CN111343128A - Network safety monitoring equipment and network safety monitoring system applied to motor vehicle - Google Patents
Network safety monitoring equipment and network safety monitoring system applied to motor vehicle Download PDFInfo
- Publication number
- CN111343128A CN111343128A CN201811549788.6A CN201811549788A CN111343128A CN 111343128 A CN111343128 A CN 111343128A CN 201811549788 A CN201811549788 A CN 201811549788A CN 111343128 A CN111343128 A CN 111343128A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- motor vehicle
- flow message
- network flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims description 35
- 238000012806 monitoring device Methods 0.000 claims description 29
- 230000006399 behavior Effects 0.000 claims description 26
- 238000001514 detection method Methods 0.000 claims description 23
- 238000004458 analytical method Methods 0.000 claims description 21
- 238000007726 management method Methods 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 6
- 238000012550 audit Methods 0.000 claims description 4
- 238000007619 statistical method Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 description 12
- 230000006855 networking Effects 0.000 description 7
- 238000000034 method Methods 0.000 description 6
- 230000000903 blocking effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The application discloses be applied to motor vehicle's network safety supervisory equipment and network safety monitored control system, wherein, be applied to motor vehicle's network safety supervisory equipment and carry out the matching of presetting the rule to the network flow message of the motor vehicle who obtains to when network flow message and presetting rule match unanimity, generate the early warning log and carry out the early warning, in order to realize carrying out the purpose monitored to network flow message information, and network flow message note is carrying on the motor vehicle's of this equipment network user state, consequently also realized the effective control to motor vehicle's network user state.
Description
Technical Field
The application relates to the technical field of vehicle-mounted equipment, in particular to network safety monitoring equipment and a network safety monitoring system applied to motor vehicles.
Background
With the continuous development of Internet of Vehicles (Internet of Vehicles), motor Vehicles with functions of Internet interconnection, ethernet and the like are emerging.
However, while the intellectualization of the motor vehicle is realized, the network security problem of the motor vehicle is continuously caused due to the openness of the motor vehicle network. In recent years, a plurality of network cracking and network attack events aiming at intelligent networked motor vehicles have appeared in sequence at home and abroad, and among the network security events, the motor vehicles and the whole vehicle factories cannot effectively monitor the network use conditions of the motor vehicles.
Disclosure of Invention
In order to solve the technical problems, the application provides a network security monitoring device and a network security monitoring system applied to a motor vehicle, so as to achieve the purpose of monitoring network traffic message information of the motor vehicle, and further achieve effective monitoring of the network use condition of the motor vehicle.
In order to achieve the technical purpose, the embodiment of the application provides the following technical scheme:
a network security monitoring device applied to a motor vehicle, the vehicle-mounted network monitoring device applied to the motor vehicle comprises: the device comprises an acquisition module, a matching module and a log module; wherein the content of the first and second substances,
the acquisition module is used for acquiring a network flow message of the motor vehicle;
the matching module is used for matching the acquired network flow message with a preset rule stored in a preset database, and generating an early warning log containing network flow message information matched and consistent with the preset rule when the network flow message is matched and consistent with the preset rule;
and the log module is used for storing the early warning log.
Optionally, the method further includes: and the human-computer interaction module is used for generating a safety state report according to the early warning log stored by the log module.
Optionally, the human-computer interaction module is further configured to display a recently generated security status report;
or the safety state report corresponding to the display instruction is displayed according to the received display instruction.
Optionally, the preset rule includes: at least one of network interface rules, intrusion detection rules, depth detection rules, and application behavior rules.
Optionally, the network interface rule includes whether an interface address of the network traffic packet is consistent with a preset address;
the intrusion detection rule comprises whether the network flow message contains external intrusion behaviors or not;
the deep detection rule comprises whether the application layer data of an open communication equipment interconnection reference OSI model of the packed network flow message is consistent with the deep packet detection rule or not;
the application behavior rule includes whether the network traffic message includes abnormal application behavior.
Optionally, the matching module is further configured to perform blocking processing or releasing processing on the network traffic packet.
Optionally, the preset database is further configured to update the preset rule according to the received rule update instruction.
A network security monitoring system applied to a motor vehicle comprises a cloud control platform and at least one network security monitoring device applied to the motor vehicle, wherein the network security monitoring device applied to the motor vehicle is wirelessly connected with the cloud control platform and is any one of the network security monitoring devices applied to the motor vehicle;
the cloud control platform is used for acquiring the network flow message acquired by the acquisition module of the network safety monitoring equipment applied to the motor vehicle and identification information corresponding to the network flow message, wherein the identification information is the identity information of the motor vehicle carried by the network safety monitoring equipment applied to the motor vehicle and used for acquiring the network flow message, and safety report information is generated according to the acquired network flow message and the identification information.
Optionally, the cloud control platform includes: the system comprises a data storage module, an event analysis module, an audit module, a management module and a configuration module; wherein the content of the first and second substances,
the data storage module is used for acquiring the network flow message acquired by the acquisition module of the network safety monitoring equipment applied to the motor vehicle and the identification information corresponding to the network flow message, judging whether the acquired network flow message is matched with any preset rule in a consistent manner, if so, transmitting the network flow message matched with the preset rule in a consistent manner to the auditing module, and if not, transmitting the network flow message to the event analysis module;
the auditing module is used for auditing and analyzing according to the received network flow message and the identification information corresponding to the network flow message so as to obtain a first safety report and transmit the first safety report to the event analysis module;
the event analysis module is used for carrying out statistical analysis on the received network flow message and the first safety report and generating a second safety report when the analysis result is abnormal;
the management module is used for generating a preset rule corresponding to the identification information according to a first safety report and a second safety report generated by the same identification information, and sending an update instruction to network safety monitoring equipment which acquires a network flow message corresponding to the identification information and is applied to the motor vehicle, wherein the update instruction comprises update information of the preset rule generated by the management module.
It can be seen from the foregoing technical solutions that, the embodiment of the present application provides a network security monitoring device and a network security monitoring system applied to a motor vehicle, where the network security monitoring device applied to the motor vehicle matches an acquired network traffic message of the motor vehicle with a preset rule, and when the network traffic message matches the preset rule, generates an early warning log to perform early warning, so as to achieve a purpose of monitoring network traffic message information, and the network traffic message records a network usage state of the motor vehicle on which the device is mounted, thereby also achieving effective monitoring of the network usage state of the motor vehicle.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a network security monitoring device applied to a motor vehicle according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a network security monitoring device applied to a motor vehicle according to another embodiment of the present application;
fig. 3 is a schematic flow chart illustrating preset rule matching of a network traffic packet according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a network security monitoring system applied to a motor vehicle according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a network security monitoring system applied to a motor vehicle according to another embodiment of the present application;
fig. 6 is a schematic flowchart of a process of processing a network traffic packet by a cloud control platform according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the present application provides a network security monitoring device applied to a motor vehicle, as shown in fig. 1, including: the device comprises an acquisition module 10, a matching module 20 and a log module 30; wherein the content of the first and second substances,
the acquiring module 10 is configured to acquire a network traffic message of a motor vehicle;
the matching module 20 is configured to match the acquired network traffic message with a preset rule stored in a preset database 40, and generate an early warning log including network traffic message information that matches the preset rule when the network traffic message matches the preset rule consistently;
the log module 30 is configured to store the early warning log.
It should be noted that the network traffic messages acquired by the acquiring module 10 include all network traffic messages in background communication between the motor vehicle and a remote Service Provider (TSP), and all network traffic messages in Ethernet (Ethernet) communication inside the motor vehicle.
In this embodiment, when the obtained network traffic message matches the preset rule, it is considered that the network traffic message is abnormal, and an early warning log including information of the network traffic message needs to be generated for early warning, so as to achieve the purpose of monitoring the network traffic message information.
It should also be noted that the network security monitoring device applied to the motor vehicle may be implemented by a vehicle networking Gateway control unit (such as TBOX, Gateway or an electronic control unit that performs a vehicle networking function and a central Gateway function) of the motor vehicle as a terminal carrier.
On the basis of the above embodiments, in one embodiment of the present application, as shown in fig. 2, the network security monitoring apparatus applied to a motor vehicle further includes: and the human-computer interaction module 50 is used for generating a safety state report according to the early warning log stored in the log module 30.
The safety state report presents the content of the early warning log in a graphical manner, and optionally, the human-computer interaction module 50 is further configured to display a recently generated safety state report;
or the safety state report corresponding to the display instruction is displayed according to the received display instruction.
In this embodiment, after a safety status report is recently generated, a prompt of the safety status report may be performed through a display device such as a screen or an instrument panel of the vehicle-mounted terminal, so as to remind a driver of recent dynamics of network security of the motor vehicle; in addition, the driver can also input a display instruction to the human-computer interaction module 50 through the vehicle-mounted system, so that the human-computer interaction module 50 displays the safety state report according to the types of events, dates and the like.
When a safety state report needs to be displayed according to an event, the display instruction needs to carry instruction information corresponding to the event; similarly, when the safety status report needs to be displayed according to time, the display instruction needs to carry instruction information corresponding to the date. For example, when the driver needs to view the safety status report generated on day 9/month-1, it is necessary to input a display instruction including instruction information on day 9/month-1 through an input device such as a touch panel or a key of the in-vehicle system, so that the human-machine interaction module 50 displays the safety status report generated on day 9/month-1.
On the basis of the above embodiment, in another embodiment of the present application, the preset rule includes: at least one of network interface rules, intrusion detection rules, depth detection rules, and application behavior rules.
Optionally, the network interface rule includes whether an interface address of the network traffic packet is consistent with a preset address;
the intrusion detection rule comprises whether the network flow message contains external intrusion behaviors or not;
the deep detection rule comprises whether the application layer data of an open communication equipment interconnection reference OSI model of the packed network flow message is consistent with the deep packet detection rule or not;
the application behavior rule includes whether the network traffic message includes abnormal application behavior.
The preset address can be an MAC address or an IP address and the like;
the external intrusion behavior can be DOS attack, port detection and other external intrusion behaviors;
the deep packet inspection rule is mainly used for matching network traffic messages transmitted by adopting an Http protocol, the network traffic messages of the types are packaged, the whole data of an application layer of an Open system interconnection Reference (OSI) Model of the Open communication equipment is obtained, and the deep packet inspection rule is matched according to a preset deep packet inspection rule.
The application behavior rules are mainly used for monitoring abnormal application behaviors, for example, network flow messages of vehicle control instructions for opening vehicle doors, which are sent by a TSP background, are monitored, when the network flow messages meet a defined abnormal state threshold value, the network flow messages are considered to be matched with the application behavior rules and consistent with the application behavior rules, and the network flow messages are input to a vehicle application behavior layer to send network safety events.
In a preferred embodiment of the present application, the preset rule includes: network interface rules, intrusion detection rules, depth detection rules, and application behavior rules. Correspondingly, referring to fig. 3, in the process of matching the network traffic message with the preset rule by the matching module 20, in this embodiment, the network traffic message is detected hierarchically, wherein the network traffic message is matched with the network interface rule at a network interface layer, the network traffic message is matched with the intrusion detection rule at an intrusion detection layer, the network traffic message is matched with the deep detection rule at a deep packet detection layer, and finally the network traffic message is matched with the application behavior rule at an application behavior layer; wherein the application behavior rules are stored in the application behavior layer.
On the basis of the foregoing embodiment, in another embodiment of the present application, the matching module 20 is further configured to perform blocking processing or releasing processing on the network traffic packet.
In this embodiment, when the network traffic packet matches a preset rule consistently, the matching module 20 may, in addition to generating an early warning log to perform early warning, determine whether blocking processing needs to be performed according to a result of matching the preset rule, for example, blocking processing needs to be performed on a network traffic packet carrying a DOS attack behavior or a port detection behavior, so as to avoid damage to network security of a motor vehicle. And when the network flow message is inconsistent with the preset rule, the network flow message needs to be released, so that the normal networking function of the vehicle-mounted terminal is ensured.
On the basis of the foregoing embodiment, in an optional embodiment of the present application, the preset database 40 is further configured to update the preset rule according to a received rule update instruction.
The rule update instruction may be an instruction input to the preset database 40 by a user, or may be an instruction including a new preset rule sent by a device, such as a cloud server, that can communicate with a network security monitoring device applied to a motor vehicle.
Correspondingly, the embodiment of the present application further provides a network security monitoring system applied to a motor vehicle, as shown in fig. 4, including a cloud control platform 200 and at least one network security monitoring device 100 applied to a motor vehicle, which is wirelessly connected to the cloud control platform 200, where the network security monitoring device 100 applied to a motor vehicle is the network security monitoring device 100 applied to a motor vehicle described in any one of the above embodiments;
the cloud control platform 200 is configured to obtain a network traffic message obtained by the obtaining module 10 of the network security monitoring device 100 applied to the motor vehicle and identification information corresponding to the network traffic message, where the identification information is identity information of the motor vehicle carried by the network security monitoring device 100 applied to the motor vehicle, which obtains the network traffic message, and generate security report information according to the obtained network traffic message and the identification information.
In this embodiment, the cloud control platform 200 may integrate a plurality of network traffic messages sent by the network security monitoring device 100 applied to the motor vehicle to implement data analysis and statistics of vehicle classification, time, event type, and the like, so as to implement monitoring on suspicious network traffic messages and perceive and predict a security development trend.
On the basis of the foregoing embodiment, in an optional embodiment of the present application, as shown in fig. 5, the cloud control platform 200 includes: a data storage module 210, an event analysis module 220, an auditing module 230, a management module 250, and a configuration module 240; wherein the content of the first and second substances,
the data storage module 210 is configured to obtain a network traffic message obtained by the obtaining module 10 of the network security monitoring device 100 applied to the motor vehicle and identification information corresponding to the network traffic message, and determine whether the obtained network traffic message matches any one of the preset rules, if so, transmit the network traffic message matching the preset rules to the auditing module 230, and if not, transmit the network traffic message to the event analysis module 220;
the auditing module 230 is configured to perform auditing analysis according to the received network traffic message and identification information corresponding to the network traffic message, so as to obtain a first security report and transmit the first security report to the event analysis module 220;
the event analysis module 220 is configured to perform statistical analysis on the received network traffic message and the first security report, and generate a second security report when an analysis result is abnormal;
the management module 250 is configured to generate a preset rule corresponding to the identification information according to a first safety report and a second safety report generated by the same identification information, and send an update instruction to the network security monitoring device 100, which is applied to the motor vehicle and obtains a network traffic packet corresponding to the identification information, where the update instruction includes update information of the preset rule generated by the management module 250.
Specifically, data transmission between the data storage module 210 and the network security monitoring device 100 applied to the motor vehicle needs to be encrypted to avoid data leakage; the data storage module 210 is responsible for collecting, decrypting and storing network traffic messages of each network security monitoring device 100 applied to the motor vehicle;
the auditing module 230 is responsible for auditing and analyzing the network flow message and the representation information, including distinguishing and processing according to vehicle type, time, event type, security level and the like, and completing threat analysis and asset evaluation; for example, when the vehicle type A is in the vehicle type B, the vehicle type A is attacked by Flood DOS of SYN _ Flood type within a certain continuous time period, so that the network of the vehicle end cannot normally communicate, the background judges that the events have great influence on normal use of the vehicle by the user according to the definition, namely, the user assets are greatly threatened, and the background generates a corresponding safety report for the safety events to perform audit analysis.
The statistical analysis of the network traffic message and the first security report by the event analysis module 220 includes presenting a processing result of the auditing module 230 in a situation awareness manner according to a requirement, monitoring suspicious data, and perceiving and predicting a security development trend. The situation awareness is an ability to dynamically and integrally know security risks based on environment, and is a way to improve the capabilities of discovery, identification, understanding, analysis and response handling of security threats from a global perspective based on security data, and finally is a ground of security capabilities for decision and action. The specific implementation form of the method can be that network security events of all vehicle types are counted according to event types and presented in a visual graph form. For example, when the cloud control platform 200 detects a certain car networking flow, if the car networking flow is different from the historical flow of the car in the same order of magnitude or is different from the current flow of the same type of car, the platform situation is obviously changed greatly, and meanwhile, the management module 250 pushes a corresponding person in charge to perform decision processing according to the security level of the event, and finally, the configuration update of the preset rule of the terminal car is realized according to the decision result, and the strategy update of the terminal defense is performed.
A specific implementation of the present application provides a specific processing procedure of a network traffic packet by a cloud control platform, and as shown in fig. 6, a decrypted network traffic packet is processed from two aspects, namely a regular security event and a suspicious event. If the safety event is defined by a preset rule, classifying vehicle types, time, geographic positions and safety event types, and performing safety audit analysis on assets, threats and stability;
if the suspicious event is defined by the preset rule, the suspicious event presents the network security situation of the whole vehicle in a situation,
for example, if the platform detects the networking traffic of a certain vehicle, if the networking traffic is different from the historical traffic of the vehicle in the same order of magnitude or is different from the current traffic of the same type, the situation in the cloud control platform 200 is obviously changed greatly, and meanwhile, the management module 250 pushes a corresponding person in charge to perform decision processing according to the security level of the event, and finally, the configuration update of the preset rules of the terminal vehicle is realized according to the decision result, and the strategy update of the terminal defense is performed.
To sum up, the embodiment of the present application provides a network security monitoring device 100 applied to a motor vehicle and a network security monitoring system applied to a motor vehicle, wherein the network security monitoring device 100 applied to a motor vehicle matches an acquired network traffic message of a motor vehicle with a preset rule, and when the network traffic message matches the preset rule, generates an early warning log to perform early warning, so as to achieve the purpose of monitoring the network traffic message information, and the network traffic message records the network use state of the motor vehicle carrying the device, thereby also achieving effective monitoring of the network use state of the motor vehicle.
Reference throughout this specification to "one embodiment" or similar language means that a feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment," "in an embodiment," and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
Furthermore, the described features, structures, or characteristics of the invention may be combined in any suitable manner in one or more embodiments. The previous description has provided numerous specific details such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, materials, and so forth. In other instances, well-known structures, materials, or operations are not shown in detail to avoid obscuring the invention.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. A network security monitoring apparatus applied to a motor vehicle, characterized in that the vehicle-mounted network monitoring apparatus applied to a motor vehicle comprises: the device comprises an acquisition module, a matching module and a log module; wherein the content of the first and second substances,
the acquisition module is used for acquiring a network flow message of the motor vehicle;
the matching module is used for matching the acquired network flow message with a preset rule stored in a preset database, and generating an early warning log containing network flow message information matched and consistent with the preset rule when the network flow message is matched and consistent with the preset rule;
and the log module is used for storing the early warning log.
2. The apparatus of claim 1, further comprising: and the human-computer interaction module is used for generating a safety state report according to the early warning log stored by the log module.
3. The device of claim 2, wherein the human-machine interaction module is further configured to display a recently generated security status report;
or the safety state report corresponding to the display instruction is displayed according to the received display instruction.
4. The apparatus of claim 1, wherein the preset rule comprises: at least one of network interface rules, intrusion detection rules, depth detection rules, and application behavior rules.
5. The device according to claim 4, wherein the network interface rule includes whether an interface address of the network traffic packet is consistent with a preset address;
the intrusion detection rule comprises whether the network flow message contains external intrusion behaviors or not;
the deep detection rule comprises whether the application layer data of an open communication equipment interconnection reference OSI model of the packed network flow message is consistent with the deep packet detection rule or not;
the application behavior rule includes whether the network traffic message includes abnormal application behavior.
6. The device of claim 1, wherein the matching module is further configured to block or release the network traffic packet.
7. The apparatus of claim 1, wherein the predetermined database is further configured to update the predetermined rule according to a received rule update instruction.
8. A network security monitoring system applied to a motor vehicle, which is characterized by comprising a cloud control platform and at least one network security monitoring device applied to the motor vehicle, wherein the network security monitoring device applied to the motor vehicle is the network security monitoring device applied to the motor vehicle, and the network security monitoring device is wirelessly connected with the cloud control platform and is defined by any one of claims 1 to 7;
the cloud control platform is used for acquiring the network flow message acquired by the acquisition module of the network safety monitoring equipment applied to the motor vehicle and identification information corresponding to the network flow message, wherein the identification information is the identity information of the motor vehicle carried by the network safety monitoring equipment applied to the motor vehicle and used for acquiring the network flow message, and safety report information is generated according to the acquired network flow message and the identification information.
9. The system of claim 8, wherein the cloud control platform comprises: the system comprises a data storage module, an event analysis module, an audit module, a management module and a configuration module; wherein the content of the first and second substances,
the data storage module is used for acquiring the network flow message acquired by the acquisition module of the network safety monitoring equipment applied to the motor vehicle and the identification information corresponding to the network flow message, judging whether the acquired network flow message is matched with any preset rule in a consistent manner, if so, transmitting the network flow message matched with the preset rule in a consistent manner to the auditing module, and if not, transmitting the network flow message to the event analysis module;
the auditing module is used for auditing and analyzing according to the received network flow message and the identification information corresponding to the network flow message so as to obtain a first safety report and transmit the first safety report to the event analysis module;
the event analysis module is used for carrying out statistical analysis on the received network flow message and the first safety report and generating a second safety report when the analysis result is abnormal;
the management module is used for generating a preset rule corresponding to the identification information according to a first safety report and a second safety report generated by the same identification information, and sending an update instruction to network safety monitoring equipment which acquires a network flow message corresponding to the identification information and is applied to the motor vehicle, wherein the update instruction comprises update information of the preset rule generated by the management module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811549788.6A CN111343128A (en) | 2018-12-18 | 2018-12-18 | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811549788.6A CN111343128A (en) | 2018-12-18 | 2018-12-18 | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111343128A true CN111343128A (en) | 2020-06-26 |
Family
ID=71187911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811549788.6A Pending CN111343128A (en) | 2018-12-18 | 2018-12-18 | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111343128A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
| CN111885060A (en) * | 2020-07-23 | 2020-11-03 | 上海交通大学 | Internet of vehicles-oriented nondestructive information security vulnerability detection system and method |
| CN112104608A (en) * | 2020-08-17 | 2020-12-18 | 华人运通(上海)云计算科技有限公司 | Vehicle information safety protection method, system and storage medium |
| CN114338234A (en) * | 2022-02-28 | 2022-04-12 | 北京经纬恒润科技股份有限公司 | Method and device for processing message |
| CN115277061A (en) * | 2022-06-13 | 2022-11-01 | 盈适慧众(上海)信息咨询合伙企业(有限合伙) | Network security service management system and method |
| CN115297141A (en) * | 2022-07-28 | 2022-11-04 | 东风汽车集团股份有限公司 | Vehicle-mounted network IDPS joint defense linkage method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
| CN108173856A (en) * | 2017-12-28 | 2018-06-15 | 北京奇虎科技有限公司 | Vehicle communication data safety detection method, device and car-mounted terminal |
| US20180262466A1 (en) * | 2017-03-09 | 2018-09-13 | Argus Cyber Security Ltd | System and method for providing cyber security to an in-vehicle network |
| CN108961473A (en) * | 2018-08-07 | 2018-12-07 | 长安大学 | A kind of vehicle-state assessment method for early warning based on intelligent network connection automobile control centre |
-
2018
- 2018-12-18 CN CN201811549788.6A patent/CN111343128A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180262466A1 (en) * | 2017-03-09 | 2018-09-13 | Argus Cyber Security Ltd | System and method for providing cyber security to an in-vehicle network |
| CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
| CN108173856A (en) * | 2017-12-28 | 2018-06-15 | 北京奇虎科技有限公司 | Vehicle communication data safety detection method, device and car-mounted terminal |
| CN108961473A (en) * | 2018-08-07 | 2018-12-07 | 长安大学 | A kind of vehicle-state assessment method for early warning based on intelligent network connection automobile control centre |
Non-Patent Citations (1)
| Title |
|---|
| 丰斓,李文国: "管理信息系统教程", 《管理信息系统教程》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111885060A (en) * | 2020-07-23 | 2020-11-03 | 上海交通大学 | Internet of vehicles-oriented nondestructive information security vulnerability detection system and method |
| CN111885060B (en) * | 2020-07-23 | 2021-08-03 | 上海交通大学 | Internet of vehicles-oriented nondestructive information security vulnerability detection system and method |
| CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
| CN111865724B (en) * | 2020-07-28 | 2022-02-08 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
| CN112104608A (en) * | 2020-08-17 | 2020-12-18 | 华人运通(上海)云计算科技有限公司 | Vehicle information safety protection method, system and storage medium |
| CN114338234A (en) * | 2022-02-28 | 2022-04-12 | 北京经纬恒润科技股份有限公司 | Method and device for processing message |
| CN114338234B (en) * | 2022-02-28 | 2023-07-14 | 北京经纬恒润科技股份有限公司 | Method and device for processing message |
| CN115277061A (en) * | 2022-06-13 | 2022-11-01 | 盈适慧众(上海)信息咨询合伙企业(有限合伙) | Network security service management system and method |
| CN115297141A (en) * | 2022-07-28 | 2022-11-04 | 东风汽车集团股份有限公司 | Vehicle-mounted network IDPS joint defense linkage method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111343128A (en) | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle | |
| EP2080317B1 (en) | Apparatus and a security node for use in determining security attacks | |
| US8099782B1 (en) | Event aggregation in a network | |
| CN109033829A (en) | Vehicle network intrusion detection householder method, apparatus and system | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| CN105264861A (en) | Method and apparatus for detecting a multi-stage event | |
| CN107426285A (en) | A kind of vehicle-mounted CAN bus safety means of defence and device | |
| CN103999091A (en) | Geo-mapping system security events | |
| CN101257678A (en) | Method, terminal and system for realizing mobile terminal software safe detection | |
| CN110636075A (en) | Operation and maintenance management and control and operation and maintenance analysis method and device | |
| Ring et al. | Survey on vehicular attacks-building a vulnerability database | |
| CN107911244A (en) | The multi-user's honey jar terminal system and its implementation that a kind of cloud net combines | |
| WO2021145144A1 (en) | Intrusion-path analyzing device and intrusion-path analyzing method | |
| CN113163369A (en) | Vehicle intrusion prevention processing method and device and automobile | |
| CN109076081B (en) | Method for monitoring the safety of a communication connection of a vehicle | |
| CN106097715A (en) | Vehicle insurance surveys auxiliary terminal, system and its implementation | |
| CN112738121A (en) | Password security situation awareness method, device, equipment and readable storage medium | |
| CN115147956A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112650180B (en) | Safety warning method, device, terminal equipment and storage medium | |
| CN111277538A (en) | System and method for protecting data security of data exchange process of big data platform | |
| US20220157090A1 (en) | On-vehicle security measure device, on-vehicle security measure method, and security measure system | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN115941333A (en) | Tbox-based Internet of vehicles information safety protection system and method | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| CN113836564A (en) | Block chain-based networked automobile information safety system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221213 Address after: No. 203, Shanghai Songjiang Road, No. 201563, Pudong New Area Applicant after: SAIC Motor Corp.,Ltd. Applicant after: Shanghai automotive industry (Group) Co.,Ltd. Address before: 201203 Room 509, Building No. 1, 563 Songtao Road, Zhangjiang High-tech Park, Pudong New Area, Shanghai Applicant before: SAIC Motor Corp.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200626 |