CN110475227A - The method, apparatus of car networking protecting information safety, system, electronic equipment - Google Patents
The method, apparatus of car networking protecting information safety, system, electronic equipment Download PDFInfo
- Publication number
- CN110475227A CN110475227A CN201910684559.3A CN201910684559A CN110475227A CN 110475227 A CN110475227 A CN 110475227A CN 201910684559 A CN201910684559 A CN 201910684559A CN 110475227 A CN110475227 A CN 110475227A
- Authority
- CN
- China
- Prior art keywords
- emulation
- vehicle device
- network channel
- trapping
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/06—Testing, supervising or monitoring using simulated traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of method, apparatus of car networking protecting information safety, electronic equipment, emulation car machine information is sent to car networking service platform by first network channel by trapping node, receive the attack information from the first network channel, the attack information is sent to car networking protective platform by the second network channel, second network channel is the network channel being isolated with the first network channel.By initiatively utilizing emulation vehicle device analogue simulation vehicle device information, to the mode that attack information is traped, statistical sample quantity is reduced, efficiency is higher, attack information is sent by the second network channel, since the second network channel and first network channel are isolated, on the one hand, emulation vehicle device will not have an impact the normal vehicle device in car networking system, on the other hand, it is difficult to be attacked by attacker to the process that car networking protective platform sends attack information, it is highly-safe.
Description
Technical field
The present invention relates to computer information processing fields, in particular to a kind of side of car networking protecting information safety
Method, device, system, electronic equipment.
Background technique
Car networking is " automobile motive objects networking technology ", refers to the electronic label identification vehicle device by being loaded on vehicle,
Using identification technologies such as less radio-frequencies, is realized by car networking service system and the attribute information of vehicle is extracted and effectively benefit
With effectively being supervised to the operating status of vehicle and provide integrated service.
But car networking service system may suffer from attacking, so that information leakage is made even to service situations such as out of control, because
This, with the rapid development of car networking technology, it is necessary to develop corresponding car networking safety protection technique.
Summary of the invention
This specification embodiment provides a kind of method, apparatus of car networking protecting information safety, system, electronic equipment, uses
To solve the problems, such as that safety existing for existing car networking Protective Information Security Techniques is poor, efficiency is lower.
This specification embodiment provides a kind of method of car networking protecting information safety, comprising:
It traps node and emulation car machine information is sent to car networking service platform by first network channel;
Receive the attack information from the first network channel;
The attack information is sent to car networking protective platform by the second network channel, second network channel is
The network channel being isolated with the first network channel.
In a kind of embodiment wherein, the first network channel is external network cannels, second network channel
For internal network channels.
In a kind of embodiment wherein, the vehicle device information includes:
At least one of in the interactive information of the behavioural information for emulating vehicle device, status information and environment.
In a kind of embodiment wherein, sent out by first network channel to car networking service platform in the trapping node
Before sending emulation car machine information, further includes:
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information.
In a kind of embodiment wherein, the trapping node is built by the second network channel and emulation trapping backstage
Vertical communication connection makes emulation trapping backstage control institute according to emulator command or the received attack information of the trapping node
The behavior of emulation vehicle device is stated, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information, comprising:
The trapping node obtains the vehicle device from the virtualization vehicle device service of simulation backstage by the second network channel
Information.
In a kind of embodiment wherein, which is characterized in that the M trapping node by the second network channel with it is described
Communication connection is established on emulation trapping backstage, and the attack information for making emulation trapping backstage trap node forwarding according to M controls
Each behavior for traping the corresponding emulation vehicle device of node, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
In a kind of embodiment wherein, emulation trapping backstage is virtualization vehicle device service of simulation backstage.
In a kind of embodiment wherein, which is characterized in that the first network channel includes radio network information channel, described
Second network channel is wire channel.
This specification embodiment provides a kind of device of car networking protecting information safety, comprising:
First network channel communication module is sent by first network channel to car networking service platform for traping node
Emulation car machine information, for receiving the attack information from the first network channel;
Second network channel communication module is prevented for the attack information to be sent to car networking by the second network channel
Protect platform, make the car networking protective platform according to the attack information carry out security protection, second network channel for
The network channel that the first network channel is isolated.
In a kind of embodiment wherein, which is characterized in that the second network channel communication module, it is logical in the trapping node
Cross first network channel to car networking service platform send emulation car machine information before, be also used to:
The trapping node is set to obtain the vehicle by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Machine information.
In a kind of embodiment wherein, the trapping node is built by the second network channel and emulation trapping backstage
Vertical communication connection makes emulation trapping backstage control institute according to emulator command or the received attack information of the trapping node
The behavior of emulation vehicle device is stated, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information, comprising:
The trapping node obtains the vehicle device from the virtualization vehicle device service of simulation backstage by the second network channel
Information.
In a kind of embodiment wherein, after the M trapping node is by the second network channel and emulation trapping
Platform establishes communication connection, and the attack information for making emulation trapping backstage trap node forwarding according to M controls each trapping node
The behavior of corresponding emulation vehicle device, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
This specification embodiment provides a kind of system of car networking protecting information safety, comprising: trapping node, emulation trapping
From the background, vehicle device and car networking protective platform are emulated;
Emulation trapping backstage is established with the emulation vehicle device to be communicated to connect, and is sent behavior to the emulation vehicle device and is referred to
It enables, and acquires the emulation car machine information of the emulation vehicle device;
The trapping node is established and is communicated to connect by the second network channel and emulation trapping backstage, described in obtaining
Emulation car machine information;
The trapping node is established by first network channel and car networking service platform and is communicated to connect, and first network is passed through
Channel sends emulation car machine information to car networking service platform, and receives the attack information from the first network channel, institute
Stating the second network channel is the network channel being isolated with the first network channel;
The trapping node also passes through the second network channel and the car networking protective platform is established and communicated to connect, will be described
It attacks information and car networking protective platform is sent to by the second network channel.
In a kind of embodiment wherein, the veneer including at least one M trapping node having, M emulation vehicle device,
M>2;
The trapping node also passes through the second network channel and the car networking protective platform is established and communicated to connect, and also wraps
It includes:
M trapping node is established and is communicated to connect by the second network channel and emulation trapping backstage, and the emulation is made
The attack information that node forwarding is traped according to M in trapping backstage controls the behavior of the corresponding emulation vehicle device of each trapping node.
This specification embodiment also provides a kind of electronic equipment, wherein the electronic equipment includes:
Processor;And
The memory of computer executable instructions is stored, the executable instruction when executed executes the processor
The method that this specification any embodiment is recorded.
This specification embodiment also provides a kind of computer readable storage medium, wherein the computer-readable storage medium
Matter stores one or more programs, and one or more of programs when being executed by a processor, realize specification any embodiment
Record method.
By initiatively being reduced using emulation vehicle device analogue simulation vehicle device information to the mode that attack information is traped
Statistical sample quantity, efficiency is higher, attack information is sent by the second network channel, due to the second network channel and the first net
Network channel is isolated, therefore, on the one hand, emulation vehicle device will not have an impact the normal vehicle device in car networking system, another party
Face, the process for sending attack information to car networking protective platform is difficult to be attacked by attacker, highly-safe.
Detailed description of the invention
In order to keep technical problem solved by the invention, the technological means of use and the technical effect of acquirement clearer,
Detailed description of the present invention specific embodiment below with reference to accompanying drawings.But it need to state, drawings discussed below is only this
The attached drawing of invention exemplary embodiment of the present, to those skilled in the art, before not making the creative labor
It puts, the attached drawing of other embodiments can be obtained according to these attached drawings.
Fig. 1 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides;
Fig. 2 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides;
Fig. 3 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides;
Fig. 4 is a kind of schematic illustration of the method for car networking protecting information safety that this specification embodiment provides;
Fig. 5 is a kind of schematic illustration of the device for car networking protecting information safety that this specification embodiment provides;
Fig. 6 is the structural schematic diagram for a kind of electronic equipment that this specification embodiment provides;
Fig. 7 is a kind of schematic illustration for computer-readable medium that this specification embodiment provides.
Specific embodiment
The protection of prior art squadron car networking information security mainly reduces the general of information leakage by setting firewall
Rate, and the abnormal behaviour of car-mounted terminal is detected, to obtain attack information and then analytical attack behavior, but this side
Formula is substantially to analyze after attack generation attack, and a large amount of statistical sample is needed therefore to compare
Passively, safety is poor, efficiency is lower.
Therefore, it is necessary to propose a kind of protecting information safety method that safety is good, high-efficient.
A kind of method that this specification embodiment proposes car networking protecting information safety passes through the first net by trapping node
Network channel sends emulation car machine information to car networking service platform, receives the attack information from the first network channel, will
The attack information is sent to car networking protective platform by the second network channel, makes the car networking protective platform according to
It attacks information and carries out security protection, second network channel is the network channel being isolated with the first network channel.It is logical
It crosses and statistical sample initiatively is reduced to the mode that attack information is traped using emulation vehicle device analogue simulation vehicle device information
Quantity, efficiency is higher, attack information is sent by the second network channel, since the second network channel and first network channel are separated by
From therefore, on the one hand, emulation vehicle device will not have an impact the normal vehicle device in car networking system, on the other hand, to car networking
The process that protective platform sends attack information is difficult to be attacked by attacker, highly-safe.
Exemplary embodiment of the present invention is described more fully with reference to the drawings.However, exemplary embodiment can
Implement in a variety of forms, and is understood not to that present invention is limited only to embodiments set forth herein.On the contrary, it is exemplary to provide these
Embodiment enables to the present invention more full and complete, easily facilitates the technology that inventive concept is comprehensively communicated to this field
Personnel.Identical appended drawing reference indicates same or similar element, component or part in figure, thus will omit weight to them
Multiple description.
Under the premise of meeting technical concept of the invention, the feature described in some specific embodiment, structure, spy
Property or other details be not excluded for can be combined in any suitable manner in one or more other embodiments.
In the description for specific embodiment, feature, structure, characteristic or the other details that the present invention describes are to make
Those skilled in the art fully understands embodiment.But, it is not excluded that those skilled in the art can practice this hair
Bright technical solution is one or more without special characteristic, structure, characteristic or other details.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Although it should be understood that may indicate the attribute of number using first, second, third, etc. to describe various devices herein
Part, element, component or part, but this should not be limited by these attributes.These attributes are to distinguish one and another one.Example
Such as, the first device is also referred to as the second device without departing from the technical solution of essence of the invention.
Term "and/or" or " and/or " include the associated all combinations for listing any of project or more persons.
Fig. 1 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides.It should
System includes:
Node 101, car networking protective platform 102 are traped, emulation trapping backstage 103 emulates vehicle device 104;
Wherein, emulation trapping backstage 103 is established with the emulation vehicle device 104 communicates to connect, and sends row to emulation vehicle device 104
To instruct, and acquire the emulation car machine information of the emulation vehicle device 104;
Node 101 is traped to establish and communicate to connect by the second network channel and emulation trapping backstage 103, it is described imitative to obtain
True vehicle device information;
It traps node 101 and communication connection is established by first network channel and car networking service platform 20, make to trap node
101 send emulation car machine information to car networking service platform 20 by first network channel, and receive and come from the first network
The attack information of channel, second network channel are the network channel being isolated with the first network channel;
It traps node 101 and communication connection is also established by the second network channel and car networking protective platform 102, save trapping
The attack information is sent to car networking protective platform 102 by the second network channel by point 101.
In this specification embodiment, emulation car machine information may include the behavioural information of the emulation vehicle device, state letter
At least one of in the interactive information of breath and environment.
The system may include several links at work:
Link is forged in emulation: trapping node 101, and emulation trapping platform, emulation vehicle device is connected by establishing communication connection
Into car networking service platform, to forge the process that normal vehicle device and car networking service platform interact, so as to lure into
Attacker implements to attack to them.
It obtains attack information link: forging normal vehicle device and during car networking service platform interacts, if forging
Person attacks trapping node, then traps node and obtain attack information, and be transmitted to car networking protective platform.
Since first network channel is isolated with the second network channel, attacker is difficult to or this emulation lures
Behavior is caught, security threat will not be generated to normal vehicle device;Attack information is obtained in a manner of emulating trapping, statistical sample has
Specific aim, statistic is smaller, therefore, in this way, efficiently and safely obtaining attack information.Pass through analytical attack information, it will be appreciated that
Tool and method used in attacker, thus it is speculated that attack intension and motivation can allow protector clearly to understand them and be faced
Security threat, and enhance by technology and management means the security protection ability of real system.
In this specification embodiment, emulation trapping platform to emulation vehicle device control, can be according to emulator command into
Row control can also be controlled according to attack instruction, is not particularly limited herein, for example, the links in Fig. 1 can be with structure
It is recycled at one, it is every to carry out a circulation, primary attack information can be obtained, in actual application scenarios, this can be with needle
Security protection is carried out to the continuous attack of attacker.
By analysis it has also been discovered that this programme is not the simple direct normal vehicle device using in car networking service platform
Emulation forgery is carried out, this is because it has been found which, which exists, makes to trap the risk that link influences normal vehicle device,
Its basic reason be by normal vehicle device carry out emulation trapping attack information in the way of, be substantially using normal vehicle device and Che Lian
The original network communication channel of net service platform is traped, and this discovery is formally based on, and applicant proposes to utilize and the first net
Second network channel of network channel isolation carries out emulation trapping, is thought deeply around this thought, and just having obtained 10, this is complete
Whole system, therefore, applicant propose above system and corresponding method and non-obvious.
For the system by the way that the trapping node of forwarding attack information and emulation vehicle device is separately positioned, it is flat to emulate trapping to make it
Platform is communicated as transfer, is realized: using a variety of channels will emulate vehicle device be placed in various environment while, due to luring
The channel for catching node and emulation trapping platform is to can be set with first network channel isolation, emulation vehicle device in various environment
In, so as to more advantageously obtain comprehensive emulation car machine information, emulation vehicle device is difficult to return the vehicle to the garage and knock off in the Internet services platform and attacks
The control for the person of hitting can be improved flexibility, the safety of setting, reduce the influence to normal vehicle device.
In this specification embodiment, system 10 may include a veneer of M trapping node having, M emulation
Vehicle device, M > 2;
The trapping node also passes through the second network channel and the car networking protective platform is established and communicated to connect, and also wraps
It includes:
M trapping node is established and is communicated to connect by the second network channel and emulation trapping backstage, and the emulation is made
The attack information that node forwarding is traped according to M in trapping backstage controls the behavior of the corresponding emulation vehicle device of each trapping node.
An analog veneer is allowed to simulate multiple trapping nodes by trapping node and emulation trapping backstage decoupling, it is right
It is few to run resource requirement, cost is greatly saved.
In this specification embodiment, trapping node can have SIM (Subscriber Identity Module client
Identification module) or with SIM SIM network is collectively formed, in this way, trapping node, which can pass through signal tower, accesses car networking service
Platform, this channel can be used as, first network channel.
In this specification embodiment, car networking service platform can be deployed in Cloud Server, do not do specifically explain herein
It states.
Fig. 2 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides, and is shown
The schematic illustration of a kind of first network channel and the second network channel is gone out.
In Fig. 2, first network channel includes the radio network information channel being made of signal tower, is external mobile network, the
Two network channels indicate that trapping node is passing through as normal user's locomotive except external mobile network's access internet, also
Trapping system is accessed by internal network and manages console, and the second network channel can be internal network channels such as by emulation car
The channel in local area network that machine, trapping node, emulation trapping backstage are formed by way of cable network, wherein trapping management
System control position may include car networking protective platform or emulation trapping platform, not shown in FIG. 2 other in system 10
Part is not specifically described herein.
Fig. 3 is a kind of schematic illustration of the system for car networking protecting information safety that this specification embodiment provides, and is shown
Go out trapping node and emulates the Principle of Communication schematic diagram of locomotive.
In Fig. 3, a SIM is configured for each trapping node, is that each trapping node forms independent network, this is multiple
SIM is located in a veneer, realizes integrated, another aspect, trapping node passes through network implementations (can see with analogue simulation container
Make emulation locomotive) decoupling connection, improve flexibility,
Certainly, other parts not shown in FIG. 3 in system 10 are not specifically described herein.
Based on the same inventive concept, this specification embodiment also provides a kind of method of car networking protecting information safety.
Fig. 4 is a kind of schematic illustration of the method for car networking protecting information safety that this specification embodiment provides.It should
Method includes:
S401: trapping node sends emulation car machine information to car networking service platform by first network channel.
S402: the attack information from the first network channel is received.
S403: the attack information is sent to car networking protective platform by the second network channel, makes the car networking
Protective platform carries out security protection according to the attack information, and second network channel is to be separated by with the first network channel
From network channel.
By initiatively being reduced using emulation vehicle device analogue simulation vehicle device information to the mode that attack information is traped
Statistical sample quantity, efficiency is higher, attack information is sent by the second network channel, due to the second network channel and the first net
Network channel is isolated, therefore, on the one hand, emulation vehicle device will not have an impact the normal vehicle device in car networking system, another party
Face, the process for sending attack information to car networking protective platform is difficult to be attacked by attacker, highly-safe.
On the other hand, by by the trapping node of forwarding attack information and emulation vehicle device it is separately positioned, make its with emulation lure
Catch platform to be communicated as transfer, realize: using a variety of channels will emulate vehicle device be placed in various environment while, by
It is therefore to emulate vehicle device with first network channel isolation and do not return the vehicle to the garage and knock off directly in the channel of trapping node and emulation trapping platform
Flexibility, the safety of setting has can be improved, so as to more advantageously obtain in the control of attacker in the Internet services platform
Comprehensive emulation car machine information is obtained, the influence to normal vehicle device is reduced.
Pass through analytical attack information, it will be appreciated that tool and method used in attacker, thus it is speculated that attack intension and motivation,
Protector can be allowed clearly to understand the security threat that they are faced, and real system is enhanced by technology and management means
Security protection ability.
In this specification embodiment, the first network channel is external network cannels, and second network channel is
Internal network channels.
In a kind of embodiment wherein, the vehicle device information includes:
At least one of in the interactive information of the behavioural information for emulating vehicle device, status information and environment.
In a kind of embodiment wherein, sent out by first network channel to car networking service platform in the trapping node
Before sending emulation car machine information, further includes:
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information.
In a kind of embodiment wherein, the trapping node is built by the second network channel and emulation trapping backstage
Vertical communication connection makes emulation trapping backstage control institute according to emulator command or the received attack information of the trapping node
The behavior of emulation vehicle device is stated, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information, comprising:
The trapping node obtains the vehicle device from the virtualization vehicle device service of simulation backstage by the second network channel
Information.
In a kind of embodiment wherein, which is characterized in that the M trapping node by the second network channel with it is described
Communication connection is established on emulation trapping backstage, and the attack information for making emulation trapping backstage trap node forwarding according to M controls
Each behavior for traping the corresponding emulation vehicle device of node, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
In a kind of embodiment wherein, emulation trapping backstage is virtualization vehicle device service of simulation backstage.
In a kind of embodiment wherein, which is characterized in that the first network channel includes radio network information channel, described
Second network channel is wire channel.
It should be understood that in Fig. 2 embodiment method, can with discuss Fig. 1 in system when embodiment in method
It combines, is not repeating to illustrate herein.
It will be understood by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as by computer
The program (computer program) that data processing equipment executes.It is performed in the computer program, offer of the present invention is provided
The above method.Moreover, the computer program can store in computer readable storage medium, which can be with
It is the readable storage medium storing program for executing such as disk, CD, ROM, RAM, is also possible to the storage array of multiple storage medium compositions, such as disk
Or tape storage array.The storage medium is not limited to centralised storage, is also possible to distributed storage, such as based on cloud
The cloud storage of calculating.
Based on the same inventive concept, this specification embodiment also provides a kind of device of car networking protecting information safety.
The device of the invention embodiment is described below, which can be used for executing embodiment of the method for the invention.For
Details described in apparatus of the present invention embodiment should be regarded as the supplement for above method embodiment;For in apparatus of the present invention
Undisclosed details in embodiment is referred to above method embodiment to realize.
Fig. 5 is a kind of structural schematic diagram of the device for car networking protecting information safety that this specification embodiment provides, should
Device may include:
First network channel communication module 501 passes through first network channel to car networking service platform for traping node
Emulation car machine information is sent, the attack information from the first network channel is received;
Second network channel communication module 502, for the attack information to be sent to vehicle connection by the second network channel
Net protective platform makes the car networking protective platform carry out security protection, second network channel according to the attack information
For the network channel being isolated with the first network channel.
In a kind of embodiment wherein, which is characterized in that the second network channel communication module, it is logical in the trapping node
Cross first network channel to car networking service platform send emulation car machine information before, be also used to:
The trapping node is set to obtain the vehicle by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Machine information.
In a kind of embodiment wherein, the trapping node is built by the second network channel and emulation trapping backstage
Vertical communication connection makes emulation trapping backstage control institute according to emulator command or the received attack information of the trapping node
The behavior of emulation vehicle device is stated, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node
Information, comprising:
The trapping node obtains the vehicle device from the virtualization vehicle device service of simulation backstage by the second network channel
Information.
In a kind of embodiment wherein, after the M trapping node is by the second network channel and emulation trapping
Platform establishes communication connection, and the attack information for making emulation trapping backstage trap node forwarding according to M controls each trapping node
The behavior of corresponding emulation vehicle device, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
It should be appreciated that device shown in fig. 5 can be used for executing the above-mentioned each reality recorded in this specification embodiment
Apply the method in example.
It will be understood by those skilled in the art that each module in above-mentioned apparatus embodiment can be distributed in device according to description
In, corresponding change can also be carried out, is distributed in one or more devices different from above-described embodiment.The mould of above-described embodiment
Block can be merged into a module, can also be further split into multiple submodule.
Based on the same inventive concept, this specification embodiment also provides a kind of electronic equipment.
Electronic equipment embodiment of the invention is described below, which can be considered as the method for aforementioned present invention
With the specific entity embodiment of Installation practice.For details described in electronic equipment embodiment of the present invention, should be regarded as pair
In the above method or the supplement of Installation practice;For undisclosed details, Ke Yican in electronic equipment embodiment of the present invention
It is realized according to the above method or Installation practice.
Fig. 6 is the structural schematic diagram for a kind of electronic equipment that this specification embodiment provides.Root is described referring to Fig. 6
According to the electronic equipment 600 of this embodiment of the invention.The electronic equipment 600 that Fig. 6 is shown is only an example, should not be to the present invention
The function and use scope of embodiment bring any restrictions.
As shown in fig. 6, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can wrap
It includes but is not limited to: at least one processing unit 610, at least one storage unit 620, (including the storage of the different system components of connection
Unit 620 and processing unit 610) bus 630, display unit 640 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 610
Row, so that the processing unit 610 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this
The step of inventing various illustrative embodiments.For example, the processing unit 610 can execute step as shown in Figure 1.
The storage unit 620 may include the readable medium of volatile memory cell form, such as random access memory
Unit (RAM) 6201 and/or cache memory unit 6202 can further include read-only memory unit (ROM) 6203.
The storage unit 620 can also include program/practical work with one group of (at least one) program module 6205
Tool 6204, such program module 6205 includes but is not limited to: operating system, one or more application program, other programs
It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 630 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 600 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 600 communicate, and/or with make
Any equipment (such as the router, modulation /demodulation that the electronic equipment 600 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 can be with
By network adapter 660 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.Network adapter 660 can be communicated by bus 630 with other modules of electronic equipment 600.It should
Understand, although being not shown in Fig. 6, other hardware and/or software module can be used in conjunction with electronic equipment 600, including unlimited
In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number
According to backup storage system etc..
Through the above description of the embodiments, those skilled in the art it can be readily appreciated that the present invention describe it is exemplary
Embodiment can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to this hair
The technical solution of bright embodiment can be embodied in the form of software products, which can store calculates at one
In the readable storage medium of machine (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that one
Platform calculates equipment (can be personal computer, server or network equipment etc.) and executes according to the above method of the present invention.When
When the computer program is executed by a data processing equipment so that the computer-readable medium can be realized it is of the invention upper
State method, it may be assumed that method as shown in Figure 1.
Fig. 7 is a kind of schematic illustration for computer-readable medium that this specification embodiment provides.
The computer program can store on one or more computer-readable mediums.Computer-readable medium can be with
It is readable signal medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, red
The system of outside line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing
(non exhaustive list) includes: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory
(RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc
Read memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed
Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism
Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing
Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet
Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
In conclusion the present invention can be implemented in hardware, or the software to run on one or more processors
Module is realized, or is implemented in a combination thereof.It will be understood by those of skill in the art that micro process can be used in practice
The communications data processing units such as device or digital signal processor (DSP) come realize according to embodiments of the present invention in it is some or
The some or all functions of whole components.The present invention is also implemented as a part for executing method as described herein
Or whole device or device program (for example, computer program and computer program product).Such realization present invention
Program can store on a computer-readable medium, or may be in the form of one or more signals.Such letter
It number can be downloaded from an internet website to obtain, be perhaps provided on the carrier signal or be provided in any other form.
Particular embodiments described above has carried out further in detail the purpose of the present invention, technical scheme and beneficial effects
It describes in detail bright, it should be understood that the present invention is not inherently related to any certain computer, virtual bench or electronic equipment, various
The present invention also may be implemented in fexible unit.The above is only a specific embodiment of the present invention, is not limited to this hair
Bright, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention
Protection scope within.
Claims (16)
1. a kind of method of car networking protecting information safety, comprising:
It traps node and emulation car machine information is sent to car networking service platform by first network channel;
Receive the attack information from the first network channel;
The attack information is sent to car networking protective platform by the second network channel, makes the car networking protective platform root
Security protection is carried out according to the attack information, second network channel is that the network being isolated with the first network channel is believed
Road.
2. according to the method described in claim 1, the first network channel is external network cannels, second network channel
For internal network channels.
3. the method according to claim 1, which is characterized in that the vehicle device information includes:
At least one of in the interactive information of the behavioural information for emulating vehicle device, status information and environment.
4. the method according to claim 1, wherein passing through first network channel to Che Lian in the trapping node
Net service platform is sent before emulation car machine information, further includes:
The trapping node obtains the vehicle device information by the emulation vehicle device for establishing decoupling communication connection with the trapping node.
5. according to the method described in claim 4, the trapping node passes through the second network channel and emulation trapping backstage
Communication connection is established, controls emulation trapping backstage according to emulator command or the received attack information of the trapping node
The behavior of the emulation vehicle device, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device information by the emulation vehicle device for establishing decoupling communication connection with the trapping node,
Include:
The trapping node obtains the vehicle device information from the virtualization vehicle device service of simulation backstage by the second network channel.
6. according to the method described in claim 5, it is characterized in that, the M trapping node passes through the second network channel and institute
It states emulation trapping backstage and establishes communication connection, emulation trapping backstage is made to trap the attack information control of node forwarding according to M
The behavior of the corresponding emulation vehicle device of each trapping node is made, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
7. according to the method described in claim 3, emulation trapping backstage is virtualization vehicle device service of simulation backstage.
8. according to the method described in claim 2, it is characterized in that, the first network channel includes radio network information channel, institute
Stating the second network channel is wire channel.
9. a kind of device of car networking protecting information safety, comprising:
First network channel communication module is imitated for sending trapping node to car networking service platform by first network channel
True vehicle device information, for receiving the attack information from the first network channel;
Second network channel communication module, it is flat for the attack information to be sent to car networking protection by the second network channel
Platform, make the car networking protective platform according to the attack information carry out security protection, second network channel be with it is described
The network channel that first network channel is isolated.
10. device according to claim 9, which is characterized in that the second network channel communication module, in the trapping node
Before sending emulation car machine information to car networking service platform by first network channel, it is also used to:
Make the trapping node obtain the vehicle device by the emulation vehicle device for establishing decoupling communication connection with the trapping node to believe
Breath.
11. device according to claim 10, after the trapping node is by the second network channel and emulation trapping
Platform establishes communication connection, makes emulation trapping backstage according to emulator command or the received attack information control of the trapping node
The behavior of the emulation vehicle device is made, and vehicle device information is obtained according to the behavior of the emulation vehicle device;
The trapping node obtains the vehicle device information by the emulation vehicle device for establishing decoupling communication connection with the trapping node,
Include:
The trapping node obtains the vehicle device information from the virtualization vehicle device service of simulation backstage by the second network channel.
12. device according to claim 11, which is characterized in that the M trapping node by the second network channel with
Communication connection is established on emulation trapping backstage, and emulation trapping backstage is made to trap the attack information of node forwarding according to M
The behavior of the corresponding emulation vehicle device of each trapping node is controlled, and vehicle device information, M > 2 are obtained according to the behavior of the emulation vehicle device.
13. a kind of system of car networking protecting information safety, comprising: trapping node, emulation trapping backstage emulate vehicle device and Che Lian
Net protective platform;
Emulation trapping backstage is established with the emulation vehicle device to be communicated to connect, and sends behavior command to the emulation vehicle device, and
Acquire the emulation car machine information of the emulation vehicle device;
The trapping node is established and is communicated to connect by the second network channel and emulation trapping backstage, to obtain the emulation
Vehicle device information;
The trapping node is established by first network channel and car networking service platform and is communicated to connect, and first network channel is passed through
Emulation car machine information is sent to car networking service platform, and receives the attack information from the first network channel, described the
Two network channels are the network channel being isolated with the first network channel;
The trapping node also passes through the second network channel and the car networking protective platform is established and communicated to connect, by the attack
Information is sent to car networking protective platform by the second network channel.
14. system according to claim 10, which is characterized in that the list including at least one M trapping node having
Plate, M emulation vehicle device, M > 2;
The trapping node also passes through the second network channel and the car networking protective platform is established and communicated to connect, further includes:
M trapping node is established and is communicated to connect by the second network channel and emulation trapping backstage, and the emulation is traped
The attack information that node forwarding is traped according to M in backstage controls the behavior of the corresponding emulation vehicle device of each trapping node.
15. a kind of electronic equipment, wherein the electronic equipment includes:
Processor;And
The memory of computer executable instructions is stored, the executable instruction makes the processor execute basis when executed
Method of any of claims 1-8.
16. a kind of computer readable storage medium, wherein the computer-readable recording medium storage one or more program,
One or more of programs when being executed by a processor, realize method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910684559.3A CN110475227B (en) | 2019-07-26 | 2019-07-26 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910684559.3A CN110475227B (en) | 2019-07-26 | 2019-07-26 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110475227A true CN110475227A (en) | 2019-11-19 |
| CN110475227B CN110475227B (en) | 2022-03-22 |
Family
ID=68508372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910684559.3A Active CN110475227B (en) | 2019-07-26 | 2019-07-26 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110475227B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113485158A (en) * | 2021-07-19 | 2021-10-08 | 泰安北航科技园信息科技有限公司 | Dynamic simulation drilling method based on Internet of vehicles information security |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030159064A1 (en) * | 2002-02-15 | 2003-08-21 | Kabushiki Kaisha Toshiba | Computer virus generation detection apparatus and method |
| CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
| CN102685147A (en) * | 2012-05-31 | 2012-09-19 | 东南大学 | Mobile communication honeypot capturing system and implementation method thereof |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| CN105471875A (en) * | 2015-11-25 | 2016-04-06 | 西安科技大学 | Computer network monitoring system |
| EP3144840A1 (en) * | 2015-09-16 | 2017-03-22 | Mastercard International Incorporated | Computer security system |
| CN108521423A (en) * | 2018-04-10 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | HWIL simulation industry control network target range system |
| CN109818985A (en) * | 2019-04-11 | 2019-05-28 | 江苏亨通工控安全研究院有限公司 | A kind of industrial control system loophole trend analysis and method for early warning and system |
| CN109831443A (en) * | 2019-02-26 | 2019-05-31 | 武汉科技大学 | Industrial control network attacking and defending experiment porch and Hardware In The Loop Simulation Method |
-
2019
- 2019-07-26 CN CN201910684559.3A patent/CN110475227B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030159064A1 (en) * | 2002-02-15 | 2003-08-21 | Kabushiki Kaisha Toshiba | Computer virus generation detection apparatus and method |
| CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
| CN102685147A (en) * | 2012-05-31 | 2012-09-19 | 东南大学 | Mobile communication honeypot capturing system and implementation method thereof |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| EP3144840A1 (en) * | 2015-09-16 | 2017-03-22 | Mastercard International Incorporated | Computer security system |
| CN105471875A (en) * | 2015-11-25 | 2016-04-06 | 西安科技大学 | Computer network monitoring system |
| CN108521423A (en) * | 2018-04-10 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | HWIL simulation industry control network target range system |
| CN109831443A (en) * | 2019-02-26 | 2019-05-31 | 武汉科技大学 | Industrial control network attacking and defending experiment porch and Hardware In The Loop Simulation Method |
| CN109818985A (en) * | 2019-04-11 | 2019-05-28 | 江苏亨通工控安全研究院有限公司 | A kind of industrial control system loophole trend analysis and method for early warning and system |
Non-Patent Citations (1)
| Title |
|---|
| 刘文懋等: "基于软件定义安全的企业内网威胁诱捕机制", 《信息技术与网络安全》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113485158A (en) * | 2021-07-19 | 2021-10-08 | 泰安北航科技园信息科技有限公司 | Dynamic simulation drilling method based on Internet of vehicles information security |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110475227B (en) | 2022-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111565199A (en) | Network attack information processing method and device, electronic equipment and storage medium | |
| US11509683B2 (en) | System and method for securing a network | |
| CN109617878A (en) | A kind of construction method and system, computer readable storage medium of honey net | |
| CN110336811A (en) | A kind of Cyberthreat analysis method, device and electronic equipment based on honey pot system | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| CN105844146B (en) | Method and device for protecting driver and electronic equipment | |
| Oktay et al. | Proxy network intrusion detection system for cloud computing | |
| CN106161395A (en) | A kind of prevent the method for Brute Force, Apparatus and system | |
| US11061792B2 (en) | Test system for testing a computer of a computer system in a test network | |
| CN108605264A (en) | Network management | |
| CN108809975B (en) | Internal and external network isolation system and method for realizing internal and external network isolation | |
| CN114826663B (en) | Honeypot identification method, device, equipment and storage medium | |
| CN112351031A (en) | Generation method and device of attack behavior portrait, electronic equipment and storage medium | |
| RU2761542C1 (en) | System and method for forming a system of trap resources | |
| CN110417768A (en) | A kind of tracking and device of Botnet | |
| Zhang et al. | ScanMe mobile: a cloud-based Android malware analysis service | |
| CN108183884B (en) | Network attack determination method and device | |
| CN109286630A (en) | Deng guarantor's processing method, device, equipment and storage medium | |
| CN110475227A (en) | The method, apparatus of car networking protecting information safety, system, electronic equipment | |
| CN110166470A (en) | A kind of network service analogy method and device | |
| Wang et al. | SMS Observer: A dynamic mechanism to analyze the behavior of SMS-based malware | |
| Mashima et al. | On design and enhancement of smart grid honeypot system for practical collection of threat intelligence | |
| Cagalaban et al. | Improving SCADA control systems security with software vulnerability analysis | |
| WO2020057156A1 (en) | Safety management method and safety management device | |
| Tay et al. | Taxonomy of fingerprinting techniques for evaluation of smart grid honeypot realism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |