CN111860139A - Defense method of intelligent system and related device - Google Patents
Defense method of intelligent system and related device Download PDFInfo
- Publication number
- CN111860139A CN111860139A CN202010519394.7A CN202010519394A CN111860139A CN 111860139 A CN111860139 A CN 111860139A CN 202010519394 A CN202010519394 A CN 202010519394A CN 111860139 A CN111860139 A CN 111860139A
- Authority
- CN
- China
- Prior art keywords
- sensor
- target
- correlation
- characteristic information
- attacked
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000007123 defense Effects 0.000 title abstract description 62
- 239000011159 matrix material Substances 0.000 claims description 139
- 238000004422 calculation algorithm Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 13
- 239000013598 vector Substances 0.000 claims description 13
- 238000000354 decomposition reaction Methods 0.000 claims description 12
- 238000005070 sampling Methods 0.000 claims description 11
- 238000005259 measurement Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 7
- 238000013178 mathematical model Methods 0.000 claims description 4
- 238000010801 machine learning Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 description 16
- 238000005516 engineering process Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 11
- 238000011161 development Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 230000008447 perception Effects 0.000 description 5
- 238000011084 recovery Methods 0.000 description 4
- 230000016776 visual perception Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007620 mathematical function Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 201000004569 Blindness Diseases 0.000 description 1
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001351 cycling effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/50—Context or environment of the image
- G06V20/56—Context or environment of the image exterior to a vehicle by using sensors mounted on the vehicle
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Traffic Control Systems (AREA)
- Radar Systems Or Details Thereof (AREA)
Abstract
The application discloses a defense method of an intelligent system and a related device, wherein the method comprises the following steps: acquiring characteristic information corresponding to at least one sensor respectively based on sensing data acquired by the at least one sensor; respectively inputting the characteristic information of each sensor into an attack judgment model of the corresponding sensor to judge whether the sensor is an attacked sensor or not, wherein the attack judgment model comprises at least one of an autocorrelation judgment model and a cross correlation judgment model; and if so, repairing the sensing data of the attacked sensor. Through the technical scheme provided by the application, the defense capability and the safety of the intelligent system can be better improved.
Description
Technical Field
The present application relates to the field of intelligent system security technologies, and in particular, to a defense method for an intelligent system and a related device.
Background
The development of the intelligent system technology is driven by the change of information and communication technology, and the aim of improving the safety and efficiency of the intelligent system is to make the intellectualization and the internet of the intelligent system become the inevitable trend of the development of the intelligent system. The safety and reliability of the sensing system or the sensing device in the intelligent system affect the safety and stability of the whole intelligent system. Once the sensing system or the sensing device of the intelligent system is attacked, the information acquired by the sensor is distorted, and then an erroneous recognition result is generated, and then the intelligent system obtains an erroneous strategy, and further a safety accident of the intelligent system is caused. Therefore, a technical solution that can stably defend against external attacks is needed to solve the above technical problems.
Disclosure of Invention
The technical problem mainly solved by the application is to provide a defense method of an intelligent system and a related device, which can improve the defense capability and safety of the intelligent system.
In order to solve the technical problem, the application adopts a technical scheme that: providing a defense method of an intelligent system, the method comprising:
acquiring characteristic information corresponding to at least one sensor based on sensing data acquired by the at least one sensor;
respectively inputting the characteristic information of each sensor into an attack judgment model of the corresponding sensor to judge whether the sensor is an attacked sensor, wherein the attack judgment model comprises at least one of an autocorrelation judgment model and a cross correlation judgment model;
and if so, repairing the sensing data of the attacked sensor.
In order to solve the above technical problem, another technical solution adopted by the present application is: providing a defensive device, the device comprising a memory, a processor, and a data acquisition port, the memory and the data acquisition port being respectively coupled with the processor, wherein,
the data acquisition port acquires sensing data fed back by at least one sensor under the control of the processor and outputs the sensing data to the processor;
The memory stores a computer program;
the processor is adapted to run the computer program to perform the method as described above.
In order to solve the above technical problem, the present application adopts another technical solution: an intelligent system is provided comprising at least one sensor and a defence device as described above.
In order to solve the above technical problem, a further technical solution adopted by the present application is to provide a storage medium, where a computer program capable of being executed by a processor is stored, and the computer program is used to implement the defense method of an intelligent system as described above.
The beneficial effect of this application is: different from the situation of the prior art, according to the technical scheme provided by the application, the characteristic information corresponding to at least one sensor is obtained based on the sensing data acquired by at least one sensor, and then the characteristic information of each sensor is input into the autocorrelation judging model and/or the cross-correlation judging model corresponding to each sensor, so that whether the sensor is an attacked sensor can be quickly judged, namely, after each sensor feeds back the sensing data to the intelligent system, whether the corresponding sensor is attacked is judged in real time based on the autocorrelation and/or the cross-correlation of the sensing data, the sensing data corresponding to the attacked sensor is repaired when the sensor is judged to be attacked, and the defense capability and the completeness of the intelligent system are improved.
Drawings
FIG. 1 is a schematic structural diagram of an embodiment of a defense apparatus according to the present application;
FIG. 2 is a schematic structural diagram of an embodiment of an intelligent system of the present application;
FIG. 3 is a schematic flow chart of an embodiment of a defense method of an intelligent system according to the present application;
FIG. 4 is a schematic flow chart illustrating another embodiment of a defense method of an intelligent system according to the present application;
FIG. 5 is a schematic flow chart of another embodiment of a defense method of an intelligent system according to the present application;
FIG. 6 is a schematic flow chart illustrating a defense method of an intelligent system according to yet another embodiment of the present disclosure;
FIG. 7 is a schematic flow chart illustrating another embodiment of a defense method of an intelligent system according to the present application;
FIG. 8 is a schematic flow chart illustrating a defense method of an intelligent system according to yet another embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of an embodiment of a storage medium according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless explicitly specifically limited otherwise. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
With the development of intelligent technology, intelligent systems are widely applied to various industries, particularly the field of unmanned driving, and can be applied to unmanned vehicles, unmanned planes and the like. For example, when an intelligent system is applied to the field of unmanned driving, how to improve the reliability of traffic safety, improve the processing efficiency, and how to realize automobile intelligence and networking has become a development trend in the field of unmanned driving. Since the unmanned technology is an important project for the development and leading-edge science and technology of the current society, the unmanned technology has immeasurable significance for various fields of the society, such as city construction, traffic trip, economic development and national defense strength. The perception system influences the safety and stability of equipment applying the intelligent system in the unmanned technology, once the perception system of the intelligent system is attacked, information obtained by the perception system is distorted, wrong recognition results are caused, incorrect decisions are caused, safety accidents are possibly caused, serious life and property losses are caused, and related policies and new technologies are disputed by countries and organizations.
At present, the security defense of an intelligent system at home and abroad is still in a relatively early stage, and the proposed scheme is relatively single in applicable scene. If the intelligent system is applied to the field of unmanned driving, the intelligent system comprises a visual perception part, and only single defense can be carried out on the visual perception part. There are two main approaches to existing defense against visual attacks: the first is to continuously improve the robustness of the network by continuously inputting new types of countermeasure samples and performing countermeasure training. This approach requires a large amount of training data, however, moovavi-dezfolio indicates that there are new challenge attack samples that can again spoof the network, regardless of how many challenge samples are added; the second is to deploy more sensors, etc., in a manner that increases redundancy. The first approach only reduces the impact of challenge samples on sensor identification to some extent, but new challenge samples will always be present. The second approach would significantly increase the cost of the production configuration.
The main measures for laser radar sensor defense in unmanned driving in the prior art are as follows: (1) a fast photoelectric switch and a filter are arranged in an optical and photoelectric device to prevent laser blindness. (2) Laser-resistant structures, such as sandwich structures, are being investigated to prevent damage to own equipment from enemy laser energy. (3) Technical parameters are strictly kept secret, for example, encoding technology is adopted for own laser signals, and the interference difficulty of enemies is increased. (4) The development and development of a shell made of special high-temperature resistant materials make it difficult to burn and penetrate by laser weapons. Research and research show that the methods can only reduce the attack risk to a certain extent, but cannot provide a safety countermeasure after the laser radar sensor is attacked.
For attack defense of the position sensor, methods such as encryption, signal distortion detection, direction of arrival (DOA) induction and the like are required to be combined to defend the attack. A single approach may not achieve complete defense. The method has extremely high cost and high cost, and the possibility of missed detection exists. Therefore, it can be known from the above that the existing defense method of the intelligent system can only realize defense against a single sensor, or reduce the influence caused by attack to a certain extent, but a system-comprehensive attack detection and defense system is not formed yet, and the technical scheme provided by the application can better solve the technical problems.
In order to facilitate understanding of the defense method of the intelligent system provided by the present application, the defense device and the intelligent system provided by the present application are described first. Referring to fig. 1, fig. 1 is a schematic structural diagram of an embodiment of a defense apparatus of the present application, in the present embodiment, the defense apparatus 100 of the present application may perform a defense method of an intelligent system as described in any one of the following embodiments of fig. 3 to 8 and corresponding embodiments thereof. Specifically, the defense device 100 includes a memory 102, a processor 101, and a data acquisition port 103. Wherein, the memory 102 and the data acquisition port 103 are respectively coupled with the processor 101.
The data acquisition port 103 acquires sensing data fed back by at least one external sensor (not shown) under the control of the processor 101, and outputs the sensing data to the processor 101, so that the processor 101 determines whether the sensor is an attacked sensor based on the sensing data, and further repairs the sensing data acquired by the attacked sensor when the external sensor is determined to be the attacked sensor.
The memory 102 includes a local storage (not shown) and stores a computer program, and the computer program stored in the memory 102 can implement the defense method of the intelligent system described in any one of the embodiments of fig. 3 to fig. 8 and the corresponding embodiments thereof when executed.
A processor 101 is coupled to the memory 102, and the processor 101 is configured to execute a computer program to execute the defense method of the intelligent system as described in any one of the embodiments of fig. 3 to fig. 8 and the corresponding embodiments.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an embodiment of an intelligent system according to the present application. In the present embodiment, the intelligent system 200 provided by the present application includes at least one sensor 201 and a defense apparatus 202, wherein the defense apparatus 202 is the defense apparatus as described in fig. 1 and any corresponding embodiment thereof. At least one sensor 201 is configured to sense an external environment to acquire sensing data of an acquired target, and feed back the acquired sensing data to the defense apparatus 202, where the defense apparatus 202 is configured to execute the defense method of the intelligent system described in any one of the embodiments of fig. 3 to 8 and corresponding thereto.
The number and types of the sensors 201 included in the intelligent system 200 are not limited herein, and may be specifically set according to the actual application scenario and the actual functional requirements of the intelligent system 200. As in one embodiment, when the intelligent system 200 is a system applied to an unmanned vehicle, the sensors 201 in the intelligent system 200 at least include at least one of a position sensor, a lidar sensor, and an inertial measurement unit. In another embodiment, the sensor 201 includes, besides the sensors in the conventional sense, other circuit units for acquiring external environmental parameters, such as when the intelligent system 200 is a system for use on a drone, the sensor 201 in the intelligent system 200 includes at least: one of a distance sensor, a height sensor, a torque sensor, a balance sensor, and an image acquisition unit.
It should be noted that, in other embodiments, the sensor 201 illustrated in fig. 2 may also be directly integrated into the defense apparatus 202, and is not limited herein.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating an embodiment of a defense method of an intelligent system according to the present application. In the present embodiment, the executing body of the defense method of the intelligent system is a defense device as described in fig. 1 above. Specifically, the method provided by the present application includes steps S310 to S330.
S310: and obtaining characteristic information respectively corresponding to the at least one sensor based on the sensing data acquired by the at least one sensor.
After sensors in equipment applied to the intelligent system sense an external environment and acquire sensing data, each sensor feeds the acquired sensing data back to the defense device, and the defense device acquires the sensing data acquired by at least one sensor and processes the sensing data after acquiring the sensing data to acquire characteristic information corresponding to the at least one sensor.
Further, in an embodiment, the at least one sensor includes at least one of a position sensor, a lidar sensor, and an inertial measurement unit, and in the current embodiment, the sampling period of each sensor is the shortest sampling period of the Inertial Measurement Unit (IMU), and the cycle period of the method provided in the present application is set according to the sampling period of each sensor.
Further, the feature information is a feature vector. Specifically, the feature vectors corresponding to the sensors may be expressed in a matrix form.
Further, when the at least one sensor feeds back the collected sensing data to the defense device according to the set sampling period, step S310 is based on the sensing data collected by the at least one sensor in the current sampling period, and the sensing data is processed to obtain the characteristic information corresponding to each sensor. When the intelligent system is a system applied to an unmanned automobile, the sampling period of each sensor can be uniformly set to be the shortest sampling period of the inertia measurement unit. In another embodiment, the sampling period of each sensor is not limited, but only the cycle period of the method provided in this application, and in the current embodiment, the shortest sampling period among all the sensors may be defined as the cycle period of the method provided in this application. The cycle period refers to a time period required for completely cycling from step S310 to step S330.
Furthermore, when the sensing data acquired by the sensor can be used for directly reflecting the characteristics of the target, the sensing data acquired by the sensor can be directly output as the characteristic information corresponding to the sensor. Otherwise, the sensing data acquired by each sensor is converted in the expression form to acquire the characteristic information corresponding to each sensor.
S320: and respectively inputting the characteristic information of each sensor into the attack judgment model of the corresponding sensor so as to judge whether the sensor is an attacked sensor.
After the characteristic information corresponding to at least one sensor is obtained, the characteristic information of each sensor is further respectively input into the attack judgment model of the corresponding sensor so as to judge whether the sensing data acquired by the current sensor is abnormal or not, and further determine whether each sensor is attacked or not according to the judgment result.
In another embodiment, when each sensor feeds back sensing data to the defense device according to a set period, in step S320, the feature information of the current period of each sensor is respectively input to the attack determination model of the corresponding sensor, and then it is determined whether the sensor is an attacked sensor in the current period according to the output result of the attack determination model.
In the same intelligent system, because the information cross and redundancy exist among different sensors and the relationship between the information cross and redundancy does not change along with the change of the external environment, the cross-correlation judgment model can be constructed in advance to judge or assist in judging whether the sensors are attacked or not. Correspondingly, the time-invariant autocorrelation exists on the sensing data acquired by the same sensor at different time periods, so that whether each sensor is attacked or not can be judged or assisted by respectively constructing autocorrelation judging models corresponding to each sensor. Based on this, the attack judgment model includes at least one of an autocorrelation judgment model and a cross-correlation judgment model. Specifically, the autocorrelation judging model and the cross-correlation judging model may be models that are established in advance based on empirical values. The autocorrelation judging model is a judging model established according to autocorrelation among the same type of sensing data acquired by the same type of sensor or characteristic information corresponding to the same type of sensing data, and the cross-correlation judging model is an establishing judging model according to cross-correlation among different types of sensing data acquired by different types of sensors or cross-correlation among the characteristic information corresponding to the different types of sensing data. It should be noted that, in the same intelligent system, the autocorrelation between the sensing data (or the feature information corresponding to the sensing data) acquired by the sensors at different times is relatively constant, and the cross-correlation between the sensing data (or the feature information corresponding to the sensing data) acquired by different types of sensors having the cross-correlation in the same period is also constant.
Specifically, the autocorrelation judging model and the cross-correlation judging model may be constructed by a mathematical modeling algorithm or obtained by algorithm training of machine learning. Therefore, in a further embodiment, the method provided by the present application further includes constructing an attack judgment model through a mathematical modeling algorithm or a machine learning algorithm. It is to be understood that the method for constructing the attack judgment model is not limited, and other types of methods may be used to construct the attack judgment model in other embodiments.
Further, in an embodiment, in step S320, the characteristic information of each sensor may be respectively input to the autocorrelation judging model or the cross correlation judging model corresponding to each sensor, so as to judge whether each sensor is an attacked sensor. In another embodiment, in step S320, the characteristic information of each sensor may be input into the respective autocorrelation judging model, and then the characteristic information of each sensor is input into the respective cross correlation judging model, so as to judge whether the sensor is an attacked sensor. In another embodiment, in step S320, the feature information of the sensor may be input into the cross-correlation determination model corresponding to the sensor, and if the cross-correlation determination model determines that the cross-correlation between the sensor and another sensor changes in the current period, it is determined that the sensor is a suspected attacked sensor in the current period, and the feature information of the suspected attacked sensor is further input into the auto-correlation determination model corresponding to the sensor, so as to further determine whether the suspected attacked sensor is an attacked sensor.
Further, when the intelligent system includes multiple types of sensors, some of the multiple types of sensors have cross-correlation, and some of the sensors do not have cross-correlation with other sensors, so that in step S320, the type of the attack determination model corresponding to the current sensor stored in the system may be determined first, and then the characteristic information of the sensor may be input to the type of the attack determination model existing in the current sensor. If it is determined that the current sensor only has the autocorrelation judging model, in step S320, the autocorrelation judging model is directly selected by default to judge whether the sensor is an attacked sensor.
Further, in another embodiment, in the technical solution provided by the present application, a plurality of determination modes for determining whether the sensor is attacked can be set in the intelligent system at the same time for the user to select. For example, three modes can be set according to the speed and accuracy of the whole judgment process for the user to select and execute, the first mode is to input the characteristic information of the sensor into the autocorrelation judgment model, and determine whether the sensor is an attacked sensor according to the judgment result of the autocorrelation judgment model; secondly, inputting the characteristic information of the sensor into a cross-correlation judgment model corresponding to the sensor so as to determine whether the sensor is an attacked sensor according to the judgment result of the cross-correlation judgment model; and thirdly, inputting the characteristic information of the sensor into an autocorrelation judging model corresponding to the sensor, and then inputting the characteristic information of the sensor into a cross-correlation judging model corresponding to the sensor so as to determine whether the sensor is an attacked sensor by combining the judging result of the autocorrelation judging model and the judging result of the cross-correlation judging model.
Before step S310, the method provided by the present application further includes: sensing data acquired based on at least one sensor is acquired. After the sensing data acquired by the at least one sensor is acquired, the sensing data is further converted to obtain characteristic information corresponding to the at least one sensor.
S330: and repairing the sensing data of the attacked sensor.
And if the characteristic information of each sensor is respectively input into the attack judgment model of the corresponding sensor to judge that the sensor is the attacked sensor, the sensing data of the attacked sensor can be further repaired.
Further, if the sensor is judged to be an attacked sensor in the current period, the sensing data in the current period of the sensor can be further repaired.
According to the technical scheme provided by the embodiment corresponding to fig. 3 of the application, the characteristic information corresponding to at least one sensor is obtained based on the sensing data acquired by at least one sensor, and then the characteristic information of each sensor is respectively input into the autocorrelation judging model and/or the cross-correlation judging model corresponding to each sensor, so that whether the sensor is an attacked sensor can be quickly judged, namely, after each sensor feeds back the sensing data to the intelligent system, whether the corresponding sensor is attacked is judged in real time based on the autocorrelation and/or the cross-correlation of the sensing data, the sensing data corresponding to the attacked sensor is quickly repaired when the sensor is judged to be attacked, and the defense capability and the completeness of the intelligent system are better improved.
Before describing the corresponding method flows in the following embodiments, a construction process of the attack judgment model is described first.
Specifically, the construction process of the attack judgment model is explained by taking an intelligent system as an example for being applied to an automatic driving automobile and carrying out security defense on a sensor of a visual perception part by applying the method provided by the application. The visual perception part comprises a target detection part and a target positioning part, wherein a sensor for detecting the target at least comprises a laser radar sensor and an image acquisition unit, and a sensor for positioning at least comprises a position sensor (such as a GPS and a Beidou navigation system) and the laser radar sensor. The position sensor belongs to absolute positioning, and other types of positioning modes all need to extract feature vectors of corresponding environments in structured environments. However, if the sensor is subjected to an external active attack, the feature vector is lost, and the positioning or target detection of the intelligent system is disabled. For example, when the image capturing unit is attacked by strong light, if the positioning features are not recovered in time according to the sensing data collected by the laser radar sensor, a great potential safety hazard is brought to automatic driving. After verification, the technical scheme provided by the application can be used for judging that the image acquisition unit is the attacked sensor in real time when the image acquisition unit is attacked by strong light, and can be used for quickly recovering the sensing data or the characteristic information of the image acquisition unit when the image acquisition unit is judged to be the attacked sensor, so that the safety of an intelligent system can be better improved.
The laser radar sensor is used for acquiring laser point cloud information and constructing a laser radar map. The laser radar map comprises a reflection value map and a height value map. Specifically, a laser radar map can be constructed according to the laser reflection intensity, the laser height and other characteristic quantities of the physical world, and then the relative pose of the carrier (vehicle body) of the laser radar sensor is calculated. The essence of matching and positioning by using laser point cloud data is an optimization problem, and as long as a loss function for positioning is well defined in advance, solving the minimum loss function is a process for positioning a carrier. The image alignment is to solve the course angle yaw by an optimization method, and to solve the coordinate points x and y of the carrier by an optimization method of SSD-HF (SSD-Sum of Squared Difference Histogram Filter). (x, y) represents a planar coordinate point of the carrier in the lidar map. And finally, outputting the pose information X (X, y, z, yaw) of the carrier by using a laser positioning algorithm.
When the carrier carrying the laser radar sensor is scanned in one timeObserve the point cloud Lm,LmThe pose under the laser radar coordinate system is recorded as YLmAnd the coordinate system of the carrier of the laser radar sensor relative to the map is X (t), and then a laser radar observation equation can be written according to the observation principle of the laser radar sensor:
Wherein ρ is a measurement distance, and α and β are measurement angles of laser pulses emitted by the laser radar sensor, respectively. H (t) represents the observation matrix of the laser radar sensor, and v is the measurement noise.
If the point cloud number scanned by the laser radar sensor at one time is k, the corresponding observation equation set of the point feature vector scanned by the laser radar sensor at one time is as follows:
in the positioning task, the feature vector of the lidar sensor can be expressed as
In the target detection task, the eigenvector of the lidar sensor can be expressed as:
[X Y]Tcoordinate system [ 00 ] representing detected target relative to the carrier (i.e. vehicle body) of the lidar sensor]TPosition of [ h w ]]TThe height and width of the detection frame are shown, and theta is the confidence that the detection target is in the detection frame. The confidence is a probability indication of the object class determined by the object detection algorithm, and is used for identifying the probability of the currently detected object type, for example, when the detection task is a vehicle, the probability that the detected object is the vehicle is determined by the confidence.
For feature vectors of Inertial Measurement Units (IMUs)
To indicate that the user is not in a normal position,
wherein [ raw pitch roll]TRepresents three attitudes of course angle, pitch angle and roll angle, [ V ]xVyVz]TRepresents the three-axis velocity, [ a ] xayaz]TRepresents the three-axis acceleration, [ w ]xwywz]TRepresenting the three-axis angular velocity.
GPS feature vector
And x, y and z are three-dimensional coordinates of the vehicle body.
In the present embodiment, the image acquisition unit in the automatic driving vehicle is a vehicle-mounted camera, and the automatic driving vehicle acquires images around the vehicle through the vehicle-mounted camera. The acquired picture is input into a target detection system in an RGB format, an intelligent system calls a deep convolutional neural network algorithm to extract the features of the RGB image, the features extracted from the RGB image can effectively describe the information of a target object, and the vector is used for the detection result of the target object
And (4) showing. Wherein [ X ]vYv]TRepresents the coordinate value of the target object on the image coordinate system, [ h ω [ [ O ] S]TThe height and the width of the detection box are represented, v represents the class number of the target object detected by the deep convolutional neural network algorithm, and p represents the confidence coefficient of the target object.
After the feature vectors corresponding to the sensing data acquired by each sensor are obtained, further according to the feature vectors corresponding to the sensing data acquired by each sensor, appropriate correlation and autocorrelation expression methods are respectively selected to respectively establish a constant cross correlation judgment model among each sensor and a time-invariant autocorrelation judgment model of each sensor. In the present embodiment, a mathematical function of the cross-Correlation determination model is represented by correction _ space (), a mathematical function of the autocorrelation determination model is represented by correction _ time (), a matrix S _ constant represents a matrix representation of the cross-Correlation relationship inherent between sensors, and C _ i represents a matrix representation of the autocorrelation of a sensor numbered i at different times, the matrix of the cross-Correlation and the matrix of the autocorrelation are as follows:
Wherein s (a, b) represents the characteristic cross-correlation between sensor a and sensor b,
the feature vector of the sensor numbered i, c (t)i,ti) Indicating the characteristic dependence of the sensor at time i and time j.
In the technical scheme provided by the application, firstly, a preset cross correlation matrix and a preset autocorrelation matrix corresponding to each sensor are correspondingly set according to the characteristics of each sensor when the sensor is not attacked, in the running process of an intelligent system, firstly, the obtained characteristic correlation corresponding to the sensor is calculated to obtain a corresponding target cross correlation matrix, the obtained autocorrelation corresponding to the sensor is obtained to obtain a corresponding target autocorrelation matrix, then, the obtained target cross correlation matrix is compared with the preset cross correlation matrix to judge whether the target cross correlation matrix is consistent with the preset cross correlation matrix, and further, whether the sensor is attacked is judged; similarly, after the target autocorrelation matrix is obtained, the obtained target autocorrelation matrix is compared with the preset autocorrelation matrix to judge whether the target autocorrelation matrix is consistent with the preset autocorrelation matrix, and further judge whether the sensor is attacked.
If the laser radar sensor is subjected to distance attack by an interference source of a high repetition frequency pulse laser, each sensor feeds back environment information acquired in real time to a defense device, feature extraction is carried out on perception data, correlation calculation is carried out on the extracted features by adopting a time correlation model and a space correlation model respectively, and a time-based target autocorrelation matrix C _1', C _2', C _3' … C _ n ' of each sensor and a target autocorrelation matrix S ' among different sensors are obtained respectively; then comparing the obtained target autocorrelation matrixes C _1', C _2', C _3'… C _ n' with preset autocorrelation matrixes C _1, C _2 and C _3 … C _ n to judge whether the target autocorrelation matrixes and the preset autocorrelation matrixes are consistent, and if the target autocorrelation matrixes and the preset autocorrelation matrixes are inconsistent, preliminarily judging that the current sensor is attacked; similarly, if the target cross-correlation matrix S' obtained through the comparison is inconsistent with the preset cross-correlation matrix S, it is determined that an attacked sensor exists in the current sensor.
In another embodiment, after the target cross-correlation matrix is determined to be inconsistent with the preset cross-correlation matrix, the target cross-correlation matrix and the preset cross-correlation matrix of each sensor in the cross-correlation matrix are respectively compared to determine whether the target cross-correlation matrix and the preset cross-correlation matrix are consistent, and if the target cross-correlation matrix and the preset cross-correlation matrix are inconsistent, the sensor is determined to be an attacked sensor. In another embodiment, the suspected attacked sensor is determined to be the attacked sensor according to the target autocorrelation matrix and the preset autocorrelation matrix, and the corresponding target autocorrelation matrix is compared with the corresponding preset autocorrelation matrix to further determine whether the suspected attacked sensor is the attacked sensor. Taking the target cross-correlation matrix and the corresponding preset cross-correlation matrix as an example, subtracting the two matrices, and determining whether each element in the matrix obtained by subtracting the two matrices is 0, if so, determining that the target cross-correlation matrix is consistent with the corresponding preset cross-correlation matrix, otherwise, if elements in the matrix obtained by subtracting are not zero as in the following S-S _ constant, determining that the target cross-correlation matrix is not consistent with the corresponding preset cross-correlation matrix, and further determining that the current sensor is an attacked sensor or a suspected attacked sensor.
Referring to fig. 4, fig. 4 is a schematic flow chart of another embodiment of a defense method of an intelligent system according to the present application. In the present embodiment, the step S320 in fig. 3 inputs the characteristic information of each sensor into the attack determination model of the corresponding sensor, respectively, to determine whether the sensor is an attacked sensor, further includes steps S401 to S404.
S401: each sensor is taken as a target sensor.
Each sensor is taken as a target sensor. The target sensor refers to a sensor currently being judged whether to be attacked or not. The target sensor may be any one of sensors included in an intelligent system, and is not limited herein.
S402: and inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor so as to judge whether the characteristic information of the target sensor does not accord with the preset autocorrelation.
After the characteristic information corresponding to at least one sensor is obtained and a certain sensor is determined to be a target sensor, the characteristic information obtained based on the sensing data collected by the target sensor is further input into an autocorrelation judging model of the target sensor, and whether the characteristic information of the target sensor does not accord with the preset autocorrelation is further judged.
S403: and further inputting the characteristic information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor so as to judge whether the characteristic information of the target sensor does not accord with the preset cross-correlation.
And if the characteristic information of the target sensor is judged not to accord with the preset autocorrelation, the fact that the sensor of the characteristic information acquired by the current sensor is suspected to be attacked is explained. Therefore, in the current embodiment, after the feature information of the target sensor is determined to be not in accordance with the predetermined autocorrelation, the feature information corresponding to the target sensor is further input to the cross-correlation determination model corresponding to the target sensor to determine whether the feature of the target sensor is in accordance with the predetermined autocorrelation, so as to further determine whether the target sensor is an attacked sensor.
Further, in an embodiment, the same sensor may have a plurality of cross-correlation determination models, and the step S403 may input the feature information corresponding to the target sensor to the plurality of cross-correlation determination models corresponding to the target sensor, respectively, so as to determine whether the feature information of the target sensor does not conform to the predetermined cross-correlation. When the characteristic information of the target sensor obtained by the cross-correlation judgment models meets the preset cross-correlation, the characteristic information of the target sensor is judged to meet the preset cross-correlation, otherwise, if the characteristic information of the target sensor obtained by at least one cross-correlation judgment model does not meet the preset cross-correlation, the characteristic information of the target sensor is judged to not meet the preset cross-correlation.
S404: and determining that the target sensor is an attacked sensor.
If the characteristic information of the target sensor is judged not to conform to the preset cross correlation, the current target sensor is determined to be an attacked sensor, and the sensing data of the target sensor is further repaired when the target sensor is judged to be the attacked sensor, wherein the repairing process of the sensing data can refer to the content described in fig. 8 and any corresponding embodiment thereof.
In the embodiment corresponding to fig. 4, the feature information corresponding to the target sensor is input to the autocorrelation judging model of the target sensor, and when the feature information of the target sensor is judged to be not in conformity with the preset autocorrelation, the feature information corresponding to the target sensor is further input to the crosscorrelation judging model corresponding to the target sensor to judge whether the feature information of the target sensor is in conformity with the preset crosscorrelation, and if the feature information of the target sensor is not in conformity with the preset crosscorrelation, the target sensor is determined to be an attacked sensor. Whether the sensor is an attacked sensor is judged based on the autocorrelation and the cross correlation, so that whether the sensor is the attacked sensor can be accurately judged, and the defense accuracy of the intelligent system is further improved.
Referring to fig. 5, fig. 5 is a schematic flow chart of another embodiment of a defense method of an intelligent system according to the present application. It should be noted that, in the embodiment corresponding to fig. 5, it may also be determined whether the sensor is an attacked sensor based on the determination result of the autocorrelation determination model alone, because the characteristic that the intervening autocorrelation and the cross correlation are relatively stable. In the present embodiment, the step S320 in fig. 3 respectively inputs the characteristic information of each sensor into the attack determination model of the corresponding sensor to determine whether the sensor is an attacked sensor further includes steps S501 to S502.
S501: each sensor is taken as a target sensor.
And respectively taking each sensor as a target sensor to respectively judge whether each sensor is attacked or not.
S502: inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor to judge whether the characteristic information of the target sensor does not accord with the preset autocorrelation, and if so, determining that the target sensor is an attacked sensor.
In the current embodiment, the feature information corresponding to the target sensor is input to the autocorrelation judging model of the target sensor, and whether the target sensor is an attacked sensor is directly judged and obtained based on the judgment result of the autocorrelation judging model. And when the current characteristic information of the target sensor does not accord with the autocorrelation, judging that the current target sensor is an attacked sensor. Specifically, the target autocorrelation matrix of the target sensor may be calculated, the target autocorrelation matrix is compared with a preset autocorrelation matrix, and whether the current sensor is an attacked sensor is determined based on a determination result of whether the two matrices are the same. If the current target sensor is the same as the attacked sensor, judging that the current target sensor is normal, otherwise, judging that the current target sensor is the attacked sensor.
In another embodiment, step S320 may also include: and respectively taking each sensor as a target sensor, inputting the characteristic information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to judge whether the characteristic information of the target sensor does not accord with the preset cross-correlation, and if so, determining that the target sensor is an attacked sensor. Specifically, the target cross-correlation matrix between the target sensor and the other sensors related to the target sensor may be calculated, the target cross-correlation matrix is compared with a preset cross-correlation matrix, and whether the current sensor is an attacked sensor is determined based on a determination result that whether the two matrices are the same. If the current target sensor is the same as the attacked sensor, judging that the current target sensor is normal, otherwise, judging that the current target sensor is the attacked sensor.
Referring to fig. 6, fig. 6 is a schematic flow chart illustrating a defense method of an intelligent system according to another embodiment of the present application. In the present embodiment, the above-mentioned steps input the feature information corresponding to the target sensor into the autocorrelation judging model of the target sensor to judge whether the feature information of the target sensor does not conform to the preset autocorrelation, and further includes steps S601 to S603.
S601: and obtaining a target autocorrelation matrix of the target sensor based on the corresponding characteristic information of the target sensor.
After the characteristic information corresponding to the target sensor is obtained, a target autocorrelation matrix of the target sensor is obtained through conversion further based on the characteristic information corresponding to the target sensor.
S602: and judging whether the target autocorrelation matrix is consistent with a preset autocorrelation matrix of the target sensor.
Since the autocorrelation of the sensing data acquired by the same sensor in different time periods can be kept unchanged, the autocorrelation matrix corresponding to the characteristic information of the sensor can be kept unchanged, and after the target autocorrelation matrix of the target sensor is acquired, the target autocorrelation matrix can be compared with the preset autocorrelation matrix of the target sensor, so that whether the acquired target autocorrelation matrix is consistent with the preset autocorrelation matrix of the target sensor or not can be judged.
S603: if not, judging that the characteristic information of the target sensor does not accord with the preset autocorrelation.
If the target autocorrelation matrix is inconsistent with the preset autocorrelation matrix of the target sensor through comparison, judging that the obtained characteristic information of the target sensor is not in accordance with the preset autocorrelation; otherwise, if the target autocorrelation matrix is consistent with the preset autocorrelation matrix of the target sensor through comparison, the characteristic information of the target sensor is judged to be in accordance with the preset autocorrelation. Specifically, in an embodiment, whether the target autocorrelation matrix is consistent with the preset autocorrelation matrix may be determined by subtracting the target autocorrelation matrix from a preset autocorrelation matrix of the target sensor and determining whether each element in the matrix obtained by the subtraction is zero, if each element in the matrix obtained by the subtraction is 0, it is determined that the target autocorrelation matrix is consistent with the preset autocorrelation matrix, and otherwise, it is determined that the target autocorrelation matrix is inconsistent with the preset autocorrelation matrix.
Referring to fig. 7, fig. 7 is a schematic flowchart illustrating another embodiment of a defense method of an intelligent system according to the present application. In the present embodiment, the above-mentioned steps input the feature information corresponding to the target sensor into the cross-correlation determination model corresponding to the target sensor to determine whether the feature information of the target sensor does not conform to the preset cross-correlation, and further include steps S701 to S703.
S701: and obtaining a target cross-correlation matrix of the target sensor based on the characteristic information corresponding to the target sensor and the characteristic information corresponding to at least one other sensor.
Wherein the other sensors are sensors having a cross-correlation with the target sensor. The other sensors may be preset in advance according to the cross-correlation between the sensors, and are not limited herein.
Therefore, the target cross-correlation matrix of the target sensor is obtained based on the characteristic information corresponding to the target sensor and the characteristic information corresponding to at least one other sensor. The number of other sensors is not limited herein, and may be specifically set based on the requirement and the cross-correlation between the sensors.
Further, in another embodiment, when each sensor collects sensing data according to a set period, in step S701, the cross-correlation matrix of the target sensor in the current period is obtained based on the feature information corresponding to the target sensor in the current period and the feature information of at least one other sensor in the period corresponding to the period of the target sensor.
In another embodiment, when the same sensor and a plurality of different sensors respectively have different correlations, a plurality of target cross-correlation matrices corresponding to the target sensors may be obtained in step S701.
S702: and acquiring a preset cross-correlation matrix between the target sensor and at least one other sensor, and judging whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix.
It should be noted that, in the technical solution provided in the present application, the preset cross-correlation matrix and the attribute identity information of each sensor are stored in an associated manner. Therefore, the preset cross-correlation matrix between the target sensor and at least one other sensor can be directly obtained based on the information of the target sensor, and the obtained target cross-correlation matrix of the target sensor in the current period is compared with the preset cross-correlation matrix so as to judge whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix.
S703: if not, judging that the characteristic information of the target sensor does not accord with the preset cross correlation.
If the target cross-correlation matrix is judged to be inconsistent with the preset cross-correlation matrix, judging that the obtained characteristic information of the target sensor is not consistent with the preset cross-correlation; otherwise, if the target cross-correlation matrix is judged to be consistent with the preset cross-correlation matrix, judging that the obtained characteristic information of the target sensor accords with the preset cross-correlation.
Further, the repairing the sensor data of the attacked sensor in step S330 in fig. 3 further includes: and repairing the sensing data of the attacked sensor by utilizing a matrix decomposition modeling method. In the current embodiment, the sensing data of the attacked sensor can be quickly repaired by adopting a matrix decomposition modeling method, so that the execution efficiency of the algorithm is improved. It is understood that in other embodiments, other methods may be used to repair the sensor data of the attacked sensor, for example, a modeling method of nuclear norm relaxation may also be used to repair the sensor data of the attacked sensor.
Referring to fig. 8, fig. 8 is a schematic flow chart illustrating a defense method of an intelligent system according to another embodiment of the present disclosure. In the embodiment corresponding to fig. 8, the repairing the sensor data of the attacked sensor by using the matrix factorization modeling method in the above steps further includes steps S801 to S804.
S801: and establishing an original sensing signal matrix based on the characteristic information of the attacked sensor and the characteristic information of other sensors.
Wherein the other sensors are sensors having cross-correlation with the attacked sensor.
S802: and constructing a sensing signal matrix by utilizing the original sensing signal matrix and the matrix completion mathematical model. The matrix completion mathematical model is a preset model for completing the matrix.
S803: the perceptual signal matrix is decomposed into at least two multiplied low rank matrices.
In the present embodiment, the matrix decomposition is performed based on an existing matrix decomposition method, and is not limited herein.
S804: and respectively solving the sensing signal matrix by using an alternative direction multiplier method or a block coordinate descent algorithm to obtain the repaired sensing data.
Based on the repaired portion of the sensing data corresponding to fig. 8, in an embodiment, when a certain sensor is detected to be attacked, an original sensing signal matrix M is established based on the feature information of the current sensor and the feature information of other sensors. The set of characteristic information elements corresponding to the non-attacked sensors included in the original sensing signal matrix M may be referred to as an index set, and the characteristic information of the attacked sensors included in the original sensing signal matrix M may be referred to as missing elements. And establishing a matrix completion mathematical model according to the established original sensing signal matrix M so as to reconstruct the sensing signal matrix X.
In the present embodiment, the basic idea of the modeling method based on matrix decomposition is: the original sensing signal matrix is decomposed into the product of two low-rank matrices, so that complex matrix singular value decomposition is avoided, and the execution efficiency of the algorithm is accelerated. Specifically, the matrix completion problem using matrix decomposition is modeled as in equation 1:
Where k is the predicted matrix rank bound. The model is solved by adopting a block coordinate descent algorithm (commonly called an alternative minimization algorithm), and a solution with higher precision can be obtained within smaller time complexity by utilizing the model through obtaining a proper k value in advance.
In the experimental process, the experimental results on the synthetic data and the real data set show that the matrix double-decomposition model based on the matrix decomposition idea has obvious improvement on both completion precision and convergence rate. Specifically, the model in the above formula 1 can be further simplified to formula 2:
the model corresponding to equation 2 can be solved by using an alternating direction multiplier method. Furthermore, the literature has demonstrated that for any matrix X ∈ Rn1 × n2 of rank r, if k > r, the following equation holds as illustrated in equation 3:
in another embodiment, the standard matrix completion problem can also be directly modeled as in equation 4 below:
the model in formula 4 can be directly solved quickly by using a block coordinate descent algorithm. In one embodiment, since the problem is non-convex, to avoid the presence of a non-globally optimal stagnation solution, a solution under more relaxed conditions is found as illustrated in equation 5 below.
||PΩFormula 5 of (M-LQ) | < lambda ≦
The solution of the problem is obtained by solving
I.e. the global optimum solution, then passes
To fill in missing parts of the original perceptual signal matrix M.
As for the method provided in the embodiment corresponding to fig. 8, it can be known from data recovery by taking the attacked sensor of the lidar sensor as an example, and the method using matrix decomposition and matrix completion provided by the present application can better recover the perception target that is attacked and missing. It can be verified that the detection and recovery experiment only requires seconds on a single-core CPU for lidar data of about 50000 point cloud data. If the multi-core CPU is adopted for processing or the algorithm of the data restoration part is further optimized in the later period, the processing time can be further greatly reduced, and the defense technology of the intelligent system is more real-time and efficient.
According to the technical scheme, the cross correlation judgment model and/or the autocorrelation judgment model are established by researching the overlapping relation and semantic correlation of information among different sensors, so that whether the intelligent system is attacked or not is judged in real time based on the cross correlation among the sensing data and/or the autocorrelation of the sensing data, when the intelligent system is judged to be attacked, the sensing data distorted due to attack is recovered in high precision by adopting a matrix decomposition modeling method, real-time attack defense and high-precision data recovery are realized, and a set of complete attack defense scheme which takes the detection of whether the sensors are attacked or not and a data recovery algorithm as a core is formed.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an embodiment of a storage medium according to the present application. The storage medium 900 stores a computer program 901 capable of being executed by a processor, and the computer program 901 is used for implementing the defense method of the intelligent system as described in any one of the embodiments of fig. 3 to fig. 8 and the corresponding embodiments. Specifically, the storage medium 900 may be one of a memory, a personal computer, a server, a network device, or a usb disk, and is not limited in any way herein.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.
Claims (12)
1. A method of defending an intelligent system, the method comprising:
acquiring characteristic information corresponding to at least one sensor based on sensing data acquired by the at least one sensor;
respectively inputting the characteristic information of each sensor into an attack judgment model of the corresponding sensor to judge whether the sensor is an attacked sensor, wherein the attack judgment model comprises at least one of an autocorrelation judgment model and a cross correlation judgment model;
And if so, repairing the sensing data of the attacked sensor.
2. The method of claim 1, wherein the characteristic information of each sensor is input to an attack determination model of the corresponding sensor to determine whether the sensor is an attacked sensor, further comprising:
respectively taking each sensor as a target sensor;
inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor so as to judge whether the characteristic information of the target sensor does not accord with preset autocorrelation;
if so, further inputting the feature information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to judge whether the feature information of the target sensor does not accord with preset cross-correlation;
and if the characteristic information of the target sensor does not accord with the preset cross correlation, determining that the target sensor is the attacked sensor.
3. The method of claim 1, wherein the characteristic information of each sensor is input to an attack determination model of the corresponding sensor to determine whether the sensor is an attacked sensor, further comprising:
Respectively taking each sensor as a target sensor;
inputting the characteristic information corresponding to the target sensor into an autocorrelation judging model of the target sensor to judge whether the characteristic information of the target sensor does not accord with preset autocorrelation, and if so, determining that the target sensor is the attacked sensor; or,
inputting the characteristic information corresponding to the target sensor into the cross-correlation judgment model corresponding to the target sensor to judge whether the characteristic information of the target sensor does not accord with preset cross-correlation, and if so, determining that the target sensor is the attacked sensor.
4. The method according to claim 2 or 3, wherein the inputting the feature information corresponding to the target sensor into the auto-correlation determination model of the target sensor to determine whether the feature information of the target sensor does not conform to the preset auto-correlation further comprises:
obtaining a target autocorrelation matrix of the target sensor based on the corresponding characteristic information of the target sensor;
judging whether the target autocorrelation matrix is consistent with a preset autocorrelation matrix of the target sensor;
If not, judging that the characteristic information of the target sensor does not accord with the preset autocorrelation.
5. The method according to claim 2 or 3, wherein the inputting the feature information corresponding to the target sensor into the cross-correlation determination model corresponding to the target sensor to determine whether the feature information of the target sensor does not conform to a preset cross-correlation further comprises:
obtaining a target cross-correlation matrix of the target sensor based on the characteristic information corresponding to the target sensor and the characteristic information corresponding to at least one other sensor; wherein the other sensor is the sensor having a cross-correlation with the target sensor;
acquiring a preset cross-correlation matrix between the target sensor and the at least one other sensor, and judging whether the target cross-correlation matrix is consistent with the preset cross-correlation matrix;
if not, judging that the characteristic information of the target sensor does not accord with the preset cross correlation.
6. The method of claim 1, wherein the at least one sensor comprises at least one of a position sensor, a lidar sensor, an inertial measurement unit; the sampling period of each sensor is the shortest sampling period of the inertia measurement unit;
And/or the characteristic information is a characteristic vector.
7. The method of claim 1, further comprising constructing the attack determination model by a mathematical modeling algorithm or a machine learning algorithm.
8. The method of claim 1, wherein the repairing the sensor data of the attacked sensor further comprises:
and repairing the sensing data of the attacked sensor by utilizing a modeling method of matrix decomposition.
9. The method of claim 8, wherein the repairing the sensor data of the attacked sensor using a modeling method of matrix factorization further comprises:
establishing a raw sensing signal matrix based on the characteristic information of the attacked sensor and the characteristic information of other sensors, wherein the other sensors are the sensors with cross correlation with the attacked sensor;
building a sensing signal matrix by using the original sensing signal matrix and a matrix completion mathematical model;
decomposing the perceptual signal matrix into at least two multiplied low rank matrices;
and respectively solving the sensing signal matrix by using an alternative direction multiplier method or a block coordinate descent algorithm to obtain the repaired sensing data.
10. A defensive device, the device comprising a memory, a processor and a data acquisition port, the memory and the data acquisition port being respectively coupled with the processor, wherein,
the data acquisition port acquires sensing data fed back by at least one sensor under the control of the processor and outputs the sensing data to the processor;
the memory stores a computer program;
the processor is configured to run the computer program to perform the method of any one of claims 1 to 9.
11. An intelligent system comprising at least one sensor and the defence apparatus of claim 10.
12. A storage medium, characterized in that it stores a computer program executable by a processor, the computer program being adapted to implement the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010519394.7A CN111860139B (en) | 2020-06-09 | 2020-06-09 | Defense method of intelligent system and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010519394.7A CN111860139B (en) | 2020-06-09 | 2020-06-09 | Defense method of intelligent system and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111860139A true CN111860139A (en) | 2020-10-30 |
| CN111860139B CN111860139B (en) | 2024-10-01 |
Family
ID=72987349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010519394.7A Active CN111860139B (en) | 2020-06-09 | 2020-06-09 | Defense method of intelligent system and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111860139B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108280332A (en) * | 2017-12-15 | 2018-07-13 | 阿里巴巴集团控股有限公司 | The biological characteristic authentication recognition detection method, apparatus and equipment of mobile terminal |
| CN109918900A (en) * | 2019-01-28 | 2019-06-21 | 深圳市赛梅斯凯科技有限公司 | Sensor attack detection method, device, equipment and computer readable storage medium |
| US20190260768A1 (en) * | 2018-02-20 | 2019-08-22 | General Electric Company | Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles |
| CN110658807A (en) * | 2019-10-16 | 2020-01-07 | 上海仁童电子科技有限公司 | Vehicle fault diagnosis method, device and system |
-
2020
- 2020-06-09 CN CN202010519394.7A patent/CN111860139B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108280332A (en) * | 2017-12-15 | 2018-07-13 | 阿里巴巴集团控股有限公司 | The biological characteristic authentication recognition detection method, apparatus and equipment of mobile terminal |
| US20190260768A1 (en) * | 2018-02-20 | 2019-08-22 | General Electric Company | Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles |
| CN109918900A (en) * | 2019-01-28 | 2019-06-21 | 深圳市赛梅斯凯科技有限公司 | Sensor attack detection method, device, equipment and computer readable storage medium |
| CN110658807A (en) * | 2019-10-16 | 2020-01-07 | 上海仁童电子科技有限公司 | Vehicle fault diagnosis method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111860139B (en) | 2024-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110136199B (en) | Camera-based vehicle positioning and mapping method and device | |
| US12072705B2 (en) | Intelligent decision-making method and system for unmanned surface vehicle | |
| CN112967283B (en) | Target identification method, system, equipment and storage medium based on binocular camera | |
| WO2020029706A1 (en) | Dummy lane line elimination method and apparatus | |
| CN107833249A (en) | A kind of carrier-borne aircraft landing mission attitude prediction method of view-based access control model guiding | |
| CN112052761A (en) | Method and device for generating confrontation face image | |
| CN106650660A (en) | Vehicle type recognition method and terminal | |
| CN111222441B (en) | Point cloud target detection and blind area target detection method and system based on vehicle-road cooperation | |
| CN113532499B (en) | Sensor security detection method and device for unmanned system and storage medium | |
| Zhang et al. | A object detection and tracking method for security in intelligence of unmanned surface vehicles | |
| CN112037142A (en) | Image denoising method and device, computer and readable storage medium | |
| Li et al. | Topological similarity-based multi-target correlation localization for aerial-ground systems | |
| CN115273005A (en) | Visual navigation vehicle environment perception method based on improved YOLO algorithm | |
| CN114842340A (en) | Robot binocular stereoscopic vision obstacle sensing method and system | |
| Zhao et al. | Environmental perception and sensor data fusion for unmanned ground vehicle | |
| CN113920447A (en) | Ship harbor detection method and device, computer equipment and storage medium | |
| CN111860139A (en) | Defense method of intelligent system and related device | |
| CN115824235B (en) | Lane positioning method, lane positioning device, computer equipment and readable storage medium | |
| WO2021248332A1 (en) | Defense method for intelligent system, and related apparatus | |
| CN111339226B (en) | Method and device for constructing map based on classification detection network | |
| CN114140497A (en) | Target vehicle 3D real-time tracking method and system | |
| CN114119757A (en) | Image processing method, apparatus, device, medium, and computer program product | |
| CN113837270B (en) | Target identification method, device, equipment and storage medium | |
| CN111968157B (en) | Visual positioning system and method applied to high-intelligent robot | |
| Moroni et al. | Curve recognition for underwater wrecks and handmade artefacts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |