CN111314386A - Intrusion detection method and device for intelligent networked automobile - Google Patents
Intrusion detection method and device for intelligent networked automobile Download PDFInfo
- Publication number
- CN111314386A CN111314386A CN202010208722.1A CN202010208722A CN111314386A CN 111314386 A CN111314386 A CN 111314386A CN 202010208722 A CN202010208722 A CN 202010208722A CN 111314386 A CN111314386 A CN 111314386A
- Authority
- CN
- China
- Prior art keywords
- communication request
- role
- request message
- intrusion detection
- source address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides an intrusion detection method and device for an intelligent networked automobile, wherein the method comprises the following steps: receiving a communication request message of an external communication request body; identifying a role of the communication request subject; and determining whether the operation corresponding to the communication request message is matched with the operation authority corresponding to the identified role or not based on the preset operation authority information of a plurality of roles in a plurality of action domains, and sending the indication information corresponding to the communication request to the corresponding electronic control unit under the condition of matching so as to perform corresponding control by the electronic control unit. According to the intrusion detection method provided by the embodiment of the invention, by introducing the intrusion detection gateway equipment, the role of the main body to be requested to access and the scope authority of the main body are flexibly configured, and the efficiency and the accuracy of intrusion detection of the intelligent networked automobile can be improved.
Description
Technical Field
The invention relates to the field of intelligent networked automobiles, in particular to an intrusion detection method and device of an intelligent networked automobile.
Background
Along with the development and popularization of intelligent networked automobiles, the intellectualization and networking of the automobiles bring great convenience to the life of people. However, the intellectualization and networking bring information security problems. The intelligent networked automobile needs to perform data interaction with external remote Service providers (TSPs), background Service providers such as automobile manufacturers, other intelligent networked automobiles, road side facilities, mobile intelligent terminals and the like. As shown in fig. 1, in the interaction process, the important core components such as a T _ box (telematics box), a bluetooth module, and an On Board Unit (OBU) in the automobile are mainly used to interact with the outside. These components are connected to a central gateway inside the vehicle, and communicate with an Electronic Control Unit (ECU) inside the vehicle through a can (controller area network) bus. In the communication process, transmission of network data packets and CAN bus message packets is involved, and hackers may perform intrusion access attacks on in-vehicle components, so that intrusion detection needs to be performed on intelligent networked automobiles.
Intrusion detection is the use of computer technology to identify potential and ongoing intrusions in the system for timely warning. At present, an abnormal detection-based method is mostly adopted for intrusion detection of intelligent networked automobiles. The method comprises the steps of observing and analyzing normal main body behaviors, extracting profile features of the normal behaviors from the main body behaviors, and comparing data with the profile features to judge whether abnormal access occurs or not. Analyzing the whole process, based on the method of abnormal detection, firstly, a complete available normal feature library is needed, then, the features are analyzed from the data to be used as input data, and finally, the input data is compared and judged with the feature library. Although the method is feasible in process, the method has the following limitations aiming at the real-time and complex multi-communication scene of the intelligent networked automobile:
(1) and (4) collecting the data set. The data is the basis and the quality of a model or algorithm cannot be evaluated without sufficiently accurate data. Because the intelligent networked automobile is in a development stage, currently, in academic circles and industrial circles, no reliable data set aiming at the intrusion detection of the intelligent networked automobile exists. Meanwhile, the production specifications of each manufacturer of the intelligent networked automobile are different, so that a unified data set does not exist to serve as a training set for the model. Therefore, the problem of collection of data sets is one of the problems based on anomaly detection methods.
(2) And (4) selecting and extracting features. The method for intelligent networking automobile attack is various and has strong concealment. An instruction with an attack behavior can be disguised that a normal instruction is hidden in a network data packet and cannot be satisfied. The accuracy of the feature selection and extraction work for anomalies often determines the accuracy of the model.
(3) Real-time performance of the calculation. The data acquisition and feature selection, the intermediate processing process requiring data transmission, dimension reduction and feature engineering, and the model calculation process all require the consumption of a large amount of calculation resources and time. At present, the calculation force of a vehicle-mounted end is not enough to support such a large calculation amount, and the cooperation of a cloud end is needed. Therefore, in terms of real-time performance, the method cannot sufficiently cope with the characteristics of real-time interaction of the networked automobiles.
Therefore, the current intrusion detection method based on abnormal detection is not enough to be suitable for the detection of the intrusion of the intelligent networked automobile with complex conditions and high real-time requirement. How to provide a technology capable of rapidly and accurately identifying potential intrusion in an intelligent networked automobile is an urgent problem to be solved.
Disclosure of Invention
In view of the above, the present invention provides an intrusion detection method and apparatus for an intelligent networked automobile, so as to quickly and accurately identify a potential intrusion, thereby eliminating or improving one or more defects in the prior art.
The technical scheme of the invention is as follows:
according to an aspect of the present invention, an intrusion detection method for an intelligent networked automobile is provided, the method comprising the following steps:
receiving a communication request message of an external communication request body;
identifying a role of the communication request subject;
and determining whether the operation corresponding to the communication request message is matched with the operation authority corresponding to the identified role or not based on the preset operation authority information of a plurality of roles in a plurality of action domains, and sending the indication information corresponding to the communication request to the corresponding electronic control unit under the condition of matching so as to perform corresponding control by the electronic control unit.
Optionally, the plurality of roles includes one or more of the following roles: TSP of an automobile manufacturer, intelligent decision TSP, information service TSP, a mobile terminal, a road side unit RSU and other vehicle OBUs; or, the plurality of roles are a plurality of roles divided based on a communication subject;
the plurality of scopes includes one or more of: a power domain, a chassis domain, a vehicle body domain and an information domain; or the plurality of scopes comprise a plurality of scopes which are obtained by grouping according to the safety access control requirements of the electronic control units, and each group corresponds to one scope;
the operation authority information of the roles in the scope comprises: the operation authority information of each role on each component in each action domain;
the operation authority comprises an access operation to each access content in each scope, and the access operation comprises: unreadable and unwritable, readable only, writeable only, or both.
Optionally, in a case that it is determined that the operation corresponding to the communication request message does not match the operation authority corresponding to the identified role, the communication request message is rejected.
Optionally, the identifying a role of a communication request subject includes: analyzing a source address of the communication request message, and determining whether the source address is in a source address blacklist; rejecting the communication request message if it is determined that the source address is in a source address blacklist; in an instance in which it is determined that the source address is not in a source address blacklist, identifying a role for the communication request subject based on a source of the communication request message.
Optionally, the method further comprises: and sending a notice warning to an automobile central control display screen of the intelligent networked automobile and/or a TSP platform of an automobile manufacturer while rejecting the communication request message.
Optionally, identifying a role of the communication request subject based on a source of the communication request message includes: in the case that the communication request message originates from the on-board host box, comparing the source address of the communication request message with the source address of at least one pre-stored remote service provider, and determining the role of the communication request subject as a matching remote service provider role if there is a matching result; under the condition that the communication request message is from a Bluetooth module, if the communication request message passes the authentication pairing success, determining that the role of the communication request main body is a mobile terminal role; if the pairing is unsuccessful, the vehicle can not communicate with the inside of the intelligent networking vehicle; and under the condition that the communication request message is from an on-board unit (OBU), determining that the role of the communication request main body is a drive test unit (RSU) role or the OBU role of other vehicles based on a short-range communication protocol corresponding to the communication request message.
Optionally, identifying a role of the communication request subject based on a source of the communication request message, further comprising: and if the matching result does not exist, rejecting the communication request message, and adding the source address of the message into the source address blacklist.
Optionally, the method is performed by an intrusion detection gateway, and the method further includes: and the electronic control unit executes the execution result after the corresponding operation based on the identified operation authority corresponding to the main body, sends the execution result to the relevant communication assembly through the CAN bus, and sends the execution result to the outside through the relevant communication assembly.
According to another aspect of the present invention, there is also provided an intrusion detection device for an intelligent networked automobile, the device including a processor and a memory, the memory having stored therein computer instructions, the processor being configured to execute the computer instructions stored in the memory, and the device implementing the steps of the method when the computer instructions are executed by the processor.
Optionally, the apparatus is an intrusion detection gateway interposed between the central gateway and the external communication device interface.
The intrusion detection method and the intrusion detection device for the intelligent networked automobile, provided by the embodiment of the invention, can prevent a potential illegal request from entering the intelligent networked automobile by identifying the communication request main body and automatically matching with the operation authority corresponding to the identified role based on the access control strategy.
Furthermore, by presetting the operation authority information of a plurality of roles in a plurality of action domains, the method can adapt to complex communication scenes and variable market demands.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to the specific details set forth above, and that these and other objects that can be achieved with the present invention will be more clearly understood from the detailed description that follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is an ecological architecture diagram of an intelligent networked automobile.
Fig. 2 is a schematic flow chart of an intrusion detection method for an intelligent networked automobile according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating intrusion detection implemented by an intrusion detection gateway according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
It should be noted that, in order to avoid obscuring the present invention with unnecessary details, only the structures and/or processing steps closely related to the scheme according to the present invention are shown in the drawings, and other details not so relevant to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict.
In the intelligent networking automobile architecture, a central gateway is connected with different in-vehicle buses and external communication equipment and is responsible for data transmission and protocol conversion between the different buses and the communication equipment. In the embodiment of the invention, in order to quickly identify potential information security threats of an intelligent networked automobile in the process of communicating with an external entity, an intrusion detection method and corresponding intrusion detection gateway equipment are introduced, and the intrusion detection gateway equipment is arranged in the automobile and is arranged between a central gateway and an external communication equipment interface (as shown in figure 3) to be used as a unique entrance for accessing and managing resource objects so as to realize the uniform management of all the external communication interfaces. In the embodiment of the invention, the intrusion detection gateway provides access interfaces for various resource objects (such as a CAN bus, an ECU, a vehicle-mounted infotainment system IVI, a vehicle-mounted automatic diagnosis system OBD, an over-the-air OTA, an application program APP, an operating system OS and the like) in the networked automobile, and the resource objects execute basic read-write operation through the gateway interfaces.
The embodiment of the invention can effectively identify the role of the request main body by using the intrusion detection gateway through the preset role and the corresponding operation authority, and prevent the potential illegal request from entering the intelligent networked automobile.
The intrusion detection method provided by the embodiment of the invention is an intrusion detection method based on an authority access control mechanism, the adopted authority access control mechanism is a mechanism for controlling whether a user can enter the system and what objects can be operated after entering the system, and the authority access control mechanism is made into a link for discriminating and protecting potential intrusion in the intrusion detection method.
Fig. 2 is a schematic flow chart illustrating an intrusion detection method for an intelligent networked automobile according to an embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
step S110, a communication request message of an external communication request body is received.
When the intelligent networked automobile receives a communication request message from an external device (a communication request main body), a receiving end of the message forwards the request to the intrusion detection gateway, and thus the intrusion detection gateway receives the communication request message from the external communication request main body. The communication request message may carry identification information of the external communication request subject, such as address information and/or device identification, and the message may also carry requested operation content, such as an operation instruction (e.g., read-write request) for a specific scope component of the automobile.
The external device may be a road side device RSU, a mobile intelligent terminal, an OBU of another vehicle, or a TSP platform, wherein the TSP platform may include: a TSP from an automobile manufacturer, a smart decision TSP, or an information service TSP, etc., but the present invention is not limited thereto, and may be a device attempting an illegal intrusion.
Step S120, the role of the communication request subject is identified.
In this step, the intrusion detection gateway may identify whether the communication request subject is a legitimate role based on the source address and the like of the external communication request subject.
In one embodiment, the step of identifying the role of the body of the communication request may comprise:
the intrusion detection gateway parses the source address of the communication request message to determine if the source address is in a source address blacklist (or gateway blacklist). The source address blacklist is a pre-stored list that can be updated in real time. If the source address is in the source address blacklist, the role of the communication request main body is considered as an illegal role, so that the communication request message is rejected, and an alarm is sent to an automobile central control display screen of the intelligent networked automobile. Meanwhile, an alarm can be sent to the TSP platform of the automobile manufacturer. If the source address is not in the blacklist of source addresses, the source address is preliminarily identified as a legal role, and the role of the communication request main body is further identified based on the source of the communication request message. The following is an example of identifying the role of the body of a communication request based on the source of the message.
(1) In the case where the communication request message originates from the in-vehicle host box, the source address of the communication request message is compared with the source address of at least one TSP prestored, and in the case where there is a matching result, the role of the communication request subject is determined to be the matching TSP role.
More specifically, depending on the origin of the request forwarding, if the request message originates from the on-board host box, this request message is considered to be from a trusted remote service provider TSP. The remote service providers TSP may be classified into 3 categories, which are: the system comprises an automobile manufacturer TSP, an intelligent decision TSP and an information service TSP.
All source addresses of these three types of trusted TSPs may be built in advance in the intrusion detection gateway. The source end address can be further identified by comparing the main body of the request message, and if the source address of the main body TSP for identifying the request communication is the same as the built-in source address, the main body TSP is preliminarily considered to be a legal role. If the source address of the TSP is identified to be different from the built-in source address, the TSP is identified to be an illegal role, the request is directly rejected, and information such as the source address, the time stamp and the like of the request message is recorded in a gateway blacklist.
(2) Under the condition that the communication request message is from the Bluetooth module, if the authentication pairing is successful, determining that the role of the communication request main body is the role of the intelligent mobile terminal; if the pairing is unsuccessful, the vehicle can not communicate with the inside of the intelligent networking vehicle.
More specifically, if the request message originates from a bluetooth module, it may be determined whether the bluetooth is paired bluetooth. If the Bluetooth module is paired for the first time, the Bluetooth module needs to be authenticated in a secret key mode, and if the Bluetooth module passes the authentication, the role of the main body for sending the request message is considered as the intelligent mobile terminal; if the verification is not passed, the communication with the inside of the intelligent network automobile can not be carried out, and at the moment, the Bluetooth information can be recorded in a gateway blacklist. If the pairing is not the first pairing and is successful, the role of the main sending body of the request message is considered as the intelligent mobile terminal; and identifying that the role is illegal aiming at the Bluetooth module which is not paired for the first time and is unsuccessfully paired, and at the moment, the Bluetooth module cannot communicate with the inside of the intelligent networking automobile, but the Bluetooth information can be recorded in a gateway blacklist. Whether the communication request main body is in a legal role can be judged subsequently based on the source address of the Bluetooth module. The manner of performing the role recognition based on the request message from the bluetooth module is merely an example, and the present invention is not limited thereto.
(3) If the request message is from the vehicle-mounted unit OBU, the OBU carries out short-range communication with the road side unit RSU and the OBUs of other vehicles, so that the type of the request message can be judged according to the existing short-range communication protocol in the market, and the main body role of the request message is judged to be the road side unit RSU role or the OBU roles of other vehicles.
The role identifying step S120 corresponds to a role granting step of determining whether or not a specific legitimate role is assigned to the communication request subject based on the source of the message.
And step S130, after the legal role is identified, determining whether the operation corresponding to the communication request message is matched with the operation authority corresponding to the identified role based on the operation authority information of the preset roles in the action domains, and sending indication information corresponding to the communication request to the corresponding electronic control unit under the condition of matching so as to perform corresponding control by the electronic control unit.
In an embodiment of the present invention, since role and operation authority need to be matched, operation authority information (also referred to as a role authorization table) of a plurality of roles in a plurality of action domains may be stored in advance in the intrusion detection gateway. As an example, before step S110, a default role and authority configuration may be completed on The TSP platform of The auto manufacturer to obtain a role authorization table, and The role authorization table may be issued to The intrusion detection gateway by an ota (over The air) method.
Therefore, when the intelligent networked automobile receives an external connection request, the intelligent networked automobile can sequentially complete the identification of the role of the communication request main body at the intelligent networked automobile end through the intrusion detection gateway, and the matching of the corresponding authority of the role is realized based on the role authorization list.
An example of a role authorization list is shown in table 1 below.
Table 1 role authorization table example:
the operational rights of different roles to different scopes of the vehicle are shown in table 1 above. The roles shown include: TSP of automobile manufacturers, intelligent decision TSP, information service TSP, mobile terminals, road side units RSU and other vehicle OBU. In the actual design, the roles can be further subdivided according to specific communication bodies, so that more detailed role authority distribution and intrusion behavior detection are achieved. The plurality of scopes can include: the system comprises a power domain, a chassis domain, a vehicle body domain and an information domain, wherein different action domains correspond to different vehicle interior parts. This division of scopes is merely an example, and other ways of division are possible. For example, during actual design, different ECUs or others may be further grouped according to the control requirement of security access, and authority is allocated on the groups, and each group is used as a scope unit, so as to achieve more detailed role authority allocation and intrusion behavior detection; the operation authority information of the roles in the scope can include: and each role is used for operating authority information of each component in each action domain. The operation right is used for the access operation of each access content in each scope, and the access operation can comprise: unreadable and unwritable, readable only, writeable only, or both. As in table 1 above, "N" represents: unreadable, unwritable; "R" represents: is only readable; "W" represents: (ii) writable only; "RW" means: both readable and writable. Reading and writing are general descriptions of resource access modes, and access operation permissions of access contents of different domains can be further refined according to control contents of messages in actual design so as to achieve more accurate role permission allocation and intrusion behavior detection. The roles and rights in table 1 above are merely examples, but the present invention is not limited thereto.
The role authorization list can be dynamically expanded and updated according to different requirements, and the in-vehicle intrusion detection gateway is updated and upgraded through an OTA mechanism.
After the intrusion detection gateway completes the identification (or called distribution) of the role of the request subject, the scope of the request message and the operation authority corresponding to the scope of the request message are analyzed, whether the analyzed scope of the request message and the operation authority of the analyzed scope of the request message are matched with the operation authority of the corresponding role to each scope in the role authorization table is determined, and indication information corresponding to the communication request is sent to the corresponding electronic control unit under the condition of matching, so that the electronic control unit performs corresponding control.
That is, the intrusion detection gateway compares the role authorization table, verifies the operation authority in the message, and determines whether to send the instruction to the corresponding ECU. If the request sent by the role does not accord with the operation authority corresponding to the role in the role authorization, the request is determined to be an illegal request of a legal role, the request is rejected, and an alarm is sent to an automobile central control display screen of the intelligent networked automobile; and if the request sent by the role accords with the operation authority corresponding to the role in the role authorization, sending the instruction to the corresponding ECU, and executing the authority operation. And after the corresponding ECU completes the corresponding authority operation, the execution result is sent to the intrusion detection gateway through the CAN bus, and the intrusion detection gateway sends the execution result to the outside through the communication interface for feedback.
This step S130 is an authority matching step, and may also be understood as a step of performing authority grant based on the role and the role grant list. And based on the authority granted to the identified role by the role authorization table, determining whether the authority in the message conforms to the granted authority, thereby judging whether to reject the request message.
It can be seen that the identification of the illegal intrusion by the present invention is mainly based on the following two aspects:
(1) it is determined whether the role is illegal. For a request of a legal subject, the role identification, or role grant, is performed according to the request source, the request source address and other role authorization rules. And if the request does not accord with the granting rule, determining the request as an illegal role and rejecting the request.
(2) It is determined whether the authority of the legitimate role is illegitimate. For a legal role passing through the role authorization rule, if the operation authority in the request sent by the role does not conform to the authority in the authorization table corresponding to the role, the request is determined to be an illegal request of the legal role, and the request is rejected.
Once the intrusion detection gateway detects one of the two illegal intrusion behaviors, the intrusion detection gateway sends an alarm to an automobile central control display screen of the intelligent networked automobile and can send an alarm to a TSP platform of an automobile manufacturer.
As can be seen from the above, the intrusion detection gateway provided in the embodiment of the present invention can perform role identification (or called grant) on an external communication entity, and the operation authority identification (or called grant) of the scope is based on the RBAC policy, that is, authorization is performed by comparing an authorization table issued by a cloud, and the scope and the read-write authority of the role are determined. And determining whether the scope of the main body of the current communication is within the access range of the role corresponding to the main body by analyzing the content of the current communication. Thereby determining whether to execute the instruction of the current communication. If any link in the process is inconsistent with the normal authorization process, the potential attack behavior is determined to appear, the request is refused, and the alarm is given in the vehicle central control information screen.
The intrusion detection method of the present invention is exemplified as follows:
for example, some components of some brands of intelligent networked automobiles can be upgraded through firmware Over The Air (OTA), so that the expansion capability of the vehicle functions is greatly improved. The security of the firmware upgrade cloud platform has a very important impact on vehicle security. The automobile manufacturer may configure permission allocation tables that allow the firmware upgrade cloud platform to have permission to write firmware information to the domain or group where the component to be firmware upgraded is located.
When firmware upgrading is performed through the firmware upgrading cloud platform, the following steps are performed:
(1) the firmware upgrade message of the platform arrives at the vehicle end and is received by the in-vehicle T-Box.
(2) The T-Box forwards the received message to the intrusion detection gateway.
(3) And after receiving the request, the intrusion detection gateway analyzes the source address of the network request and compares whether the address is in the blacklist. If so, rejecting the request. If not, the following steps are continued.
(4) The request comes from a firmware upgrading cloud platform, a trusted TSP source address list built in an intrusion detection gateway is compared, if the source address of the request contains the source address of the request, the request is granted to the role of an information service provider, or the request is identified as the information service provider.
(5) The role has the scope and corresponding operating rights listed in authorization table 1.
(6) And the intrusion detection gateway analyzes the request, and if the request is requested, firmware upgrading is carried out. Comparing the role authorization table, if the table allows the operation, the intrusion detection gateway sends a firmware upgrading instruction to the related component.
The intrusion detection method and the intrusion detection gateway ECU device provided by the embodiment of the invention can effectively identify the role of the communication request main body and the corresponding authority thereof and prevent a potential illegal request from entering the intelligent internet automobile based on the preset role and the operation authority list of the role in the action domain. The intrusion detection method only needs to add a new ECU (intrusion detection gateway) at the vehicle end, intrusion detection is calculated at the vehicle end, the calculated amount is small, the logic of the operation is simple, and the method can adapt to the real-time characteristic of the intelligent networked vehicle.
In addition, the authorization model of the access control strategy of the intrusion detection gateway provided by the embodiment of the invention is updated by the way of issuing by the OTA of the car manufacturer TSP. The mode is flexible in configuration, can adapt to complex communication scenes and changeable market demands, does not need hardware updating on the automobile ECU level, and can realize updating only on the software level.
Correspondingly, the embodiment of the invention also provides an intrusion detection device of the intelligent networked automobile, wherein the intrusion detection device is an intrusion detection gateway, the device comprises a processor and a memory, computer instructions are stored in the memory, the processor is used for executing the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the device realizes the steps of the method.
Software implementing embodiments of the present invention may be disposed in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of tangible storage medium known in the art.
Accordingly, the present disclosure also relates to a storage medium as above, on which a computer program code may be stored, which when executed may implement various embodiments of the method of the present invention.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments in the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An intrusion detection method of an intelligent networked automobile is characterized by comprising the following steps:
receiving a communication request message of an external communication request body;
identifying a role of the communication request subject;
and determining whether the operation corresponding to the communication request message is matched with the operation authority corresponding to the identified role or not based on the preset operation authority information of a plurality of roles in a plurality of action domains, and sending the indication information corresponding to the communication request to the corresponding electronic control unit under the condition of matching so as to perform corresponding control by the electronic control unit.
2. The method of claim 1,
the plurality of roles includes one or more of the following roles: a remote service provider TSP, an intelligent decision TSP, an information service TSP, a mobile terminal, a road side unit RSU and other vehicle OBUs of an automobile manufacturer; or, the plurality of roles are a plurality of roles divided based on a communication subject;
the plurality of scopes includes one or more of: a power domain, a chassis domain, a vehicle body domain and an information domain; or the plurality of scopes comprise a plurality of scopes which are obtained by grouping according to the safety access control requirements of the electronic control units, and each group corresponds to one scope;
the operation authority information of the roles in the scope comprises: the operation authority information of each role on each component in each action domain;
the operation authority comprises an access operation to each access content in each scope, and the access operation comprises: unreadable and unwritable, readable only, writeable only, or both.
3. The method of claim 1,
and rejecting the communication request message under the condition that the operation corresponding to the communication request message is determined not to be matched with the operation authority corresponding to the identified role.
4. The method of claim 1, wherein the identifying a communication request subject role comprises:
analyzing a source address of the communication request message, and determining whether the source address is in a source address blacklist;
rejecting the communication request message if it is determined that the source address is in a source address blacklist;
in an instance in which it is determined that the source address is not in a source address blacklist, identifying a role for the communication request subject based on a source of the communication request message.
5. The method of claim 3 or 4, further comprising:
and sending a notice warning to an automobile central control display screen of the intelligent networked automobile and/or a TSP platform of an automobile manufacturer while rejecting the communication request message.
6. The method of claim 4, wherein identifying the role of the communication request subject based on the source of the communication request message comprises:
in the case that the communication request message originates from the on-board host box, comparing the source address of the communication request message with the source address of at least one pre-stored remote service provider, and determining the role of the communication request subject as a matching remote service provider role if there is a matching result;
under the condition that the communication request message is from a Bluetooth module, if the communication request message passes the authentication pairing success, determining that the role of the communication request main body is a mobile terminal role; if the pairing is unsuccessful, the vehicle can not communicate with the inside of the intelligent networking vehicle;
and under the condition that the communication request message is from an on-board unit (OBU), determining that the role of the communication request main body is a drive test unit (RSU) role or the OBU role of other vehicles based on a short-range communication protocol corresponding to the communication request message.
7. The method of claim 6, wherein identifying the role of the communication request subject based on the source of the communication request message further comprises:
and if the matching result does not exist, rejecting the communication request message, and adding the source address of the message into the source address blacklist.
8. The method of claim 1, wherein the method is performed by an intrusion detection gateway, the method further comprising:
and the electronic control unit executes the execution result after the corresponding operation based on the identified operation authority corresponding to the main body, sends the execution result to the relevant communication assembly through the CAN bus, and sends the execution result to the outside through the relevant communication assembly.
9. An intrusion detection device for an intelligent networked automobile, the device comprising a processor and a memory, wherein the memory has stored therein computer instructions, the processor being configured to execute the computer instructions stored in the memory, and wherein the device implements the steps of the method of any one of claims 1 to 8 when the computer instructions are executed by the processor.
10. The apparatus of claim 9, wherein the apparatus is an intrusion detection gateway disposed between a central gateway and an external communication device interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010208722.1A CN111314386B (en) | 2020-03-23 | 2020-03-23 | Intrusion detection method and device for intelligent networked automobile |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010208722.1A CN111314386B (en) | 2020-03-23 | 2020-03-23 | Intrusion detection method and device for intelligent networked automobile |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314386A true CN111314386A (en) | 2020-06-19 |
| CN111314386B CN111314386B (en) | 2021-04-23 |
Family
ID=71147294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010208722.1A Active CN111314386B (en) | 2020-03-23 | 2020-03-23 | Intrusion detection method and device for intelligent networked automobile |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314386B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114465777A (en) * | 2021-12-31 | 2022-05-10 | 惠州华阳通用智慧车载系统开发有限公司 | TSP server access control method |
| CN114666214A (en) * | 2021-12-21 | 2022-06-24 | 北京经纬恒润科技股份有限公司 | System firewall configuration method and device for car in Internet of vehicles and T-BOX |
| WO2022174794A1 (en) * | 2021-02-21 | 2022-08-25 | 华为技术有限公司 | Communication method and communication apparatus |
| CN114978656A (en) * | 2022-05-17 | 2022-08-30 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet detection defense method and device |
| CN115378668A (en) * | 2022-08-05 | 2022-11-22 | 刘畅 | Bidirectional authority framework method and system based on scope |
| WO2023123995A1 (en) * | 2021-12-30 | 2023-07-06 | 中国第一汽车股份有限公司 | Vehicle data processing method and apparatus, and vehicle |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090006412A1 (en) * | 2007-06-29 | 2009-01-01 | Bea Systems, Inc. | Method for resolving permission for role activation operators |
| CN101520831A (en) * | 2009-03-27 | 2009-09-02 | 深圳市永达电子有限公司 | Safe terminal system and terminal safety method |
| CN103065074A (en) * | 2012-12-14 | 2013-04-24 | 北京思特奇信息技术股份有限公司 | Uniform Resource Locator (URL) authority control method based on fine granularity |
| CN103227837A (en) * | 2013-03-01 | 2013-07-31 | 北京邮电大学 | Automobile networking intelligent operation system, automobile networking intelligent operation method and intelligent operation management platform |
| CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | Role authority control method and device based on security engine and security chip |
| CN107454190A (en) * | 2017-08-30 | 2017-12-08 | 北京新能源汽车股份有限公司 | Network architecture of intelligent networked automobile and automobile |
| US20180039789A1 (en) * | 2016-06-09 | 2018-02-08 | JPS Engineering Corp. | Systems and methods for cybersecurity |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| WO2018195763A1 (en) * | 2017-04-25 | 2018-11-01 | 余菁 | Intelligent in-vehicle system authenticating connection based on sound waves and method for connection in authentication |
| CN108809970A (en) * | 2018-05-29 | 2018-11-13 | 华南理工大学 | A kind of safety protecting method of smart home security gateway |
| CN109543420A (en) * | 2018-09-29 | 2019-03-29 | 中国平安人寿保险股份有限公司 | Authority configuring method, device, electronic equipment and storage medium based on sudo |
-
2020
- 2020-03-23 CN CN202010208722.1A patent/CN111314386B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090006412A1 (en) * | 2007-06-29 | 2009-01-01 | Bea Systems, Inc. | Method for resolving permission for role activation operators |
| CN101520831A (en) * | 2009-03-27 | 2009-09-02 | 深圳市永达电子有限公司 | Safe terminal system and terminal safety method |
| CN103065074A (en) * | 2012-12-14 | 2013-04-24 | 北京思特奇信息技术股份有限公司 | Uniform Resource Locator (URL) authority control method based on fine granularity |
| CN103227837A (en) * | 2013-03-01 | 2013-07-31 | 北京邮电大学 | Automobile networking intelligent operation system, automobile networking intelligent operation method and intelligent operation management platform |
| US20180039789A1 (en) * | 2016-06-09 | 2018-02-08 | JPS Engineering Corp. | Systems and methods for cybersecurity |
| WO2018195763A1 (en) * | 2017-04-25 | 2018-11-01 | 余菁 | Intelligent in-vehicle system authenticating connection based on sound waves and method for connection in authentication |
| CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | Role authority control method and device based on security engine and security chip |
| CN107454190A (en) * | 2017-08-30 | 2017-12-08 | 北京新能源汽车股份有限公司 | Network architecture of intelligent networked automobile and automobile |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| CN108809970A (en) * | 2018-05-29 | 2018-11-13 | 华南理工大学 | A kind of safety protecting method of smart home security gateway |
| CN109543420A (en) * | 2018-09-29 | 2019-03-29 | 中国平安人寿保险股份有限公司 | Authority configuring method, device, electronic equipment and storage medium based on sudo |
Non-Patent Citations (2)
| Title |
|---|
| KAIYU WANG, NAN LIU, JIAPENG XIU, AND ZHENGQIU YANG: "Research on Multi Domain Based Access Control in Intelligent Connected Vehicle", 《INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN NEW COMPUTING ENVIRONMENT》 * |
| 王超: "基于关联规则的车载网络入侵检测研究", 《中国优秀硕士学位论文全文数据库工程科技II辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022174794A1 (en) * | 2021-02-21 | 2022-08-25 | 华为技术有限公司 | Communication method and communication apparatus |
| CN114666214A (en) * | 2021-12-21 | 2022-06-24 | 北京经纬恒润科技股份有限公司 | System firewall configuration method and device for car in Internet of vehicles and T-BOX |
| WO2023123995A1 (en) * | 2021-12-30 | 2023-07-06 | 中国第一汽车股份有限公司 | Vehicle data processing method and apparatus, and vehicle |
| CN114465777A (en) * | 2021-12-31 | 2022-05-10 | 惠州华阳通用智慧车载系统开发有限公司 | TSP server access control method |
| CN114465777B (en) * | 2021-12-31 | 2023-06-30 | 惠州华阳通用智慧车载系统开发有限公司 | TSP server access control method |
| CN114978656A (en) * | 2022-05-17 | 2022-08-30 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet detection defense method and device |
| CN114978656B (en) * | 2022-05-17 | 2023-06-09 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet detection defense method and device |
| CN115378668A (en) * | 2022-08-05 | 2022-11-22 | 刘畅 | Bidirectional authority framework method and system based on scope |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314386B (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111314386B (en) | Intrusion detection method and device for intelligent networked automobile | |
| den Hartog et al. | Security and privacy for innovative automotive applications: A survey | |
| US11363045B2 (en) | Vehicle anomaly detection server, vehicle anomaly detection system, and vehicle anomaly detection method | |
| US10798117B2 (en) | Security processing method and server | |
| Sagstetter et al. | Security challenges in automotive hardware/software architecture design | |
| US20240250976A1 (en) | Security processing method and server | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| US8788731B2 (en) | Vehicle message filter | |
| WO2014070942A1 (en) | Automobile data abstraction and communication | |
| AU2019207593B2 (en) | A vehicle authentication and protection system | |
| Zhang et al. | A cyber security evaluation framework for in-vehicle electrical control units | |
| CN112752682A (en) | Method and system for improving vehicle safety | |
| US20120330498A1 (en) | Secure data store for vehicle networks | |
| CN114745695A (en) | Certificate processing method, device, equipment and storage medium | |
| CN118400136A (en) | Bus safety detection method and system based on CAN message identifier ID | |
| CN106982213A (en) | A kind of network attack defence method and relevant apparatus applied to mobile unit | |
| WO2023048185A1 (en) | Vehicle security analysis device, method, and program thereof | |
| Bajpai et al. | Towards effective identification and rating of automotive vulnerabilities | |
| JP7259966B2 (en) | Security device, setting change method, program, and storage medium | |
| Sharma et al. | Towards the prevention of car hacking: A threat to automation industry | |
| Zachos et al. | Test method for the sae j3138 automotive cyber security standard | |
| Al Zaabi et al. | An enhanced conceptual security model for autonomous vehicles | |
| CN110519213A (en) | Filter method, device, equipment and the computer readable storage medium of interior message | |
| CN114189830B (en) | Main body authority control method, equipment and storage medium based on Internet of vehicles | |
| WO2023048187A1 (en) | Vehicle security analysis device and method, and program therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |