CN111860139A - A defense method and related device for an intelligent system - Google Patents

A defense method and related device for an intelligent system Download PDF

Info

Publication number
CN111860139A
CN111860139A CN202010519394.7A CN202010519394A CN111860139A CN 111860139 A CN111860139 A CN 111860139A CN 202010519394 A CN202010519394 A CN 202010519394A CN 111860139 A CN111860139 A CN 111860139A
Authority
CN
China
Prior art keywords
sensor
target
correlation
matrix
attacked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010519394.7A
Other languages
Chinese (zh)
Other versions
CN111860139B (en
Inventor
邵翠萍
李慧云
陈贝章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute of Advanced Technology of CAS
Original Assignee
Shenzhen Institute of Advanced Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute of Advanced Technology of CAS filed Critical Shenzhen Institute of Advanced Technology of CAS
Priority to CN202010519394.7A priority Critical patent/CN111860139B/en
Publication of CN111860139A publication Critical patent/CN111860139A/en
Application granted granted Critical
Publication of CN111860139B publication Critical patent/CN111860139B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V20/00Scenes; Scene-specific elements
    • G06V20/50Context or environment of the image
    • G06V20/56Context or environment of the image exterior to a vehicle by using sensors mounted on the vehicle
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Radar Systems Or Details Thereof (AREA)
  • Traffic Control Systems (AREA)

Abstract

本申请公开了一种智能化系统的防御方法及相关装置,该方法包括:基于至少一个传感器采集到的传感数据,得到至少一个传感器分别对应的特征信息;将各传感器的特征信息分别输入至相应传感器的攻击判断模型,以判断传感器是否为被攻击传感器,其中,攻击判断模型包括自相关性判断模型、互相关性判断模型中的至少一个;若是,则修复被攻击传感器的传感数据。通过本申请所提供的技术方案,可以较好地提高智能化系统的防御能力和安全性。

Figure 202010519394

The present application discloses a defense method for an intelligent system and a related device. The method includes: obtaining feature information corresponding to at least one sensor based on sensing data collected by at least one sensor; inputting the feature information of each sensor into a The attack judgment model of the corresponding sensor is used to judge whether the sensor is an attacked sensor, wherein the attack judgment model includes at least one of an autocorrelation judgment model and a cross-correlation judgment model; if so, the sensing data of the attacked sensor is repaired. Through the technical solution provided by the present application, the defense capability and security of the intelligent system can be better improved.

Figure 202010519394

Description

一种智能化系统的防御方法及相关装置A defense method and related device for an intelligent system

技术领域technical field

本申请涉及智能化系统安全技术领域,特别是涉及一种智能化系统的防御方法及相关装置。The present application relates to the technical field of intelligent system security, and in particular, to a defense method and related device for an intelligent system.

背景技术Background technique

信息和通信技术的日新月异带动了智能化系统技术的发展,以提高智能化系统安全和效率为目标,使得智能化系统智能化、互联网化已成为智能化系统发展的必然趋势。其中,智能化系统中的感知系统或感知设备的安全可靠性影响着整个智能化系统的安全性和稳定性。一旦智能化系统的感知系统或感知设备遭受到攻击,使得传感器获取的信息失真,进而就会导致错误的识别结果,进而会使得智能化系统得出错误的策略,进而会引发智能化系统的安全事故。故需要一种可稳定防御外部的攻击的技术方案来解决上述技术问题。The rapid development of information and communication technology has driven the development of intelligent system technology. With the goal of improving the safety and efficiency of intelligent systems, making intelligent systems intelligent and Internet-based has become an inevitable trend in the development of intelligent systems. Among them, the safety and reliability of the sensing system or sensing equipment in the intelligent system affects the safety and stability of the entire intelligent system. Once the sensing system or sensing equipment of the intelligent system is attacked, the information obtained by the sensor will be distorted, which will lead to wrong identification results, which will lead to the wrong strategy for the intelligent system, which will lead to the security of the intelligent system. ACCIDENT. Therefore, a technical solution that can stably defend against external attacks is required to solve the above-mentioned technical problems.

发明内容SUMMARY OF THE INVENTION

本申请主要解决的技术问题是提供一种智能化系统的防御方法及相关装置,可以实现提高智能化系统的防御能力和安全性。The main technical problem to be solved by the present application is to provide a defense method and related device for an intelligent system, which can improve the defense capability and security of the intelligent system.

为解决上述技术问题,本申请采用的一个技术方案是:提供一种智能化系统的防御方法,所述方法包括:In order to solve the above-mentioned technical problems, a technical solution adopted in the present application is to provide a defense method for an intelligent system, the method comprising:

基于至少一个传感器采集到的传感数据,得到所述至少一个传感器分别对应的特征信息;Based on the sensing data collected by the at least one sensor, obtain feature information corresponding to the at least one sensor respectively;

将各所述传感器的所述特征信息分别输入至相应所述传感器的攻击判断模型,以判断所述传感器是否为被攻击传感器,其中,所述攻击判断模型包括自相关性判断模型、互相关性判断模型中的至少一个;The feature information of each of the sensors is respectively input into the attack judgment model of the corresponding sensor to judge whether the sensor is an attacked sensor, wherein the attack judgment model includes an autocorrelation judgment model, a cross-correlation judgment model at least one of the judgment models;

若是,则修复所述被攻击传感器的所述传感数据。If so, repair the sensing data of the attacked sensor.

为解决上述技术问题,本申请采用的另一个技术方案是:提供一种防御装置,所述装置包括存储器、处理器和数据获取端口,所述存储器和所述数据获取端口分别与所述处理器耦接,其中,In order to solve the above technical problem, another technical solution adopted in the present application is to provide a defense device, the device includes a memory, a processor and a data acquisition port, the memory and the data acquisition port are respectively connected with the processor. coupled, where,

所述数据获取端口在所述处理器的控制下,获取至少一个传感器反馈的传感数据,并输出至所述处理器;Under the control of the processor, the data acquisition port acquires sensing data fed back by at least one sensor, and outputs it to the processor;

所述存储器存储有计算机程序;the memory stores a computer program;

所述处理器用于运行所述计算机程序,以执行如上所述的方法。The processor is adapted to run the computer program to perform the method as described above.

为解决上述技术问题,本申请采用的又一个技术方案是:提供一种智能化系统,包括至少一个传感器和如上所述的防御装置。In order to solve the above technical problem, another technical solution adopted in the present application is to provide an intelligent system, which includes at least one sensor and the above-mentioned defense device.

为解决上述技术问题,本申请采用的再一个技术方案是,提供一种存储介质,所述存储介质存储有能够被处理器运行的计算机程序,所述计算机程序用于实现如上所述的智能化系统的防御方法。In order to solve the above technical problem, another technical solution adopted in the present application is to provide a storage medium, where the storage medium stores a computer program that can be run by a processor, and the computer program is used to realize the above-mentioned intelligentization System defense method.

本申请的有益效果是:区别于现有技术的情况,本申请所提供的技术方案,通过基于至少一个传感器采集到的传感数据得到至少一个传感器分别对应的特征信息,然后将各个传感器的特征信息分别输入至各个传感器对应的自相关性判断模型和/或互相关性判断模型,进而可以快速判断得到传感器是否为被攻击传感器,即通过在各个传感器向智能化系统反馈传感数据后,实时基于传感数据的自相关性和/或互相关性判断对应的传感器是否受到攻击,并在判断传感器受到攻击时修复被攻击传感器所对应的传感数据,较好地提高了智能化系统的防御能力和完全性。The beneficial effects of the present application are: different from the situation in the prior art, the technical solution provided by the present application obtains the feature information corresponding to at least one sensor based on the sensing data collected by the at least one sensor, and then combines the features of each sensor The information is respectively input into the autocorrelation judgment model and/or the cross-correlation judgment model corresponding to each sensor, so as to quickly determine whether the sensor is an attacked sensor, that is, after each sensor feeds back the sensing data to the intelligent system, real-time Determine whether the corresponding sensor is attacked based on the autocorrelation and/or cross-correlation of the sensor data, and repair the sensor data corresponding to the attacked sensor when judging that the sensor is attacked, which better improves the defense of the intelligent system competence and completeness.

附图说明Description of drawings

图1为本申请一种防御装置一实施例中的结构示意图;FIG. 1 is a schematic structural diagram of an embodiment of a defense device of the present application;

图2为本申请一种智能化系统一实施例中的结构示意图;2 is a schematic structural diagram of an embodiment of an intelligent system of the application;

图3是本申请一种智能化系统的防御方法一实施例中的流程示意图;3 is a schematic flowchart of an embodiment of a defense method for an intelligent system of the present application;

图4为本申请一种智能化系统的防御方法另一实施例中的流程示意图;4 is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application;

图5为本申请一种智能化系统的防御方法又一个实施例中的流程示意图;5 is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application;

图6为本申请一种智能化系统的防御方法再一实施例中的流程示意图;FIG. 6 is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application;

图7为本申请一种智能化系统的防御方法另一实施例中的流程示意图;7 is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application;

图8为本申请一种智能化系统的防御方法再一实施例中的流程示意图;FIG. 8 is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application;

图9为本申请一种存储介质一实施例结构示意图。FIG. 9 is a schematic structural diagram of an embodiment of a storage medium of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。可以理解的是,此处所描述的具体实施例仅用于解释本申请,而非对本申请的限定。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of this application.

本申请的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。In the description of the present application, "a plurality of" means at least two, such as two, three, etc., unless otherwise expressly and specifically defined. Furthermore, the terms "comprising" and "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.

在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.

随着智能化技术的发展,智能化系统被广泛地应用于各行各业,尤以无人驾驶领域应用最为广泛,如可应用于无人驾驶汽车、无人机等。如当智能化系统被应用于无人驾驶领域时,如何提高交通安全可靠性、提高处理效率、汽车智能化以及联网化已成为无人驾驶领域的发展趋势。由于无人驾驶技术是当今社会发展和前沿科学技术的重要项目,它对于社会的多个领域诸如城市建设、交通出行、经济发展和国防力量有着不可估量的重要意义。其中,在无人驾驶技术中感知系统影响着应用智能化系统的设备安全性和稳定性,一旦智能化系统的感知系统受到攻击,导致感知系统获取的信息失真,导致错误的识别结果,进而导致不正确的决策,极有可能引发安全事故,造成严重的生命与财产损失,故各国和组织争先推出相关政策和新技术。With the development of intelligent technology, intelligent systems are widely used in all walks of life, especially in the field of unmanned driving, such as unmanned vehicles and drones. For example, when intelligent systems are applied in the field of unmanned driving, how to improve traffic safety and reliability, improve processing efficiency, intelligent and networked vehicles has become the development trend in the field of unmanned driving. Since unmanned driving technology is an important project in today's social development and cutting-edge science and technology, it is of immeasurable significance to many areas of society such as urban construction, transportation, economic development and national defense. Among them, the perception system in the unmanned driving technology affects the equipment safety and stability of the intelligent system. Once the perception system of the intelligent system is attacked, the information obtained by the perception system will be distorted, resulting in wrong recognition results, which will lead to Incorrect decision-making is very likely to cause safety accidents and cause serious loss of life and property. Therefore, countries and organizations are scrambling to launch relevant policies and new technologies.

目前国内外对于智能化系统的安全防御尚处于比较早期阶段,提出的方案适用的场景比较单一。如当智能化系统应用于无人驾驶领域时,智能化系统包括视觉感知部分,则只能对视觉感知部分进行单一的防御。那么现有的对于视觉攻击的防御主要有两种方法:第一种是通过不断输入新类型的对抗样本并执行对抗训练,从而不断提升网络的鲁棒性。这种方法需要大量的训练数据,然而,Moosavi-Dezfooli指出,无论添加多少对抗样本,都存在新的对抗攻击样本可以再次欺骗网络;第二种是以增加冗余的方式部署更多的传感器等。第一种方法只是从一定程度上减少对抗样本对传感器识别的影响,但是总是会存在新的对抗样本。第二种方法则会显著增加生产配置的成本。At present, the security defense of intelligent systems at home and abroad is still in a relatively early stage, and the proposed scheme is applicable to a relatively single scenario. For example, when the intelligent system is applied to the field of unmanned driving, the intelligent system includes the visual perception part, and only a single defense can be performed on the visual perception part. Then there are two main ways to defend against visual attacks: the first is to continuously improve the robustness of the network by continuously inputting new types of adversarial samples and performing adversarial training. This method requires a lot of training data, however, Moosavi-Dezfooli pointed out that no matter how many adversarial samples are added, there are new adversarial attack samples that can fool the network again; the second is to deploy more sensors in a way that increases redundancy, etc. . The first method only reduces the impact of adversarial examples on sensor recognition to a certain extent, but there will always be new adversarial examples. The second approach significantly increases the cost of the production configuration.

而现有技术中针对无人驾驶中的激光雷达传感器防御的主要措施有:(1)在光学和光电装置中安装快光电开关、滤光片,防止激光致盲。(2)研究抗激光结构,例如夹层结构,防止敌激光能量对己方装备的破坏。(3)技术参数严格保密,例如对己方激光信号采取编码技术,加大敌方干扰难度。(4)研制和发展特种耐高温材料的壳体,使它难以被激光武器烧毁和穿透。经过调查研究表明,这些方法只能在一定程度上降低被攻击的风险,但是无法在激光雷达传感器被攻击后的提供安全应对措施。In the prior art, the main defense measures for lidar sensors in unmanned driving are as follows: (1) Install fast photoelectric switches and filters in optical and photoelectric devices to prevent laser blindness. (2) Study anti-laser structures, such as sandwich structures, to prevent the damage of enemy laser energy to one's own equipment. (3) The technical parameters are strictly confidential, for example, the coding technology is adopted for the laser signal of one's own side to increase the difficulty of the enemy's interference. (4) Research and develop the shell of special high temperature resistant material, making it difficult to be burned and penetrated by laser weapons. After investigation and research, it is shown that these methods can only reduce the risk of being attacked to a certain extent, but cannot provide security countermeasures after the lidar sensor is attacked.

而对于位置传感器的攻击防御,需要加密、信号失真检测、波达方向(DOA)感应等方法结合来抵御攻击。单独一种方法不可能实现完全防御。该方法的代价和成本极高,也存在被漏检的可能性。因此由上可以得知,目前智能化系统的防御方法只能实现针对单一传感器的防御,或者是在一定程度上减小攻击带来的影响,但是尚未形成系统全面的攻击检测和防御体系,而本申请所提供的技术方案则可以较好地解决上述技术问题。For the attack defense of position sensors, it is necessary to combine methods such as encryption, signal distortion detection, and direction of arrival (DOA) sensing to defend against attacks. Complete defense cannot be achieved with a single approach. The cost and cost of this method are extremely high, and there is also the possibility of being missed. Therefore, it can be seen from the above that the current defense methods of intelligent systems can only achieve defense against a single sensor, or reduce the impact of attacks to a certain extent, but a comprehensive attack detection and defense system has not yet been formed. The technical solution provided by the present application can better solve the above-mentioned technical problems.

为便于理解本申请所提供的智能化系统的防御方法,在此先阐述本申请所提供的防御装置以及智能化系统。首先请参见图1,图1为本申请一种防御装置一实施例中的结构示意图,在当前实施例中,本申请所提供的防御装置100可以执行如下图3至图8及其对应的任意一个实施例中所述的智能化系统的防御方法。具体地,防御装置100包括存储器102、处理器101和数据获取端口103。其中,存储器102和数据获取端口103分别与处理器101耦接。In order to facilitate the understanding of the defense method of the intelligent system provided by the present application, the defense device and the intelligent system provided by the present application are first described here. First, please refer to FIG. 1. FIG. 1 is a schematic structural diagram of an embodiment of a defense device of the present application. In the current embodiment, the defense device 100 provided by the present application can execute any of the following FIGS. 3 to 8 and their corresponding The defense method of the intelligent system described in one embodiment. Specifically, the defense device 100 includes a memory 102 , a processor 101 and a data acquisition port 103 . The memory 102 and the data acquisition port 103 are respectively coupled to the processor 101 .

其中,数据获取端口103在处理器101的控制下,获取至少一个外部传感器(图未示)反馈的传感数据,并输出至处理器101,以使得处理器101基于传感数据判断传感器是否为被攻击传感器,并在判断得到外部传感器为被攻击传感器时,进一步修复被攻击传感器所获取的传感数据。The data acquisition port 103, under the control of the processor 101, acquires sensor data fed back by at least one external sensor (not shown in the figure), and outputs it to the processor 101, so that the processor 101 determines whether the sensor is a sensor based on the sensor data. The attacked sensor, and when it is determined that the external sensor is the attacked sensor, the sensing data obtained by the attacked sensor is further repaired.

其中,存储器102包括本地储存(图未示),且存储有计算机程序,存储器102所存储的计算机程序被执行时可以实现图3至图8及其所对应的任意一个实施例中所述的智能化系统的防御方法。Wherein, the memory 102 includes local storage (not shown), and stores a computer program. When the computer program stored in the memory 102 is executed, it can realize the intelligent functions described in FIGS. 3 to 8 and any one of the corresponding embodiments. defensive methods of the system.

处理器101与存储器102耦接,处理器101用于运行计算机程序,以执行如上图3至图8及其对应的任意一个实施例中所述的智能化系统的防御方法。The processor 101 is coupled to the memory 102, and the processor 101 is used for running a computer program to execute the defense method for an intelligent system as described in any one of the above-mentioned FIG. 3 to FIG. 8 and their corresponding embodiments.

请参见图2,图2为本申请一种智能化系统一实施例中的结构示意图。在当前实施例中,本申请所提供的智能化系统200包括至少一个传感器201和防御装置202,其中,防御装置202为如图1及其所对应的任意一个实施例中所述的防御装置。其中,至少一个传感器201用于感知外部环境以采集获取到目标的传感数据,并将所获取的传感器数据反馈至防御装置202,防御装置202用于执行图3至图8及其所对应的任意一个实施例中所述的智能化系统的防御方法。Please refer to FIG. 2 , which is a schematic structural diagram of an embodiment of an intelligent system of the present application. In the current embodiment, the intelligent system 200 provided by the present application includes at least one sensor 201 and a defense device 202, wherein the defense device 202 is the defense device described in FIG. 1 and any one of the corresponding embodiments. Among them, at least one sensor 201 is used to sense the external environment to collect sensor data of the acquired target, and feed back the acquired sensor data to the defense device 202, and the defense device 202 is used to execute FIG. 3 to FIG. 8 and its corresponding The defense method of the intelligent system described in any one of the embodiments.

其中,在此并不限定智能化系统200所包括的传感器201的数量和类型,具体可以依据智能化系统200的实际应用场景以及实际功能需求进行设置。如在一实施例中,当智能化系统200为应用于无人驾驶汽车上的系统时,则智能化系统200中的传感器201至少包括位置传感器、激光雷达传感器、惯性测量单元中的至少一者。在另一实施例中,传感器201除去包括传统意义上的传感器还会包括用于获取外部环境参数的其他电路单元,如当智能化系统200为用于无人机上的系统时,则智能化系统200中的传感器201至少包括:距离传感器、高度传感器、扭力传感器、平衡传感器和图像获取单元中的一者。The number and types of sensors 201 included in the intelligent system 200 are not limited here, and may be specifically set according to the actual application scenarios and actual functional requirements of the intelligent system 200 . For example, in an embodiment, when the intelligent system 200 is a system applied to an unmanned vehicle, the sensor 201 in the intelligent system 200 at least includes at least one of a position sensor, a lidar sensor, and an inertial measurement unit . In another embodiment, the sensor 201 includes other circuit units for acquiring external environmental parameters in addition to sensors in the traditional sense. For example, when the intelligent system 200 is a system used on a drone, the intelligent system The sensor 201 in 200 includes at least one of a distance sensor, a height sensor, a torque sensor, a balance sensor and an image acquisition unit.

需要说明的是,在其他实施例中,图2中所阐述的传感器201也可以是直接集成至防御装置202中,具体在此不做限定。It should be noted that, in other embodiments, the sensor 201 illustrated in FIG. 2 may also be directly integrated into the defense device 202 , which is not specifically limited herein.

请参见图3,图3为本申请一种智能化系统的防御方法一实施例中的流程示意图。在当前实施例中,智能化系统的防御方法的执行主体是如上图1所述的一种防御装置。具体地,本申请所提供的方法包括步骤S310至步骤S330。Please refer to FIG. 3 , which is a schematic flowchart of an embodiment of a defense method for an intelligent system of the present application. In the current embodiment, the execution body of the defense method of the intelligent system is a defense device as described in FIG. 1 above. Specifically, the method provided by this application includes steps S310 to S330.

S310:基于至少一个传感器采集到的传感数据,得到至少一个传感器分别对应的特征信息。S310: Based on the sensing data collected by the at least one sensor, obtain feature information corresponding to the at least one sensor respectively.

当智能化系统应用的设备中的传感器感知外部环境并采集到传感数据之后,各个传感器会将所采集的传感数据反馈至防御装置,防御装置获取至少一个传感器采集到的传感数据,并在获取到传感数据之后对传感数据进行处理以获取得到至少一个传感器分别对应的特征信息。When the sensors in the equipment applied by the intelligent system perceive the external environment and collect the sensor data, each sensor will feed back the collected sensor data to the defense device, and the defense device obtains the sensor data collected by at least one sensor, and After the sensing data is acquired, the sensing data is processed to obtain characteristic information corresponding to at least one sensor respectively.

其中,进一步地,在一实施例中,至少一个传感器包括位置传感器、激光雷达传感器、惯性测量单元中的至少一者,在当前实施例中各传感器的采样周期为惯性测量单元(IMU)的最短采样周期,同时根据各个传感器的采样周期设定本申请所提供方法的循环周期。Further, in an embodiment, at least one sensor includes at least one of a position sensor, a lidar sensor, and an inertial measurement unit, and in the current embodiment, the sampling period of each sensor is the shortest of the inertial measurement unit (IMU). The sampling period is set, and the cycle period of the method provided by the present application is set according to the sampling period of each sensor.

更进一步地,特征信息为特征矢量。具体可以采用矩阵的形式进行表达各个传感器所对应的特征矢量。Furthermore, the feature information is a feature vector. Specifically, the feature vector corresponding to each sensor can be expressed in the form of a matrix.

进一步地,当至少一个传感器是按照设定的采样周期向防御装置反馈所采集到的传感数据时,则步骤S310中则是基于至少一个传感器在当前采样周期中采集到的传感数据,并对传感数据进行处理得到各个传感器各自对应的特征信息。其中,当智能化系统为应用于无人驾驶汽车上的系统时,则各个传感器的采样周期可以统一设置为惯性测量单元的最短采样周期。在另一实施例中,对于各个传感器的采样周期不做限定,仅仅对本申请所提供的方法循环周期做限定,在当前实施例中可以将所有传感器中最短采样周期定义为本申请所提供的方法的循环周期。其中,上述循环周期是指完整循环步骤S310至步骤S330的所需要的时长。Further, when at least one sensor feeds back the collected sensing data to the defense device according to the set sampling period, then step S310 is based on the sensing data collected by at least one sensor in the current sampling period, and The characteristic information corresponding to each sensor is obtained by processing the sensor data. Among them, when the intelligent system is a system applied to an unmanned vehicle, the sampling period of each sensor can be uniformly set as the shortest sampling period of the inertial measurement unit. In another embodiment, the sampling period of each sensor is not limited, but only the cycle period of the method provided in this application is limited. In the current embodiment, the shortest sampling period among all sensors can be defined as the method provided in this application. cycle period. Wherein, the above-mentioned cycle period refers to the time required for a complete cycle of steps S310 to S330.

更进一步,当传感器所获取到的传感数据可以用于直接反应目标的特征时,则可以直接将传感器采集到的传感数据输出作为该传感器对应的特征信息。反之,则会对各个传感器所获取的传感数据进行表达形式的转换,以获取到各个传感器分别对应的特征信息。Furthermore, when the sensing data acquired by the sensor can be used to directly reflect the characteristics of the target, the sensing data collected by the sensor can be directly output as the characteristic information corresponding to the sensor. On the contrary, the sensory data acquired by each sensor will be converted into the expression form, so as to acquire the feature information corresponding to each sensor.

S320:将各传感器的特征信息分别输入至相应传感器的攻击判断模型,以判断传感器是否为被攻击传感器。S320: Input the feature information of each sensor into the attack judgment model of the corresponding sensor, to judge whether the sensor is an attacked sensor.

在得到至少一个传感器各自对应的特征信息之后,会进一步将各传感器的特征信息分别输入至相应传感器的攻击判断模型,以判断当前传感器所获取的到的传感数据是否有无异常,进而根据判断结果确定各个传感器是否出现被攻击的情况。After the corresponding feature information of at least one sensor is obtained, the feature information of each sensor will be further input into the attack judgment model of the corresponding sensor to judge whether the sensing data obtained by the current sensor is abnormal, and then according to the judgment The results determine whether each sensor is under attack.

在另一实施例中,当各个传感器是按照设定周期向防御装置反馈传感数据,则步骤S320中则是将各个传感器当前周期的特征信息分别输入至相应传感器的攻击判断模型,进而根据攻击判断模型的输出结果判断传感器在当前周期内是否为被攻击传感器。In another embodiment, when each sensor feeds back sensing data to the defense device according to a set period, in step S320, the feature information of each sensor in the current period is respectively input into the attack judgment model of the corresponding sensor, and then according to the attack The output result of the judgment model judges whether the sensor is an attacked sensor in the current cycle.

在同一个智能化系统中,由于不同传感器之间会存在信息的交叉和冗余,信息之间的交叉和冗余的关系不随着外界环境的变化而变化,故可以通过预先构建互相关性判断模型来判断或辅助判断传感器是否被攻击。对应的,对于同一个传感器在不同时间段采集的传感数据也会存在基于时间不变的自相关性,故可以通过分别构建对应各个传感器的自相关性判断模型来判断或辅助判断各个传感器是否被攻击。基于此,上述攻击判断模型包括自相关性判断模型、互相关性判断模型中的至少一个。具体地,自相关性判断模型和互相关性判断模型可以是预先根据经验值建立的模型。其中,自相关性判断模型是根据同一个类型的传感器所获取的同一类传感数据或同一类传感数据所对应的特征信息之间的自相关性建立的判断模型,互相关性判断模型是根据不同类型的传感器所获取的不同类的传感数据之间的互相关性、或不同类传感数据所对应的特征信息之间的互相关性建立的判断模型。需要说明的是,在同一个智能化系统中,传感器在不同时刻获取的传感数据(或传感数据所对应的特征信息)之间的自相关性是相对不变的,具备互相关性的不同类型传感器在相同周期内获取的传感数据(或传感数据所对应的特征信息)之间的互相关性也是保持不变的。In the same intelligent system, since there will be overlap and redundancy of information between different sensors, and the relationship between the overlap and redundancy of information will not change with the change of the external environment, it can be judged by pre-constructing cross-correlation Model to judge or assist to judge whether the sensor is attacked. Correspondingly, for the sensor data collected by the same sensor in different time periods, there will also be time-invariant autocorrelation, so it can be judged or assisted by constructing the autocorrelation judgment model corresponding to each sensor. be attacked. Based on this, the above attack judgment model includes at least one of an autocorrelation judgment model and a cross-correlation judgment model. Specifically, the autocorrelation judgment model and the cross-correlation judgment model may be models established in advance based on empirical values. Among them, the autocorrelation judgment model is a judgment model established according to the autocorrelation between the same type of sensor data obtained by the same type of sensor or the feature information corresponding to the same type of sensor data, and the cross-correlation judgment model is A judgment model is established according to the cross-correlation between different types of sensory data acquired by different types of sensors, or the cross-correlation between the feature information corresponding to different types of sensory data. It should be noted that, in the same intelligent system, the autocorrelation between the sensing data (or the characteristic information corresponding to the sensing data) acquired by the sensor at different times is relatively invariable, and it has cross-correlation. The cross-correlation between the sensing data (or the characteristic information corresponding to the sensing data) acquired by different types of sensors in the same period also remains unchanged.

具体地,自相关性判断模型和互相关性判断模型可以是通过数学建模算法构建得到的,或者通过机器学习的算法训练求得的。故进一步地,在一实施例中,本申请所提供的方法还包括通过数学建模算法或机器学习算法构建攻击判断模型。可以理解的是,并不限定攻击判断模型的构建方法,在其他实施例中也可以采用其他类型的方法构建攻击判断模型。Specifically, the autocorrelation judgment model and the cross-correlation judgment model may be constructed through a mathematical modeling algorithm, or obtained through machine learning algorithm training. Therefore, further, in an embodiment, the method provided by the present application further includes constructing an attack judgment model through a mathematical modeling algorithm or a machine learning algorithm. It can be understood that the construction method of the attack judgment model is not limited, and other types of methods may also be used to construct the attack judgment model in other embodiments.

进一步地,在一实施例中,步骤S320可以是将各个传感器的特征信息分别输入至各自对应的自相关性判断模型或互相关性判断模型,进而判断得到各个传感器是否为被攻击传感器。在另一实施例中,步骤S320也可以是先将各个传感器的特征信息输入至各自对应的自相关性判断模型,并再将各个传感器的特征信息输入至各自对应的互相关性判断模型,以判断传感器是否为被攻击传感器。在又一实施例中,步骤S320中也可以是先将传感器的特征信息输入至传感器对应的互相关性判断模型,并在互相关性判断模型判断得到在当前周期内该传感器与其他的传感器之间的互相关性发生改变,则判断当前周期内该传感器为疑似被攻击传感器,并进一步将疑似被攻击传感器的特征信息输入至其对应的自相关性判断模型,以进一步判断疑似被攻击传感器是否为被攻击传感器。Further, in an embodiment, step S320 may be to input the feature information of each sensor into the corresponding autocorrelation judgment model or cross-correlation judgment model, and then determine whether each sensor is an attacked sensor. In another embodiment, in step S320, the characteristic information of each sensor may be input into the corresponding autocorrelation judgment model first, and then the characteristic information of each sensor is input into the corresponding cross-correlation judgment model, so as to Determine whether the sensor is an attacked sensor. In yet another embodiment, in step S320, the characteristic information of the sensor may also be input into the cross-correlation judgment model corresponding to the sensor, and the cross-correlation judgment model judges to obtain the relationship between the sensor and other sensors in the current cycle. If the cross-correlation between them changes, the sensor is judged to be a suspected attacked sensor in the current cycle, and the feature information of the suspected attacked sensor is further input into its corresponding autocorrelation judgment model to further judge whether the suspected attacked sensor is For the attacked sensor.

进一步地,当智能化系统中包括多种类型传感器时,多种类型传感器中有部分传感器之间是存在互相关性的,而有些传感器则与其他传感器不具备互相关性,故在执行步骤S320时,则可以先确定系统中所存储的当前传感器所对应的攻击判断模型的类型,然后再将传感器的特征信息输入至当前传感器已有的攻击判断模型的类型。如,当确定当前传感器只存在自相关性判断模型,则步骤S320中则直接默认选用自相关性判断模型进行判断传感器是否为被攻击传感器。Further, when the intelligent system includes multiple types of sensors, some of the multiple types of sensors have cross-correlation, while some sensors do not have cross-correlation with other sensors, so step S320 is executed. When the current sensor is stored in the system, the type of the attack judgment model corresponding to the current sensor can be determined first, and then the characteristic information of the sensor is input into the type of the existing attack judgment model of the current sensor. For example, when it is determined that the current sensor only has an autocorrelation judgment model, in step S320, the autocorrelation judgment model is directly selected by default to judge whether the sensor is an attacked sensor.

更进一步地,在又一实施例中,本申请所提供的技术方案中,智能化系统中可以同时设置多个用于判断传感器是否被攻击的判断模式供用户选择。如,可以根据整个判断流程的速度和准确性设置三种模式供用户选择执行,第一种是将传感器的特征信息输入至自相关判断模型,并根据自相关判断模型的判断结果确定传感器是否为被攻击传感器;第二种是将传感器的特征信息输入至传感器对应的互相关性判断模型,以根据互相关性判断模型的判断结果确定传感器是否为被攻击传感器;第三种是先将传感器的特征信息输入至传感器对应的自相关性判断模型,然后再将传感器的特征信息输入至传感器对应的互相关性判断模型,以结合自相关性判断模型的判断结果和互相关性判断模型的判断结果,确定传感器是否为被攻击传感器。Further, in yet another embodiment, in the technical solution provided by the present application, a plurality of judgment modes for judging whether the sensor is attacked can be set in the intelligent system at the same time for the user to select. For example, three modes can be set for the user to choose and execute according to the speed and accuracy of the entire judgment process. The first is to input the characteristic information of the sensor into the autocorrelation judgment model, and determine whether the sensor is a sensor according to the judgment result of the autocorrelation judgment model. The attacked sensor; the second is to input the characteristic information of the sensor into the corresponding cross-correlation judgment model of the sensor, so as to determine whether the sensor is the attacked sensor according to the judgment result of the cross-correlation judgment model; The feature information is input into the autocorrelation judgment model corresponding to the sensor, and then the feature information of the sensor is input into the cross-correlation judgment model corresponding to the sensor to combine the judgment result of the autocorrelation judgment model and the judgment result of the cross-correlation judgment model. , to determine whether the sensor is an attacked sensor.

在步骤S310之前,本申请所提供的方法还包括:获取基于至少一个传感器采集到的传感数据。在获取到至少一个传感器采集到的传感数据之后,进一步对传感数据进行转换处理以得到至少一个传感器分别对应的特征信息。Before step S310, the method provided by the present application further includes: acquiring sensing data collected based on at least one sensor. After acquiring the sensing data collected by the at least one sensor, the sensing data is further converted and processed to obtain feature information corresponding to the at least one sensor respectively.

S330:修复被攻击传感器的传感数据。S330: Repair the sensing data of the attacked sensor.

若在将各传感器的特征信息分别输入至相应传感器的攻击判断模型判断得到传感器为被攻击传感器之后,则会进一步修复被攻击传感器的传感数据。If the characteristic information of each sensor is input into the attack judgment model of the corresponding sensor and it is determined that the sensor is the attacked sensor, the sensing data of the attacked sensor will be further restored.

进一步地,若判断得到传感器当前周期内为被攻击传感器之后,则会进一步修复传感器当前周期内的传感数据。Further, if it is determined that the sensor in the current cycle is an attacked sensor, the sensor data in the current cycle of the sensor will be further repaired.

本申请图3所对应的实施例中所提供的技术方案,通过基于至少一个传感器采集到的传感数据得到至少一个传感器分别对应的特征信息,然后将各个传感器的特征信息分别输入至各个传感器对应的自相关性判断模型和/或互相关性判断模型,进而可以快速判断得到传感器是否为被攻击传感器,即通过在各个传感器向智能化系统反馈传感数据后,实时基于传感数据的自相关性和/或互相关性判断对应的传感器是否受到攻击,并在判断传感器受到攻击时快速修复被攻击传感器所对应的传感数据,较好地提高了智能化系统的防御能力和完全性。In the technical solution provided in the embodiment corresponding to FIG. 3 of the present application, the feature information corresponding to at least one sensor is obtained based on the sensing data collected by at least one sensor, and then the feature information of each sensor is input to the corresponding sensor data. The autocorrelation judgment model and/or the cross-correlation judgment model can be used to quickly judge whether the sensor is an attacked sensor. It can judge whether the corresponding sensor is attacked or not, and quickly repair the sensing data corresponding to the attacked sensor when judging that the sensor is attacked, which better improves the defense capability and completeness of the intelligent system.

在阐述下述各个实施例中所对应的方法流程之前,首先阐述攻击判断模型的构建过程。Before describing the corresponding method flows in the following embodiments, the construction process of the attack judgment model is first described.

具体地,以智能化系统为应用于自动驾驶汽车、且应用本申请所提供的方法对视觉感知部分的传感器进行安全防御为例阐述攻击判断模型的构建过程。其中,视觉感知部分包括目标检测和定位两个部分,其中,用于目标检测的传感器至少包括激光雷达传感器和图像获取单元,用于定位的传感器至少包括位置传感器(如GPS、北斗导航)和上述的激光雷达传感器。其中,位置传感器属于绝对定位,而其他类型的定位方式都需要在结构化的环境下提取相应环境的特征矢量。但是如若传感器一旦遭受外界的主动攻击,那么就会使得特征矢量丢失,进而会使得智能化系统的定位或目标检测出现失效等问题。例如,当图像获取单元受到强光攻击时,如若没有及时根据激光雷达传感器所采集到的传感数据恢复定位特征时,则会为自动驾驶的带来较大的安全隐患。而经过验证可以得知,当图像获取单元受到强光攻击时,利用本申请所提供的技术方案可以实时判断得出图像获取单元为被攻击传感器,并在判断图像获取单元为被攻击传感器时,快速恢复图像获取单元的传感数据或特征信息,可以较好地提高智能化系统的安全性。Specifically, the construction process of the attack judgment model is described by taking the intelligent system as an example that is applied to an autonomous vehicle and applies the method provided in the present application to perform security defense on the sensor of the visual perception part. Among them, the visual perception part includes two parts: target detection and positioning, wherein, the sensor used for target detection includes at least a lidar sensor and an image acquisition unit, and the sensor used for positioning includes at least a position sensor (such as GPS, Beidou navigation) and the above lidar sensor. Among them, the position sensor belongs to absolute positioning, and other types of positioning methods need to extract the feature vector of the corresponding environment in a structured environment. However, if the sensor is actively attacked by the outside world, the feature vector will be lost, which will make the positioning or target detection of the intelligent system fail. For example, when the image acquisition unit is attacked by strong light, if the positioning feature is not restored according to the sensing data collected by the lidar sensor in time, it will bring greater safety hazards to autonomous driving. After verification, it can be known that when the image acquisition unit is attacked by strong light, the technical solution provided by this application can be used to determine in real time that the image acquisition unit is the attacked sensor, and when it is determined that the image acquisition unit is the attacked sensor, Quickly recovering the sensor data or feature information of the image acquisition unit can better improve the security of the intelligent system.

激光雷达传感器用于采集获得激光点云信息并构建激光雷达地图。其中,激光雷达地图包括反射值地图和高度值地图。具体地,可以根据激光反射强度与激光高度等物理世界的特征量构建激光雷达地图,进而解算出激光雷达传感器的载体(车体)的相对位姿。利用激光点云数据匹配定位的实质是一个优化问题,只要是预先定义好用于定位的损失函数,那么求解最小的损失函数就是对载体定位的过程。图像对齐是用优化的方法求解航向角yaw,采用SSD-HF(SSD-Sum of Squared Difference Histogram Filter)的优化方法解算载体的坐标点x和y。(x,y)表示载体在激光雷达地图中的平面坐标点。载体的高度信息z直接从激光点云数据中获取,最后利用激光定位算法输出载体的位姿信息X(x,y,z,yaw)。Lidar sensors are used to collect and obtain laser point cloud information and build lidar maps. Among them, the lidar map includes a reflection value map and a height value map. Specifically, a lidar map can be constructed according to the feature quantities of the physical world such as laser reflection intensity and laser height, and then the relative pose of the carrier (vehicle body) of the lidar sensor can be calculated. The essence of matching and positioning using laser point cloud data is an optimization problem. As long as the loss function for positioning is pre-defined, then solving the minimum loss function is the process of positioning the carrier. Image alignment is to use the optimization method to solve the heading angle yaw, and use the optimization method of SSD-HF (SSD-Sum of Squared Difference Histogram Filter) to solve the coordinate points x and y of the carrier. (x,y) represents the plane coordinate point of the carrier in the lidar map. The height information z of the carrier is directly obtained from the laser point cloud data, and finally, the laser positioning algorithm is used to output the pose information X (x, y, z, yaw) of the carrier.

当搭载了激光雷达传感器的载体在一次扫描中观测到点云Lm,Lm在激光雷达坐标系下的位姿记为YLm,激光雷达传感器的载体相对于地图的坐标系为X(t),则根据激光雷达传感器的观测原理可写出激光雷达观测方程:When the carrier equipped with the lidar sensor observes the point cloud L m in one scan, the pose of L m in the lidar coordinate system is recorded as Y Lm , and the coordinate system of the lidar sensor carrier relative to the map is X(t ), then according to the observation principle of the lidar sensor, the lidar observation equation can be written:

Figure BDA0002531398980000111
Figure BDA0002531398980000111

其中,ρ为量测距离,α,β分别为激光雷达传感器发出的激光脉冲的量测角。H(t)表示激光雷达传感器的观测矩阵,v为量测噪声。Among them, ρ is the measurement distance, and α and β are the measurement angles of the laser pulses sent by the lidar sensor, respectively. H(t) represents the observation matrix of the lidar sensor, and v is the measurement noise.

如若激光雷达传感器一次扫描的点云数量为k,对应的当前激光雷达传感器一次扫描的点特征矢量观测方程组为:If the number of point clouds scanned by the lidar sensor in one scan is k, the corresponding point feature vector observation equations of the current lidar sensor in one scan are:

Figure BDA0002531398980000112
Figure BDA0002531398980000112

在定位任务中,激光雷达传感器的特征矢量可以表示为

Figure BDA0002531398980000113
在目标检测任务中,激光雷达传感器的特征向量可以表示为:
Figure BDA0002531398980000114
[X Y]T表示检测到的目标相对激光雷达传感器的载体(即车体)坐标系[0 0]T的位置,[h w]T表示检测框的高度和宽度,θ为检测框内是检测目标的置信度。其中,置信度是目标检测算法判定对象类别的概率指示,用于标识当前检测的目标类型的概率,如当检测任务是车辆时,则置信度所检测到的目标为车辆的概率。In the localization task, the feature vector of the lidar sensor can be expressed as
Figure BDA0002531398980000113
In the target detection task, the feature vector of the lidar sensor can be expressed as:
Figure BDA0002531398980000114
[XY] T represents the position of the detected target relative to the lidar sensor’s carrier (ie vehicle body) coordinate system [0 0] T , [hw] T represents the height and width of the detection frame, θ is the detection target within the detection frame confidence. Among them, the confidence is the probability indication of the target detection algorithm to determine the object category, which is used to identify the probability of the currently detected target type.

惯性测量单元(IMU)的特征矢量用

Figure BDA0002531398980000115
来表示,
Figure BDA0002531398980000116
其中[yaw pitch roll]T表示航向角、俯仰角和横滚角三姿态,[Vx Vy Vz]T表示三轴速度,[ax ay az]T表示三轴加速度,[wx wy wz]T表示三轴角速度。The eigenvectors of the inertial measurement unit (IMU) are used for
Figure BDA0002531398980000115
To represent,
Figure BDA0002531398980000116
Where [yaw pitch roll] T represents the three attitudes of heading angle, pitch angle and roll angle, [V x V y V z ] T represents the three-axis velocity, [a x a y a z ] T represents the three-axis acceleration, [w x w y w z ] T represents the triaxial angular velocity.

GPS特征矢量

Figure BDA0002531398980000121
x,y,z为车体的三维坐标。GPS feature vector
Figure BDA0002531398980000121
x, y, z are the three-dimensional coordinates of the vehicle body.

在当前实施例中,自动驾车车辆中的图像获取单元为车载摄像头,自动驾驶车辆通过车载摄像头采集车辆周围的图像。采集到的图片以RGB格式输入目标检测系统,智能化系统调用深度卷积神经网络算法对RGB图像进行特征提取,最终从RGB图像中提取的特征能有效描述目标物体的信息,目标物体检测结果用向量

Figure BDA0002531398980000122
表示。其中[Xv Yv]T表示目标物体在图像坐标系上的坐标值,[hω]T表示检测框的高度和宽度,v表示是利用深度卷积神经网络算法检测到的目标物体的类别编号,p表示目标物体的置信度。In the current embodiment, the image acquisition unit in the self-driving vehicle is an on-board camera, and the self-driving vehicle collects images around the vehicle through the on-board camera. The collected pictures are input into the target detection system in RGB format, and the intelligent system calls the deep convolutional neural network algorithm to extract the features of the RGB images. Finally, the features extracted from the RGB images can effectively describe the information of the target objects. vector
Figure BDA0002531398980000122
express. Where [X v Y v ] T represents the coordinate value of the target object on the image coordinate system, [hω] T represents the height and width of the detection frame, and v represents the category number of the target object detected by the deep convolutional neural network algorithm , p represents the confidence of the target object.

在求得各个传感器采集到的传感数据对应的特征矢量之后,进一步根据各个传感器采集到的传感数据对应的特征矢量,分别选用合适的相关性和自相关性表达方法,以分别建立各个传感器之间恒定不变的互相关性判断模型、及各个传感器基于时间不变的自相关性判断模型。在当前实施例中,用Correlation_space()表示互相关性判断模型的数学函数,Correlation_time()表示自相关性判断模型的数学函数,矩阵S_constant表示传感器之间固有的互相关性关系的矩阵表示,C_i表示编号为i的传感器在不同时刻的自相关性的矩阵表示,则互相关性的矩阵和自相关性的矩阵如下:After the feature vector corresponding to the sensing data collected by each sensor is obtained, further according to the feature vector corresponding to the sensing data collected by each sensor, appropriate correlation and autocorrelation expression methods are selected respectively to establish each sensor. The constant cross-correlation judgment model between them, and the time-invariant autocorrelation judgment model of each sensor. In the current embodiment, Correlation_space() represents the mathematical function of the cross-correlation judgment model, Correlation_time() represents the mathematical function of the auto-correlation judgment model, the matrix S_constant represents the matrix representation of the inherent cross-correlation relationship between sensors, and C_i The matrix representing the autocorrelation of the sensor numbered i at different times, the matrix of the cross-correlation and the matrix of the autocorrelation are as follows:

Figure BDA0002531398980000123
Figure BDA0002531398980000123

Figure BDA0002531398980000124
Figure BDA0002531398980000124

其中,s(a,b)表示的是传感器a和传感器b之间的特征互相关性,

Figure BDA0002531398980000131
表示的是编号为i的传感器的特征向量,c(ti,ti)表示该传感器在第i时刻和第j时刻的特征相关性。where s(a,b) represents the feature cross-correlation between sensor a and sensor b,
Figure BDA0002531398980000131
represents the feature vector of the sensor numbered i, and c(t i , t i ) represents the feature correlation of the sensor at the ith moment and the jth moment.

在本申请提供的技术方案中,首先会根据没有被攻击时各个传感器的特性对应设置预设互相关性矩阵和各个传感器所对应的预设自相关性矩阵,在智能化系统运行的过程中首先计算求得的传感器对应的特征相关性以求得对应的目标互相关性矩阵,以及求得传感器对应的自相关性以求得对应的目标自相关性矩阵,然后将所求得的目标互相关性矩阵与预设互相关性矩阵进行比对,以判断目标互相关性矩阵和预设互相关性矩阵是否一致,进而判断得到传感器是否被攻击;同理,在求得目标自相关性矩阵之后,将所求得的目标自相关性矩阵与预设自相关性矩阵进行比对,以判断目标自相关性矩阵与预设自相关性矩阵是否一致,进而判断得到传感器是否被攻击。In the technical solution provided by the present application, firstly, the preset cross-correlation matrix and the preset auto-correlation matrix corresponding to each sensor are correspondingly set according to the characteristics of each sensor when it is not attacked. Calculate the feature correlation corresponding to the obtained sensor to obtain the corresponding target cross-correlation matrix, and obtain the autocorrelation corresponding to the sensor to obtain the corresponding target autocorrelation matrix, and then calculate the obtained target cross-correlation Compare the target cross-correlation matrix with the preset cross-correlation matrix to determine whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix, and then determine whether the sensor is attacked; similarly, after obtaining the target auto-correlation matrix , compare the obtained target autocorrelation matrix with the preset autocorrelation matrix to determine whether the target autocorrelation matrix is consistent with the preset autocorrelation matrix, and then determine whether the sensor is attacked.

如若激光雷达传感器受到高重频脉冲激光器的干扰源进行距离攻击,各个传感器向防御装置反馈实时采集到的环境信息,分别对感知数据进行特征提取,分别采用时间相关性模型和空间相关性模型对提取的特征进行相关性的计算,分别得到各个传感器基于时间的目标自相关性矩阵C_1',C_2',C_3'…C_n',以及不同传感器之间的目标互相关性矩阵S';然后将所得的目标自相关性矩阵C_1',C_2',C_3'…C_n'和预设自相关性矩阵C_1,C_2,C_3…C_n进行比对,以判断目标自相关性矩阵和预设自相关性矩阵是否一致,若前后不一致,则初步判断当前传感器为被攻击传感;同理,如若经过比对得到目标互相关性矩阵S'和预设互相关性矩阵S不一致,则判断当前传感器中存在被攻击传感器。If the lidar sensor is attacked from a distance by the interference source of the high repetition frequency pulsed laser, each sensor feeds back the environmental information collected in real time to the defense device, and extracts the features of the sensing data respectively. The extracted features are subjected to correlation calculation to obtain the time-based target autocorrelation matrix C_1', C_2', C_3'...C_n' of each sensor, and the target cross-correlation matrix S' between different sensors; then the obtained The target autocorrelation matrix C_1', C_2', C_3'...C_n' is compared with the preset autocorrelation matrix C_1, C_2, C_3...C_n to judge whether the target autocorrelation matrix and the preset autocorrelation matrix are Consistent, if inconsistent, the current sensor is preliminarily judged to be attacked; similarly, if the target cross-correlation matrix S' is inconsistent with the preset cross-correlation matrix S after comparison, it is judged that there is an attacked sensor in the current sensor sensor.

在另一实施例中,也可以是在判断得到目标互相关性矩阵与预设互相关性矩阵不一致之后,再分别比较互相关性矩阵中的各个传感器的目标自相关性矩阵和预设自相关性矩阵是否一致,如若不一致则判断该传感器为被攻击传感器。当然在又一实施例中,也可以是通过目标自相关性矩阵和预设自相关性矩阵判断得到传感器为疑似被攻击传感器,再将对应的目标互相关性矩阵与对应的预设互相关性矩阵进行比对,以进一步确认疑似被攻击传感器是否为被攻击传感器。其中,以目标互相关性矩阵与对应的预设互相关性矩阵为例,将两个矩阵相减,并判断两个矩阵相减所得的矩阵中每个元素是否均为0,如若是,则判断得到目标互相关性矩阵与对应的预设互相关性矩阵一致,反之如若相减求得的矩阵中如下述S-S_constant一样存在元素不为零,则判断目标互相关性矩阵与对应的预设互相关性矩阵不一致,进而可以判断得到当前传感器为被攻击传感器或者是疑似被攻击传感器。In another embodiment, after judging that the target cross-correlation matrix is inconsistent with the preset cross-correlation matrix, the target auto-correlation matrix and the preset auto-correlation of each sensor in the cross-correlation matrix are compared respectively. Whether the matrix is consistent, if not, the sensor is judged to be the attacked sensor. Of course, in another embodiment, it is also possible to determine that the sensor is a suspected attacked sensor through the target autocorrelation matrix and the preset autocorrelation matrix, and then compare the corresponding target cross-correlation matrix with the corresponding preset cross-correlation matrix. The matrix is compared to further confirm whether the suspected attacked sensor is the attacked sensor. Wherein, taking the target cross-correlation matrix and the corresponding preset cross-correlation matrix as an example, the two matrices are subtracted, and it is judged whether each element in the matrix obtained by the subtraction of the two matrices is 0, and if so, then It is judged that the target cross-correlation matrix is consistent with the corresponding preset cross-correlation matrix. On the contrary, if there are elements other than zero in the matrix obtained by subtraction, such as the following S-S_constant, it is judged that the target cross-correlation matrix is consistent with the corresponding preset cross-correlation matrix. Assuming that the cross-correlation matrix is inconsistent, it can be determined that the current sensor is an attacked sensor or a suspected attacked sensor.

Figure BDA0002531398980000141
Figure BDA0002531398980000141

请参见图4,图4为本申请一种智能化系统的防御方法另一实施例中的流程示意图。在当前实施例中,上述图3中步骤S320将各传感器的特征信息分别输入至相应传感器的攻击判断模型,以判断传感器是否为被攻击传感器进一步包括步骤S401至步骤S404。Please refer to FIG. 4 , which is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application. In the current embodiment, step S320 in the above FIG. 3 inputs the characteristic information of each sensor into the attack judgment model of the corresponding sensor respectively, so as to judge whether the sensor is an attacked sensor, and further includes steps S401 to S404.

S401:分别以各传感器为目标传感器。S401: Take each sensor as a target sensor respectively.

分别以各传感器为目标传感器。其中,目标传感器指的是当前正在被判断是否为被攻击的传感器。目标传感器可以是智能化系统中所包括的任意一个传感器,在此不做限定。Take each sensor as the target sensor, respectively. Among them, the target sensor refers to the sensor that is currently being judged whether it is attacked. The target sensor may be any sensor included in the intelligent system, which is not limited here.

S402:将目标传感器对应的特征信息输入至目标传感器的自相关性判断模型,以判断目标传感器的特征信息是否不符合预设自相关性。S402: Input the feature information corresponding to the target sensor into the autocorrelation judgment model of the target sensor to judge whether the feature information of the target sensor does not conform to the preset autocorrelation.

在求得至少一个传感器对应的特征信息并确定了某一个传感器为目标传感器之后,进一步将基于目标传感器所采集到的传感数据求得的特征信息,输入至目标传感器的自相关性判断模型,进而判断目标传感器的特征信息是否不符合预设自相关性。After the characteristic information corresponding to at least one sensor is obtained and a certain sensor is determined as the target sensor, the characteristic information obtained based on the sensor data collected by the target sensor is further input into the autocorrelation judgment model of the target sensor, Then, it is judged whether the feature information of the target sensor does not conform to the preset autocorrelation.

S403:进一步将目标传感器所对应的特征信息输入至目标传感器所对应的互相关性判断模型,以判断目标传感器的特征信息是否不符合预设互相关性。S403: Further input the feature information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor, so as to determine whether the feature information of the target sensor does not conform to the preset cross-correlation.

若判断得到目标传感器的特征信息不符合预设自相关性,则说明当前的传感器所获取到的特征信息的传感器疑似被攻击。故在当前实施例中,当判断得到目标传感器的特征信息不符合预设自相关性之后,会进一步将目标传感器所对应的特征信息输入至目标传感器所对应的互相关性判断模型,以判断目标传感器的特征是否不符合预设互相关性,进而进一步确认目标传感器是否为被攻击传感器。If it is determined that the characteristic information of the target sensor does not conform to the preset autocorrelation, it means that the sensor of the characteristic information obtained by the current sensor is suspected to be attacked. Therefore, in the current embodiment, after it is determined that the characteristic information of the target sensor does not conform to the preset autocorrelation, the characteristic information corresponding to the target sensor will be further input into the cross-correlation judgment model corresponding to the target sensor to determine the target. Whether the characteristics of the sensor do not meet the preset cross-correlation, and then further confirm whether the target sensor is the attacked sensor.

进一步地,在一实施例中,同一传感器可具备多个互相关性判断模型,进而步骤S403中则会将目标传感器所对应的特征信息分别输入至目标传感器所对应的多个互相关性判断模型,以判断目标传感器的特征信息是否不符合预设互相关性。其中,当多个互相关性判断模型判断得到目标传感器的特征信息均满足预设互相关性,则判断得到目标传感器的特征信息符合预设互相关性,反之,如若有至少一个互相关性判断模型判断得到目标传感器的特征信息不符合预设互相关性,则判断得到目标传感器的特征信息不符合预设互相关性。Further, in one embodiment, the same sensor may have multiple cross-correlation judgment models, and in step S403, the feature information corresponding to the target sensor is input into the multiple cross-correlation judgment models corresponding to the target sensor respectively. , to determine whether the feature information of the target sensor does not conform to the preset cross-correlation. Among them, when the characteristic information of the target sensor determined by multiple cross-correlation judgment models all meet the preset cross-correlation, it is determined that the characteristic information of the target sensor is in line with the preset cross-correlation, otherwise, if there is at least one cross-correlation judgment If the model determines that the characteristic information of the target sensor does not conform to the preset cross-correlation, then it is determined that the characteristic information of the target sensor does not conform to the preset cross-correlation.

S404:确定目标传感器为被攻击传感器。S404: Determine the target sensor as the attacked sensor.

若判断得到目标传感器的特征信息不符合预设互相关性,则确定当前目标传感器为被攻击传感器,并在判断得到目标传感器为被攻击传感器时进一步修复目标传感器的传感数据,其中,关于传感数据的修复过程可以参见下图8及其所对应的任意一个实施例所述的内容。If it is determined that the characteristic information of the target sensor does not conform to the preset cross-correlation, the current target sensor is determined to be the attacked sensor, and the sensing data of the target sensor is further repaired when it is determined that the target sensor is the attacked sensor. For the restoration process of the sensory data, refer to the content described in FIG. 8 and any one of the corresponding embodiments below.

在图4所对应的实施例中,通过将目标传感器对应的特征信息输入至目标传感器的自相关性判断模型,并在判断得到目标传感器的特征信息不符合预设自相关性时,进一步将目标传感器所对应的特征信息输入至目标传感器所对应的互相关性判断模型,以判断目标传感器的特征信息是否不符合预设互相关性,若目标传感器的特征信息不符合预设互相关性,则确定目标传感器为被攻击传感器。即同时基于自相关性和互相关性来判断传感器是否为被攻击传感器,可以实现较为准确的判断传感器是否为被攻击传感器,进一步提高了智能化系统防御的准确性。In the embodiment corresponding to FIG. 4 , the feature information corresponding to the target sensor is input into the autocorrelation judgment model of the target sensor, and when it is determined that the feature information of the target sensor does not conform to the preset autocorrelation, the target sensor is further The feature information corresponding to the sensor is input into the cross-correlation judgment model corresponding to the target sensor to determine whether the feature information of the target sensor does not meet the preset cross-correlation, if the feature information of the target sensor does not meet the preset cross-correlation, then Determine the target sensor as the attacked sensor. That is, to judge whether a sensor is an attacked sensor based on autocorrelation and cross-correlation at the same time, it can achieve a more accurate judgment of whether the sensor is an attacked sensor, and further improve the accuracy of intelligent system defense.

请参见图5,图5为本申请一种智能化系统的防御方法又一实施例中的流程示意图。首先需要说明的是,介于自相关性和互相关性相对稳定的特性,在图5所对应的实施例中,也可以是单独基于自相关性判断模型的判断结果判断传感器是否为被攻击传感器。在当前实施例中,图3中步骤S320将各传感器的特征信息分别输入至相应传感器的攻击判断模型,以判断传感器是否为被攻击传感器进一步包括步骤S501至步骤S502。Please refer to FIG. 5 , which is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application. First of all, it should be noted that due to the relatively stable characteristics of autocorrelation and cross-correlation, in the embodiment corresponding to FIG. 5 , it is also possible to determine whether the sensor is an attacked sensor based solely on the judgment result of the autocorrelation judgment model. . In the current embodiment, step S320 in FIG. 3 inputs the characteristic information of each sensor into the attack judgment model of the corresponding sensor respectively, so as to judge whether the sensor is an attacked sensor, and further includes steps S501 to S502.

S501:分别以各传感器为目标传感器。S501: Take each sensor as a target sensor respectively.

分别以各个传感器为目标传感器,以分别判断各个传感器是否被攻击。Each sensor is used as a target sensor to judge whether each sensor is attacked.

S502:将目标传感器对应的特征信息输入至目标传感器的自相关性判断模型,以判断目标传感器的特征信息是否不符合预设自相关性,若是,则确定目标传感器为被攻击传感器。S502: Input the feature information corresponding to the target sensor into the autocorrelation judgment model of the target sensor to judge whether the feature information of the target sensor does not conform to the preset autocorrelation, and if so, determine that the target sensor is an attacked sensor.

在当前实施例中,将目标传感器对应的特征信息输入至目标传感器的自相关性判断模型,直接基于自相关性判断模型的判断结果直接判断得到目标传感器是否为被攻击传感器。当目标传感器当前的特征信息不符合自相关性,则判断得到当前目标传感器为被攻击传感器。具体地,可以是计算求得的目标传感器的目标自相关性矩阵,并将目标自相关性矩阵与预设自相关性矩阵进行比对,并基于两个矩阵是否相同的判断结果确定当前传感器是否为被攻击传感器。若相同则判断当前目标传感器正常,反之,则判断当前目标传感器为被攻击传感器。In the current embodiment, the feature information corresponding to the target sensor is input into the autocorrelation judgment model of the target sensor, and whether the target sensor is an attacked sensor is directly judged based on the judgment result of the autocorrelation judgment model. When the current feature information of the target sensor does not conform to the autocorrelation, it is determined that the current target sensor is the attacked sensor. Specifically, the target autocorrelation matrix of the target sensor can be calculated and obtained, the target autocorrelation matrix is compared with the preset autocorrelation matrix, and whether the current sensor is determined based on the judgment result of whether the two matrices are the same For the attacked sensor. If it is the same, it is judged that the current target sensor is normal; otherwise, it is judged that the current target sensor is the attacked sensor.

在另一实施例中,步骤S320也可以包括:分别以各传感器为目标传感器,将目标传感器所对应的特征信息输入至目标传感器所对应的互相关性判断模型,以判断目标传感器的特征信息是否不符合预设互相关性,若是,则确定目标传感器为被攻击传感器。具体地,可以是计算求得的目标传感器以及与目标传感器具备相关的其他传感器之间的目标互相关性矩阵,并将目标互相关性矩阵与预设互相关性矩阵进行比对,并基于两个矩阵是否相同的判断结果确定当前传感器是否为被攻击传感器。若相同则判断当前目标传感器正常,反之,则判断当前目标传感器为被攻击传感器。In another embodiment, step S320 may also include: taking each sensor as the target sensor, and inputting the feature information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to determine whether the feature information of the target sensor is Does not meet the preset cross-correlation, if yes, then determine that the target sensor is the attacked sensor. Specifically, the target cross-correlation matrix between the target sensor and other sensors related to the target sensor can be calculated, and the target cross-correlation matrix is compared with the preset cross-correlation matrix, and based on the two The judgment result of whether the two matrices are the same determines whether the current sensor is the attacked sensor. If it is the same, it is judged that the current target sensor is normal; otherwise, it is judged that the current target sensor is the attacked sensor.

请参见图6,图6为本申请一种智能化系统的防御方法再一实施例中的流程示意图。在当前实施例中,上述步骤将目标传感器对应的特征信息输入至目标传感器的自相关性判断模型,以判断目标传感器的特征信息是否不符合预设自相关性,进一步包括步骤S601至步骤S603。Please refer to FIG. 6 , which is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application. In the current embodiment, the above steps input the feature information corresponding to the target sensor into the autocorrelation judgment model of the target sensor to determine whether the feature information of the target sensor does not conform to the preset autocorrelation, and further includes steps S601 to S603.

S601:基于目标传感器对应特征信息,获得目标传感器的目标自相关性矩阵。S601: Obtain a target autocorrelation matrix of the target sensor based on the corresponding feature information of the target sensor.

在获取得到目标传感器对应的特征信息之后,进一步基于目标传感器对应的特征信息,转换获得目标传感器的目标自相关性矩阵。After the characteristic information corresponding to the target sensor is obtained, the target autocorrelation matrix of the target sensor is obtained by conversion based on the characteristic information corresponding to the target sensor.

S602:判断目标自相关性矩阵与目标传感器的预设自相关性矩阵是否一致。S602: Determine whether the target autocorrelation matrix is consistent with the preset autocorrelation matrix of the target sensor.

由于同一个传感器在不同时间段内所获取的传感数据的自相关性会保持不变,故与传感器的特征信息相对应的自相关性矩阵会保持不变,故在获得目标传感器的目标自相关性矩阵之后,可通过将目标自相关性矩阵与目标传感器的预设自相关性矩阵进行比对,进而判断得到目标自相关性矩阵与目标传感器的预设自相关性矩阵是否一致。Since the autocorrelation of the sensing data acquired by the same sensor in different time periods will remain unchanged, the autocorrelation matrix corresponding to the feature information of the sensor will remain unchanged. After the correlation matrix is obtained, by comparing the target autocorrelation matrix with the preset autocorrelation matrix of the target sensor, it can be judged whether the obtained target autocorrelation matrix is consistent with the preset autocorrelation matrix of the target sensor.

S603:若否,则判断目标传感器的特征信息不符合预设自相关性。S603: If no, determine that the feature information of the target sensor does not conform to the preset autocorrelation.

若经过比对得知,目标自相关性矩阵与目标传感器的预设自相关性矩阵不一致,则判断得到目标传感器的特征信息不符合预设自相关性;反之,如若经过比对得知目标自相关性矩阵与目标传感器的预设自相关性矩阵一致,则判断得到目标传感器的特征信息符合预设自相关性。具体地,在一实施例中可以通过将目标自相关性矩阵与目标传感器的预设自相关性矩阵相减,判断相减所得的矩阵中的每个元素是否为零来判断目标自相关性矩阵与预设自相关性矩阵是否一致,如若,相减所得的矩阵中每个元素均为0,则判断目标自相关性矩阵与预设自相关性矩阵一致,反之,则判断目标自相关性矩阵与预设自相关性矩阵不一致。If it is found through comparison that the target autocorrelation matrix is inconsistent with the preset autocorrelation matrix of the target sensor, it is judged that the characteristic information of the target sensor does not conform to the preset autocorrelation; If the correlation matrix is consistent with the preset autocorrelation matrix of the target sensor, it is judged that the characteristic information of the target sensor conforms to the preset autocorrelation matrix. Specifically, in one embodiment, the target autocorrelation matrix can be determined by subtracting the target autocorrelation matrix from the preset autocorrelation matrix of the target sensor, and determining whether each element in the matrix obtained by the subtraction is zero. Whether it is consistent with the preset autocorrelation matrix. If each element in the matrix obtained by subtraction is 0, it is judged that the target autocorrelation matrix is consistent with the preset autocorrelation matrix. Otherwise, the target autocorrelation matrix is judged. Inconsistent with the preset autocorrelation matrix.

请参见图7,图7为本申请一种智能化系统的防御方法另一实施例中的流程示意图。在当前实施例中,上述步骤将目标传感器所对应的特征信息输入至目标传感器所对应的互相关性判断模型,以判断目标传感器的特征信息是否不符合预设互相关性,进一步包括步骤S701至步骤S703。Please refer to FIG. 7 , which is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application. In the current embodiment, the above steps input the feature information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to determine whether the feature information of the target sensor does not conform to the preset cross-correlation, and further includes steps S701 to Step S703.

S701:基于目标传感器所对应的特征信息、至少一个其他传感器所对应的特征信息,得到目标传感器的目标互相关性矩阵。S701: Obtain a target cross-correlation matrix of the target sensor based on the feature information corresponding to the target sensor and the feature information corresponding to at least one other sensor.

其中,其他传感器为与目标传感器具有互相关性的传感器。其他传感器可以是预先根据各个传感器之间的互相关性进行预设的,在此不做限定。Among them, other sensors are sensors that have cross-correlation with the target sensor. Other sensors may be preset according to the cross-correlation between each sensor, which is not limited herein.

故基于目标传感器所对应的特征信息、至少一个其他传感器所对应的特征信息,得到目标传感器的目标互相关性矩阵。其中,在此对于其他传感器的数量不做限定,具体可以基于需求以及传感器之间互相关性进行设置。Therefore, based on the characteristic information corresponding to the target sensor and the characteristic information corresponding to at least one other sensor, the target cross-correlation matrix of the target sensor is obtained. Wherein, the number of other sensors is not limited here, and may be specifically set based on requirements and the cross-correlation between sensors.

进一步地,在另一实施例中,当各个传感器是按照设定的周期进行采集传感数据时,则步骤S701中则是基于目标传感器在当前周期内所对应的特征信息、至少一个其他传感器在与目标传感器的周期相对应的周期内的特征信息,求得当前周期内目标传感器的互相关性矩阵。Further, in another embodiment, when each sensor collects sensing data according to a set period, then step S701 is based on the characteristic information corresponding to the target sensor in the current period, and at least one other sensor is in the current period. The characteristic information in the period corresponding to the period of the target sensor is used to obtain the cross-correlation matrix of the target sensor in the current period.

在又一实施例中,当同一个传感器与多个不同传感器之间分别具备不同的相关性时,则步骤S701中则可以求得对应目标传感器的多个目标互相关性矩阵。In yet another embodiment, when the same sensor has different correlations with multiple different sensors, in step S701, multiple target cross-correlation matrices corresponding to the target sensor may be obtained.

S702:获取目标传感器与至少一个其他传感器之间的预设互相关性矩阵,判断目标互相关性矩阵和预设互相关性矩阵是否一致。S702: Acquire a preset cross-correlation matrix between the target sensor and at least one other sensor, and determine whether the target cross-correlation matrix and the preset cross-correlation matrix are consistent.

其中,需要说明的是,在本申请所提供的技术方案中,会将预设互相关性矩阵与各个传感器的属性身份信息进行关联保存。故可以直接基于目标传感器的信息,直接获取目标传感器与至少一个其他传感器之间的预设互相关性矩阵,将所求得的当前周期内目标传感器的目标互相关性矩阵与预设互相关性矩阵进行比对,以判断目标互相关性矩阵和预设互相关性矩阵是否一致。It should be noted that, in the technical solution provided by the present application, the preset cross-correlation matrix and the attribute identity information of each sensor are associated and stored. Therefore, based on the information of the target sensor, the preset cross-correlation matrix between the target sensor and at least one other sensor can be directly obtained, and the obtained target cross-correlation matrix of the target sensor in the current cycle can be compared with the preset cross-correlation matrix. The matrices are compared to determine whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix.

S703:若否,则判断目标传感器的特征信息不符合预设互相关性。S703: If no, determine that the feature information of the target sensor does not conform to the preset cross-correlation.

若判断目标互相关性矩阵和预设互相关性矩阵不一致,则判断得到目标传感器的特征信息不符合预设互相关性;反之,如若判断目标互相关性矩阵和预设互相关性矩阵一致,则判断得到目标传感器的特征信息符合预设的互相关性。If it is judged that the target cross-correlation matrix is inconsistent with the preset cross-correlation matrix, it is judged that the characteristic information of the target sensor does not conform to the preset cross-correlation; on the contrary, if it is judged that the target cross-correlation matrix and the preset cross-correlation matrix are consistent, Then it is judged that the characteristic information of the target sensor conforms to the preset cross-correlation.

进一步地,图3中的步骤S330中的修复被攻击传感器的传感数据,进一步包括:利用矩阵分解的建模方法修复被攻击传感器的传感数据。在当前实施例中,采用矩阵分解的建模方法可以实现快速修复被攻击传感器的传感数据,提高了算法的执行效率。可以理解的是,在其他实施例中也可以利用其他的方法修复被攻击传感器的传感数据,如还可以采用核范数松弛的建模方法修复被攻击传感器的传感数据。Further, repairing the sensing data of the attacked sensor in step S330 in FIG. 3 further includes: using a matrix decomposition modeling method to repair the sensing data of the attacked sensor. In the current embodiment, the matrix decomposition modeling method can be used to quickly repair the sensing data of the attacked sensor, which improves the execution efficiency of the algorithm. It can be understood that, in other embodiments, other methods can also be used to repair the sensing data of the attacked sensor, for example, a nuclear norm relaxation modeling method can also be used to repair the sensing data of the attacked sensor.

请参见图8,图8为本申请一种智能化系统的防御方法再一实施例中的流程示意图。在图8所对应的实施例中,上述步骤利用矩阵分解的建模方法修复被攻击传感器的传感数据进一步包括步骤S801至步骤S804。Please refer to FIG. 8 , which is a schematic flowchart of another embodiment of a defense method for an intelligent system of the present application. In the embodiment corresponding to FIG. 8 , the above-mentioned steps further include steps S801 to S804 to repair the sensing data of the attacked sensor by using the modeling method of matrix decomposition.

S801:基于被攻击传感器的特征信息、其他传感器的特征信息,建立原始感知信号矩阵。S801: Establish an original perception signal matrix based on the characteristic information of the attacked sensor and the characteristic information of other sensors.

其中,其他传感器为与被攻击传感器具有互相关性的传感器。Among them, other sensors are sensors that have cross-correlation with the attacked sensor.

S802:利用原始感知信号矩阵和矩阵补全数学模型,构建感知信号矩阵。其中,矩阵补全数学模型为预设的用于补全矩阵的模型。S802: Use the original sensory signal matrix and the matrix to complete the mathematical model to construct a sensory signal matrix. Wherein, the matrix completion mathematical model is a preset model used to complete the matrix.

S803:将感知信号矩阵分解为至少两个相乘的低秩矩阵。S803: Decompose the sensing signal matrix into at least two multiplied low-rank matrices.

在当前实施例中,矩阵分解为基于现有的矩阵分解的方法进行分解,在此不做限定。In the current embodiment, the matrix decomposition is performed based on an existing matrix decomposition method, which is not limited herein.

S804:采样交替方向乘子法或分块坐标下降算法分别求解感知信号矩阵,以获取修复后的传感数据。S804: The sampling alternating direction multiplier method or the block coordinate descent algorithm respectively solves the sensing signal matrix, so as to obtain the restored sensing data.

基于图8所对应的传感数据的修复部分,在一实施例中,当检测得到某个传感器被攻击时,基于当前传感器的特征信息、其他传感器的特征信息,建立原始感知信号矩阵M。其中,原始感知信号矩阵M中所包括的未被攻击的传感器对应的特征信息元素的集合可称为指标集,原始感知信号矩阵M中所包括的被攻击的传感器的特征信息可称为缺失元素。根据所建立的原始感知信号矩阵M,建立矩阵补全数学模型,以重构感知信号矩阵X。Based on the repairing part of the sensing data corresponding to FIG. 8 , in an embodiment, when it is detected that a certain sensor is attacked, the original sensing signal matrix M is established based on the feature information of the current sensor and the feature information of other sensors. The set of feature information elements corresponding to the unattacked sensors included in the original perception signal matrix M may be called an index set, and the feature information of the attacked sensors included in the original perception signal matrix M may be called missing elements . According to the established original sensory signal matrix M, a matrix completion mathematical model is established to reconstruct the sensory signal matrix X.

在当前实施例中,基于矩阵分解的建模方法的基本思路是:将原始感知信号矩阵分解为两个低秩矩阵的乘积,从而避免了复杂的矩阵奇异值分解,加速了算法的执行效率。具体地,采用矩阵分解的矩阵补全问题建模为如公式1的形式:In the current embodiment, the basic idea of the modeling method based on matrix decomposition is to decompose the original sensory signal matrix into the product of two low-rank matrices, thereby avoiding complex matrix singular value decomposition and accelerating the execution efficiency of the algorithm. Specifically, the matrix completion problem using matrix factorization is modeled as in Equation 1:

Figure BDA0002531398980000201
Figure BDA0002531398980000201

其中,k是预测的矩阵秩界。上述模型采用分块坐标下降算法(俗称交替最小化算法)求解,具体可以通过预先获取合适的k值,进而实现利用该模型可以在较小的时间复杂度内获得精度较高的解。where k is the predicted matrix rank bound. The above model is solved by the block coordinate descent algorithm (commonly known as the alternating minimization algorithm). Specifically, the appropriate k value can be obtained in advance, and then the model can be used to obtain a high-precision solution with a small time complexity.

在实验过程中,合成数据和真实数据集上的实验结果均表明,上述基于矩阵分解的思想的矩阵双分解模型无论是补全精度还是收敛速度都有显著的提高。具体可以进一步将上述公式1中的模型简化为公式2:During the experiment, the experimental results on synthetic data and real data sets show that the above-mentioned matrix double factorization model based on the idea of matrix factorization can significantly improve both the completion accuracy and the convergence speed. Specifically, the model in Equation 1 above can be further simplified into Equation 2:

Figure BDA0002531398980000202
Figure BDA0002531398980000202

公式2对应的模型可以采用交替方向乘子法进行求解。此外,文献已经证明:对任意秩为r的矩阵X∈Rn1×n2,若k>r,有如下如图公式3所示意的等式成立:The model corresponding to Equation 2 can be solved by the alternating direction multiplier method. In addition, the literature has proved that for any matrix X∈Rn1×n2 of rank r, if k>r, the following equation as shown in Equation 3 holds:

Figure BDA0002531398980000203
Figure BDA0002531398980000203

在另一实施例中,标准矩阵补全问题也可以直接建模为下述公式4中的形式:In another embodiment, the standard matrix completion problem can also be directly modeled in the following form in Equation 4:

Figure BDA0002531398980000204
Figure BDA0002531398980000204

其中,对于公式4中的模型可以直接采用分块坐标下降算法快速求解。在一实施例中,由于问题非凸,故为了避免出现存在非全局最优的驻点解,求取如下述公式5所示意的较为宽松的条件下的解。Among them, the model in formula 4 can be directly solved by the block coordinate descent algorithm. In one embodiment, since the problem is non-convex, in order to avoid the existence of non-globally optimal stagnation point solutions, a solution under relatively loose conditions as shown in Equation 5 below is obtained.

||PΩ(M-LQ)||≤λ 公式5||P Ω (M-LQ)||≤λ Equation 5

经过求解得到上述问题的解

Figure BDA0002531398980000211
即为全局最优解,然后通过
Figure BDA0002531398980000212
中对应的值来填充原始感知信号矩阵M中缺失的部分。The solution to the above problem is obtained by solving
Figure BDA0002531398980000211
is the global optimal solution, and then by
Figure BDA0002531398980000212
to fill in the missing part in the original sensory signal matrix M.

对于图8所对应的实施例中的所提供的方法,经过以激光雷达传感器被攻击传感器为例进行数据修复可以得知,本申请所提供的利用矩阵分解和矩阵补全的方法能够较好的恢复被攻击缺失的感知目标。经过验证可以得知,对于大约50000个点云数据的激光雷达数据,检测和恢复实验在单核CPU上仅仅只需要秒级。而如若采用多核CPU进行处理,或者进一步对数据修复部分的算法继续进行后期优化,可以进一步大幅降低处理时间,使智能化系统的防御技术更为实时高效。For the method provided in the embodiment corresponding to FIG. 8 , it can be known that the method using matrix decomposition and matrix completion provided by the present application can be better Restores the sensed target that was missing from the attack. After verification, it can be seen that for the lidar data of about 50,000 point cloud data, the detection and recovery experiments only take seconds on a single-core CPU. However, if a multi-core CPU is used for processing, or the algorithm of the data repair part is further optimized in the later stage, the processing time can be further greatly reduced, and the defense technology of the intelligent system can be more real-time and efficient.

本申请所提供的技术方案通过研究不同传感器之间信息的交叠关系和语义相关性,建立互相关性判断模型和/或自相关性判断模型,进而实现基于传感数据之间的互相关性和/或传感数据的自相关性实时判断智能化系统是否受到的攻击,并在判断得到智能化系统受到攻击时,采用矩阵分解建模的方法对因受到攻击而失真的传感数据进行高精度恢复,实现了实时攻击防御与高精度数据恢复,并形成一套完整的以检测传感器是否为被攻击传感器与数据恢复算法为核心的攻击防御方案。The technical solution provided by this application establishes a cross-correlation judgment model and/or an auto-correlation judgment model by studying the overlapping relationship and semantic correlation of information between different sensors, thereby realizing the cross-correlation based on sensor data. and/or the autocorrelation of the sensing data to determine whether the intelligent system is under attack in real time, and when it is judged that the intelligent system is under attack, the method of matrix decomposition modeling is used to analyze the sensor data distorted by the attack. Accuracy recovery realizes real-time attack defense and high-precision data recovery, and forms a complete set of attack defense solutions centered on detecting whether a sensor is an attacked sensor and data recovery algorithms.

参见图9,图9为本申请一种存储介质一实施例结构示意图。该存储介质900存储有能够被处理器运行的计算机程序901,该计算机程序901用于实现如上图3至图8及其对应的任意一个实施例中所描述的智能化系统的防御方法。具体地,上述存储介质900可以是存储器、个人计算机、服务器、网络设备,或者U盘等其中的一种,具体在此不做任何限定。Referring to FIG. 9, FIG. 9 is a schematic structural diagram of an embodiment of a storage medium of the present application. The storage medium 900 stores a computer program 901 that can be executed by the processor, and the computer program 901 is used to implement the defense method of the intelligent system as described in FIG. 3 to FIG. 8 and any one of the corresponding embodiments. Specifically, the above-mentioned storage medium 900 may be one of a memory, a personal computer, a server, a network device, or a USB flash drive, which is not specifically limited herein.

以上所述仅为本申请的实施方式,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above description is only an embodiment of the present application, and is not intended to limit the scope of the patent of the present application. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present application, or directly or indirectly applied to other related technologies Fields are similarly included within the scope of patent protection of this application.

Claims (12)

1. A method of defending an intelligent system, the method comprising:
acquiring characteristic information corresponding to at least one sensor based on sensing data acquired by the at least one sensor;
respectively inputting the characteristic information of each sensor into an attack judgment model of the corresponding sensor to judge whether the sensor is an attacked sensor, wherein the attack judgment model comprises at least one of an autocorrelation judgment model and a cross correlation judgment model;
And if so, repairing the sensing data of the attacked sensor.
2. The method of claim 1, wherein the characteristic information of each sensor is input to an attack determination model of the corresponding sensor to determine whether the sensor is an attacked sensor, further comprising:
respectively taking each sensor as a target sensor;
inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor so as to judge whether the characteristic information of the target sensor does not accord with preset autocorrelation;
if so, further inputting the feature information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to judge whether the feature information of the target sensor does not accord with preset cross-correlation;
and if the characteristic information of the target sensor does not accord with the preset cross correlation, determining that the target sensor is the attacked sensor.
3. The method of claim 1, wherein the characteristic information of each sensor is input to an attack determination model of the corresponding sensor to determine whether the sensor is an attacked sensor, further comprising:
Respectively taking each sensor as a target sensor;
inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor to judge whether the characteristic information of the target sensor does not accord with preset autocorrelation, and if so, determining that the target sensor is the attacked sensor; or,
inputting the characteristic information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to judge whether the characteristic information of the target sensor does not accord with preset cross-correlation, and if so, determining that the target sensor is the attacked sensor.
4. The method according to claim 2 or 3, wherein the inputting the feature information corresponding to the target sensor into the auto-correlation determination model of the target sensor to determine whether the feature information of the target sensor does not conform to the preset auto-correlation further comprises:
obtaining a target autocorrelation matrix of the target sensor based on the corresponding characteristic information of the target sensor;
judging whether the target autocorrelation matrix is consistent with a preset autocorrelation matrix of the target sensor;
If not, judging that the characteristic information of the target sensor does not accord with the preset autocorrelation.
5. The method according to claim 2 or 3, wherein the inputting the feature information corresponding to the target sensor into the cross-correlation determination model corresponding to the target sensor to determine whether the feature information of the target sensor does not conform to a preset cross-correlation further comprises:
obtaining a target cross-correlation matrix of the target sensor based on the characteristic information corresponding to the target sensor and the characteristic information corresponding to at least one other sensor; wherein the other sensor is the sensor having a cross-correlation with the target sensor;
acquiring a preset cross-correlation matrix between the target sensor and the at least one other sensor, and judging whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix;
if not, judging that the characteristic information of the target sensor does not accord with the preset cross correlation.
6. The method of claim 1, wherein the at least one sensor comprises at least one of a position sensor, a lidar sensor, an inertial measurement unit; the sampling period of each sensor is the shortest sampling period of the inertia measurement unit;
And/or the characteristic information is a characteristic vector.
7. The method of claim 1, further comprising constructing the attack determination model by a mathematical modeling algorithm or a machine learning algorithm.
8. The method of claim 1, wherein the repairing the sensor data of the attacked sensor further comprises:
and repairing the sensing data of the attacked sensor by utilizing a modeling method of matrix decomposition.
9. The method of claim 8, wherein the repairing the sensor data of the attacked sensor using a modeling method of matrix factorization further comprises:
establishing a raw sensing signal matrix based on the characteristic information of the attacked sensor and the characteristic information of other sensors, wherein the other sensors are the sensors with cross correlation with the attacked sensor;
building a sensing signal matrix by using the original sensing signal matrix and a matrix completion mathematical model;
decomposing the perceptual signal matrix into at least two multiplied low rank matrices;
and respectively solving the sensing signal matrix by using an alternative direction multiplier method or a block coordinate descent algorithm to obtain the repaired sensing data.
10. A defensive device, the device comprising a memory, a processor and a data acquisition port, the memory and the data acquisition port being respectively coupled with the processor, wherein,
the data acquisition port acquires sensing data fed back by at least one sensor under the control of the processor and outputs the sensing data to the processor;
the memory stores a computer program;
the processor is configured to run the computer program to perform the method of any one of claims 1 to 9.
11. An intelligent system comprising at least one sensor and the defence apparatus of claim 10.
12. A storage medium, characterized in that it stores a computer program executable by a processor, the computer program being adapted to implement the method of any one of claims 1 to 9.
CN202010519394.7A 2020-06-09 2020-06-09 Defense method of intelligent system and related device Active CN111860139B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010519394.7A CN111860139B (en) 2020-06-09 2020-06-09 Defense method of intelligent system and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010519394.7A CN111860139B (en) 2020-06-09 2020-06-09 Defense method of intelligent system and related device

Publications (2)

Publication Number Publication Date
CN111860139A true CN111860139A (en) 2020-10-30
CN111860139B CN111860139B (en) 2024-10-01

Family

ID=72987349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010519394.7A Active CN111860139B (en) 2020-06-09 2020-06-09 Defense method of intelligent system and related device

Country Status (1)

Country Link
CN (1) CN111860139B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119149927A (en) * 2024-09-18 2024-12-17 天津大学 Distribution data missing completion method and device based on matrix decomposition

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108280332A (en) * 2017-12-15 2018-07-13 阿里巴巴集团控股有限公司 The biological characteristic authentication recognition detection method, apparatus and equipment of mobile terminal
CN109918900A (en) * 2019-01-28 2019-06-21 深圳市赛梅斯凯科技有限公司 Sensor attack detection method, device, equipment and computer readable storage medium
US20190260768A1 (en) * 2018-02-20 2019-08-22 General Electric Company Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles
CN110658807A (en) * 2019-10-16 2020-01-07 上海仁童电子科技有限公司 Vehicle fault diagnosis method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108280332A (en) * 2017-12-15 2018-07-13 阿里巴巴集团控股有限公司 The biological characteristic authentication recognition detection method, apparatus and equipment of mobile terminal
US20190260768A1 (en) * 2018-02-20 2019-08-22 General Electric Company Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles
CN109918900A (en) * 2019-01-28 2019-06-21 深圳市赛梅斯凯科技有限公司 Sensor attack detection method, device, equipment and computer readable storage medium
CN110658807A (en) * 2019-10-16 2020-01-07 上海仁童电子科技有限公司 Vehicle fault diagnosis method, device and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119149927A (en) * 2024-09-18 2024-12-17 天津大学 Distribution data missing completion method and device based on matrix decomposition

Also Published As

Publication number Publication date
CN111860139B (en) 2024-10-01

Similar Documents

Publication Publication Date Title
US12072705B2 (en) Intelligent decision-making method and system for unmanned surface vehicle
EP4044146A1 (en) Method and apparatus for detecting parking space and direction and angle thereof, device and medium
Sun et al. ATOP: An attention-to-optimization approach for automatic LiDAR-camera calibration via cross-modal object matching
CN106774306B (en) Startup detection method, device and system applied to automatic driving vehicle
CN112052761A (en) Method and device for generating confrontation face image
CN112257645B (en) Method and device for positioning key points of face, storage medium and electronic device
CN109895786A (en) A kind of automatic Pilot householder method, device, equipment and readable storage medium storing program for executing
CN110865334B (en) Multi-sensor target tracking method and system based on noise statistical characteristics
CN113532499A (en) Sensor security detection method, device and storage medium for unmanned system
US20200065564A1 (en) Method for determining pose and for identifying a three-dimensional view of a face
Wang et al. LF-VISLAM: A SLAM framework for large field-of-view cameras with negative imaging plane on mobile agents
Li et al. Topological similarity-based multi-target correlation localization for aerial-ground systems
CN111860139A (en) A defense method and related device for an intelligent system
CN109977884B (en) Target following method and device
Xu et al. Airborne small target detection method based on multi-modal and adaptive feature fusion
CN111767839A (en) Vehicle driving track determining method, device, equipment and medium
CN106230591A (en) A kind of login method for intelligent robot product and device
WO2021248332A1 (en) Defense method for intelligent system, and related apparatus
Masuduzzaman et al. UAV-employed intelligent approach to identify injured soldier on blockchain-integrated internet of battlefield things
Li et al. An Integration visual navigation algorithm for urban air mobility
US11875527B1 (en) Descriptor generation and point cloud fusion
CN116246358A (en) Smoking behavior detection method, device, equipment and storage medium
Shao et al. Anomaly recognition method of perception system for autonomous vehicles based on distance metric
CN115984374A (en) Fault positioning and tracking method and device for photovoltaic power station and electronic equipment
Vanek et al. Vision only sense and avoid: A probabilistic approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant