to generate an unknown protocol detection result;
the data message replay detection unit replays the acquired protocol data message, detects the replay attack resistance of the bus protocol, and generates a data message replay detection result;
the network protocol analysis information sending unit integrates a bus protocol vulnerability scanning result, a bus protocol analysis result, a bus protocol comparison result, a known protocol detection result, an unknown protocol detection result and a data message replay detection result into vehicle control network protocol analysis result information and sends the vehicle control network protocol analysis result information to the security vulnerability and security event POC library;
and step 3: the bus gateway firmware safety detection unit in the vehicle control network equipment vulnerability scanning module receives the bus network topological structure and the vehicle-mounted wireless communication equipment information sent by the network topological information sending unit, detects the safety of the bus network gateway firmware, detects whether the firmware has a logic vulnerability or not and has an illegal upgrading and tampering prevention mechanism or not, and generates a bus gateway firmware safety detection result;
the bus gateway flow control detection unit detects whether the gateway can control the flow of each subnet according to the bus network topology structure, and generates a bus gateway flow control detection result;
the OBD interface safety detection unit detects the safety of the OBD interface according to the bus network topological structure, detects whether a full-network message can be acquired through the OBD interface or not, and generates an OBD interface safety detection result;
the vulnerability scanning result information sending unit integrates the bus gateway firmware security detection result, the bus gateway flow control detection result and the OBD interface security detection result into vehicle control network equipment vulnerability scanning result information and sends the vulnerability scanning result information to a security vulnerability and security event POC (point of sale) library;
and 4, step 4: the security event set generation unit in the security vulnerability and security event POC library receives vehicle control network protocol analysis result information sent by a vehicle control network protocol analysis module and vehicle control network equipment vulnerability scanning result information sent by a vehicle control network equipment vulnerability scanning module, extracts the CVE number, vulnerability name and vulnerability feature description information of each vulnerability in the vehicle control network protocol analysis result information and the vehicle control network equipment vulnerability scanning result information, matches the corresponding attributes of the existing vulnerabilities in the security vulnerability library according to the three vulnerability attribute information, generates a discovered vulnerability set after matching is completed, and further searches and generates a security event set associated with all discovered vulnerabilities according to the associated security event identification in the vulnerability attributes;
the security event set comprises security events and an attribute state control table thereof, the priority of the security events in the attribute state control table is assigned according to the threat level of corresponding vulnerabilities tracked reversely, and the higher the threat level of the vulnerabilities is, the higher the priority of the security events is and the larger the numerical value is;
the security event set sending unit sends the generated security event set to a security event priority queuing module;
and 5: the security event priority queuing module receives a security vulnerability and a security event set sent by a security event POC library, performs bubbling sequencing according to the security event priority value in an attribute state control table of the security event, generates a security event backup queue taking the security event with the largest event priority value as the head of the queue and the security event with the smallest event priority value as the tail of the queue, and has the length of OlenFinally, the security event backup queue is sent to a security event backup queue register module;
step 6: the security event backup queue registering module receives a security event backup queue sent by the security event priority queuing module, stores the security event backup queue in a queue form in sequence, and sends a detection start trigger signal to the security event injection detection module after the storage is finished;
and 7: in the safety event injection detection module, the ready scheduling unit continuously monitors whether a detection start trigger signal is received or not, and when the detection start trigger signal is receivedIn case, a security event ready queue R is monitored1The states of the security event blocking queue and the security event backup queue are scheduled to a security event ready queue R according to the scheduling rules and the flow of the ready scheduling unit and the blocking scheduling unit1Performing the following steps;
the multistage feedback scheduling unit slave security event ready queue RiThe method comprises the following steps that a queue head takes down safety events one by one and sends the safety events to an injection detection execution unit for executing safety detection, a multi-stage feedback scheduling unit monitors the detection state of the injection detection execution unit in real time, and when no safety event which is detecting is implemented in the injection detection execution unit, the next safety event is scheduled to the injection detection execution unit;
the injection detection execution unit sets the scheduling state information of the injection detection process of the attribute state control table of the safety event as 'injection' after receiving the safety event sent by the multi-stage feedback scheduling unit, starts to execute safety detection to a target vehicle control system network, monitors the detection time and result in real time, and receives the next safety event sent by the multi-stage feedback scheduling unit when no safety event which is currently detected is detected in the injection detection execution unit.
2. The multi-stage feedback queue-based vehicle control system network security detection method of claim 1, wherein the bus network topology comprises: vehicle CAN bus network topology structure and vehicle LIN bus network topology structure.
3. The multi-stage feedback queue-based vehicle control system network security detection method of claim 1, wherein the subnet status information comprises: the running state, the communication state, the firmware model and version, the software system version and the service state information of each network node in the target vehicle control system network.
4. The multi-level feedback queue-based vehicle control system network security detection method of claim 1, wherein the vehicle-mounted wireless communication device information comprises: WIFI equipment information, Bluetooth equipment information, radio frequency equipment information and 2G/3G/4G/5G equipment information.
5. The multi-stage feedback queue-based vehicle control system network security detection method of claim 1, wherein the injection detection process scheduling state information comprises ready, injection and blocking states.
6. The method according to claim 1, wherein the injection test result signature status information includes four statuses of completed, unfinished, rescheduled, and inapplicable.
7. The method for network security detection of a vehicle control system based on multi-stage feedback queue as claimed in claim 1, wherein in step 7, the scheduling rules and procedures of the ready scheduling unit and the blocking scheduling unit are as follows:
1) if the security event is ready queue R1If the safety event queue is not full and the safety event backup queue is not empty, the ready scheduling unit preferentially sends a ready scheduling signal to the safety event backup queue register module, and the safety events are taken down one by one from the head of the safety event backup queue to be enqueued to the R1The queue tail sets the scheduling state information of the injection detection process of the attribute state control table of the security event as 'ready';
2) if the security event is ready queue R1If the safety event backup queue is not full and the safety event backup queue is empty, the ready scheduling unit sends a ready scheduling signal to the blocking scheduling unit, and the blocking scheduling unit sends a blocking scheduling signal to the safety event blocking queue after receiving the ready scheduling signal: if the safety event blocking queue is empty, entering a 3) scheduling process; if the security event blocking queue is not empty, the blocking scheduling unit takes down the security events from the head of the security event blocking queue one by one, checks the injection detection result signature state information of the attribute state control table of the security events, and executes the following steps according to a) and b):
a) if the injection detection result signature state information of the attribute state control table of the security event is 'rescheduling', the blocking scheduling unit sends the security event to the ready scheduling unit, and the ready scheduling unit enqueues the security event to R1The scheduling state information of the injection detection process of the attribute state control table of the security event is set to be ready from 'blocking';
b) if the injection detection result signature state information of the attribute state control table of the security event is 'inapplicable', the blocking scheduling unit sends the security event to a security hole and security event POC library, the security hole and security event POC library generates a new security event by re-matching according to the CVE number of the inapplicable security event associated hole, and the step 4 is returned to and the process is repeated;
3) if the security event is ready queue R1If the safety event queue is not full and the safety event backup queue and the safety event blocking queue are both empty, the ready scheduling unit continuously monitors the states of the safety event backup queue and the safety event blocking queue, and enters a scheduling flow of 1) or 2) according to the rule when the backup queue or the blocking queue is monitored to enqueue a safety event;
4) if the security event is ready queue R1When full, the ready dispatch unit automatically enters the sleep state and continuously monitors R1Monitoring of R1And if the current time is not satisfied, entering a scheduling flow of 1), 2) or 3) according to the rule.
8. The method for network security detection of a vehicle control system based on multi-stage feedback queue according to claim 1, wherein in the step 7, the scheduling rules and procedures of the multi-stage feedback scheduling unit are as follows:
1) if the security event is ready queue R1Not empty, multistage feedback scheduling unit slave R1The head of the queue takes down the safety events one by one and sends the safety events to an injection detection execution unit;
2) if and only if security event ready queue R1~Ri-1When the data are all empty, the multi-level feedback scheduling unit sends a multi-level feedback scheduling signal to a safety event ready queue set for schedulingR for centralized storage of security event ready queuesiThe safety event in (1) is sent to an injection detection execution unit;
3) the multi-stage feedback scheduling unit receives the security event with the injection detection result signature state information returned by the injection detection execution unit as 'unfinished', and enqueues the security event to a security event ready queue R according to the value of the detection unfinished counter in the attribute state control table of the security event2~RkAt the tail of the queue, if the value of the incomplete counter detected in the attribute state control table of the security event is i, the queue is enqueued to Ri+1At the end of the team, if i +1>And k, the multi-stage feedback scheduling unit sets the injection detection result signature state information of the attribute state control table of the security event to be 'inapplicable', sets the scheduling state information of the injection detection process to be 'blocked', and sends the status information to a security event blocking queue.
9. The method for network security detection of a vehicle control system based on multi-stage feedback queue according to claim 1, wherein in step 7, the scheduling rules and procedures of the injection detection execution unit are as follows:
1) if the execution of the security detection is successfully completed, the injection detection execution unit sets the injection detection result signature state information of the attribute state control table of the security event as 'completed', and removes the security event;
2) if an inapplicable security event exists in the process of executing the security detection, the injection detection execution unit sets the signature state information of the injection detection result of the attribute state control table of the security event as inapplicable, sets the scheduling state information of the injection detection process as blocking, and returns the security event to a security event blocking queue;
3) if a security event needing to be rescheduled exists in the process of executing the security detection, the injection detection execution unit sets the signature state information of the injection detection result of the attribute state control table of the security event to be rescheduled and sets the scheduling state information of the injection detection process to be blocked, and returns the security event to the security event blocking queue;
4) if the safety event which exceeds the detection standard time period and is not detected completely exists in the process of executing the safety detection, the injection detection execution unit sets the signature state information of the injection detection result of the attribute state control table of the safety event as 'incomplete', adds 1 to the numerical value of the detection incomplete counter and sets the scheduling state information of the injection detection process as 'ready', and returns the safety event to the multi-stage feedback scheduling unit, and the multi-stage feedback scheduling unit executes the internal scheduling process.
10. The multi-stage feedback queue-based vehicle control system network security detection method of claim 1, wherein the target vehicle control system network is a tested vehicle control system network for security detection.
CN201910863033.1A 2019-09-12 2019-09-12 Vehicle control system network security detection method based on multistage feedback queue Active CN110445810B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910863033.1A CN110445810B (en) 2019-09-12 2019-09-12 Vehicle control system network security detection method based on multistage feedback queue

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910863033.1A CN110445810B (en) 2019-09-12 2019-09-12 Vehicle control system network security detection method based on multistage feedback queue

Publications (2)

Publication Number Publication Date
CN110445810A CN110445810A (en) 2019-11-12
CN110445810B true CN110445810B (en) 2021-07-02

Family

ID=68440025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910863033.1A Active CN110445810B (en) 2019-09-12 2019-09-12 Vehicle control system network security detection method based on multistage feedback queue

Country Status (1)

Country Link
CN (1) CN110445810B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111311912B (en) * 2020-02-25 2021-08-24 北京天融信网络安全技术有限公司 Internet of vehicles detection data determination method and device and electronic equipment
CN111311116B (en) * 2020-03-12 2024-03-01 上海东普信息科技有限公司 Intelligent park-based vehicle scheduling method, device, equipment and storage medium
CN111756762A (en) * 2020-06-29 2020-10-09 北京百度网讯科技有限公司 Vehicle safety analysis method and device, electronic equipment and storage medium
CN112751831B (en) * 2020-12-17 2022-04-15 中国汽车技术研究中心有限公司 Automobile vulnerability classification and processing method, device, equipment and readable storage medium
CN114006791B (en) * 2021-10-29 2023-05-30 东风商用车有限公司 Low-delay message forwarding method and gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103970603A (en) * 2014-05-21 2014-08-06 哈尔滨工程大学 Task scheduling method of event injection engine based on multilevel feedback queue
CN104394163A (en) * 2014-12-05 2015-03-04 浪潮电子信息产业股份有限公司 Safety detection method based on Web application
CN105721482A (en) * 2016-03-03 2016-06-29 天津大学 Mobile terminal handheld vehicle management method based on Internet of Vehicles
CN109245904A (en) * 2018-10-17 2019-01-18 南京航空航天大学 A kind of lightweight car networking system safety certifying method based on PUF

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10291634B2 (en) * 2015-12-09 2019-05-14 Checkpoint Software Technologies Ltd. System and method for determining summary events of an attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103970603A (en) * 2014-05-21 2014-08-06 哈尔滨工程大学 Task scheduling method of event injection engine based on multilevel feedback queue
CN104394163A (en) * 2014-12-05 2015-03-04 浪潮电子信息产业股份有限公司 Safety detection method based on Web application
CN105721482A (en) * 2016-03-03 2016-06-29 天津大学 Mobile terminal handheld vehicle management method based on Internet of Vehicles
CN109245904A (en) * 2018-10-17 2019-01-18 南京航空航天大学 A kind of lightweight car networking system safety certifying method based on PUF

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"车载CAN总线网络异常数据检测技术研究与实现";曾润;《中国优秀硕士学位论文全文数据库 工程科技II辑》;20181115(第11期);第C035-35页 *

Also Published As

Publication number Publication date
CN110445810A (en) 2019-11-12

Similar Documents

Publication Publication Date Title
CN110445810B (en) Vehicle control system network security detection method based on multistage feedback queue
US11363045B2 (en) Vehicle anomaly detection server, vehicle anomaly detection system, and vehicle anomaly detection method
Young et al. Survey of automotive controller area network intrusion detection systems
US20200186560A1 (en) System and method for time based anomaly detection in an in-vehicle communication network
US11755713B2 (en) System and method for controlling access to an in-vehicle communication network
US11252180B2 (en) System and method for content based anomaly detection in an in-vehicle communication network
Waszecki et al. Automotive electrical and electronic architecture security via distributed in-vehicle traffic monitoring
US9646156B2 (en) System and method for detecting OBD-II CAN BUS message attacks
US20160173513A1 (en) Apparatuses and methods for security in broadcast serial buses
CN109688152B (en) Message injection type attack detection method facing vehicle-mounted CAN bus
Nowdehi et al. CASAD: CAN-aware stealthy-attack detection for in-vehicle networks
CN112596962A (en) Automobile CAN bus penetration test system and method
Huang et al. On the security of in-vehicle hybrid network: Status and challenges
Jichici et al. Effective intrusion detection and prevention for the commercial vehicle SAE J1939 CAN bus
KR20190102427A (en) Fuzzing system for verifying security/quality of can device and fuzzing method thereof
CN110430223B (en) Vehicle control system network safety detection system based on multistage feedback queue
Purohit et al. ML-based anomaly detection for intra-vehicular CAN-bus networks
Mukherjee et al. A precedence graph-based approach to detect message injection attacks in J1939 based networks
CN107360120B (en) The auditing method and device of virtual network function
Dupont et al. Network intrusion detection systems for in-vehicle network-Technical report
CN109032108A (en) For identification to the method and apparatus of the attack of fieldbus
CN109150847A (en) A kind of method and apparatus for the network intrusions risk detecting vehicle
Liu et al. Source identification from in-vehicle can-fd signaling: what can we expect?
Shin et al. {RIDAS}: Real-time identification of attack sources on controller area networks
Duan et al. A Vehicle Can Bus Anomaly Detection Method for Periodic Attacks Based on the Entropy Model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant