Background
Currently, attacks in the V2X network do not exist in real time, and most of the related network defense technologies exist in the form of software, so that the attacks cannot be displayed intuitively, and users cannot fully know the importance of the V2X network security. Therefore, it is an urgent technical problem in the art to develop a visual V2X network security defense method and apparatus, which can effectively overcome the above-mentioned drawbacks in the related art.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a visual V2X network security defense method and equipment.
In a first aspect, an embodiment of the present invention provides a visual V2X network security defense method, including: according to the determined version to be demonstrated, dividing VLAN areas of the video module; and starting an attack program to carry out broadband flow overload on the video module divided with the VLAN area, starting a network defense mechanism, blocking the broadband flow overload, and displaying the blocking process in real time.
On the basis of the content of the above method embodiment, the visual V2X network security defense method provided in the embodiment of the present invention further includes, before the version to be demonstrated according to the determination, that: entering a safety visualization system demonstration box screen of a V2X network, and further entering a video module interface; after the safe visual system demonstration box displays the image, an IP address is obtained in a browser; and entering a gateway management interface through a gateway login interface to determine the version to be demonstrated.
On the basis of the content of the above method embodiment, the visual V2X network security defense method provided in the embodiment of the present invention, where the dividing of the VLAN region for the video module includes: the video module is divided into two VLAN areas, and the two VLAN areas are isolated from each other in communication.
On the basis of the content of the above method embodiment, in the visual V2X network security defense method provided in the embodiment of the present invention, the starting attack procedure performs broadband traffic overload on the video module divided into the VLAN region, and includes: and the attack program carries out broadband flow overload on one VLAN area in the two VLAN areas, and a video module in the VLAN area cannot acquire video information.
On the basis of the content of the embodiment of the method, the visual V2X network security defense method provided in the embodiment of the present invention, where the network defense mechanism is started to block the broadband traffic overload, includes: and starting a network defense mechanism, blocking the broadband flow overload of the VLAN area, and enabling the video module in the VLAN area to acquire the video information again.
On the basis of the content of the above method embodiment, the visual V2X network security defense method provided in the embodiment of the present invention further includes, after the blocking process is shown in real time: and closing a network defense mechanism, and carrying out broadband flow overload on the VLAN area again by the attack program, wherein the video module in the VLAN area can not acquire video information again.
On the basis of the content of the foregoing method embodiment, the visual V2X network security defense method provided in the embodiment of the present invention further includes, after the video module in the VLAN region cannot acquire video information again, that: and closing the attack program, and acquiring the video information again by the video module in the VLAN area.
In a second aspect, an embodiment of the present invention provides a visual V2X network security defense device, including:
the area division module is used for dividing the VLAN area of the video module according to the determined version to be demonstrated;
and the defense display module is used for starting an attack program to carry out broadband flow overload on the video module divided with the VLAN area, starting a network defense mechanism, blocking the broadband flow overload and displaying the blocking process in real time.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, the processor calling the program instructions capable of executing the visual V2X network security defense method provided by any of the various implementations of the first aspect.
In a fourth aspect, embodiments of the present invention provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method for visual V2X network security defense provided in any of the various implementations of the first aspect.
According to the visual V2X network security defense method and device provided by the embodiment of the invention, the video module is subjected to VLAN area division, the video module is distributed into different VLAN areas, the network defense mechanism is matched to block an attack program, and the blocking process is displayed in real time, so that the domain control security of the vehicle-mounted V2X system, the damage effect of the vehicle under network attack and the protection effect after the network defense mechanism is started can be visually displayed.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. In addition, technical features of various embodiments or individual embodiments provided by the present invention may be arbitrarily combined with each other to form a feasible technical solution, and such combination is not limited by the sequence of steps and/or the structural composition mode, but must be realized by a person skilled in the art, and when the technical solution combination is contradictory or cannot be realized, such a technical solution combination should not be considered to exist and is not within the protection scope of the present invention.
The embodiment of the invention provides a visual V2X network security defense method, and referring to FIG. 1, the method comprises the following steps:
101. according to the determined version to be demonstrated, dividing VLAN areas of the video module;
102. and starting an attack program to carry out broadband flow overload on the video module divided with the VLAN area, starting a network defense mechanism, blocking the broadband flow overload, and displaying the blocking process in real time.
It should be noted that the network defense mechanism mainly includes: the firewall is a commonly used defense software in a computer system, can effectively protect an internal network, and intercepts attacks from the outside and malicious plug-ins, so that the computer can have a safe and stable running environment. The method has the main function of establishing an invisible barrier between the internal network of the computer and the Internet, thereby realizing the security protection of the internal network. Firewalls are typically installed at the connection of an intranet to an extranet. The purpose of this is to make all information from outside enter the internal network through the firewall, so that the firewall can screen it to allow some harmless information to pass, and link out some malicious or virus-carrying software. The system can check data among a plurality of networks, and can also track the running state of the networks in real time; the network encryption technology is developed in response to the problem of computing network security, and various power transaction systems based on the internet can appear and can be developed and popularized. Practice proves that the modern society, online shopping and electronic commerce are not rare, and the secure confidential technology opens up another era. It has two encryption modes, one is symmetric encryption and the other is asymmetric encryption. However, with the development of science and technology, the technical level is higher and more perfect, and an effective guarantee is provided for the benefit of people; the intrusion detection technology is mainly a technology for collecting various information from a plurality of systems and resources, the technology can not only realize the acquisition of the information, but also analyze and screen the information, the application of the detection technology improves the probability of finding the attack behavior by the system, if some attack behaviors occur, the system can give an alarm, and the technology can also monitor different users, can identify abnormal behaviors and can analyze and track the behaviors; the network security scanning technology can accurately master security holes in a computer network system, take measures in time and effectively avoid system security risks.
Based on the content of the foregoing method embodiment, as an optional embodiment, the method for defending network security of the visual V2X provided in the embodiment of the present invention, before the version to be demonstrated according to the determination, further includes: entering a safety visualization system demonstration box screen of a V2X network, and further entering a video module interface; after the safe visual system demonstration box displays the image, an IP address is obtained in a browser; and entering a gateway management interface through a gateway login interface to determine the version to be demonstrated.
Specifically, the method comprises the steps of entering a V2X network security visualization system demonstration box screen according to step operation, and finally entering a camera interface; after the power is turned on, the display screen with the demonstration box displays images, a browser is opened, and an IP address 192.168.1.1 is input in an address box; entering a gateway login interface, wherein a user name is as follows: root, password: 1. Clicking a logic to enter a gateway management interface; according To the function type To be demonstrated, a switching button (To extension version under the basic version, To basic version under the extension version and basic version by default) is clicked.
Based on the content of the foregoing method embodiment, as an optional embodiment, the visual V2X network security defense method provided in the embodiment of the present invention, where the dividing of the VLAN region for the video module includes: the video module is divided into two VLAN areas, and the two VLAN areas are isolated from each other in communication.
VLAN divides the main purpose to make different equipment worker work in different fields, after dividing through VLAN, if a certain field is attacked can make it a solitary field and avoid other equipment to receive the influence, represent two equipment with two cameras in the demonstration. Specifically, when the equipment is not operated, two cameras on a screen of the demonstration box can normally communicate, namely the two cameras can normally communicate before being started; and clicking an open switch in the VLAN to open the VLAN division function. After waiting ten seconds, one of the screens displays no signal. The VLAN partition at this time cannot communicate between two different domains. And clicking a close switch in the VLAN to close the VLAN division function. After waiting for ten seconds, the screen without signal returns to normal. The cameras resume connection and the cameras in the same domain (i.e. the specific implementation of the video module in the foregoing embodiment) can communicate with each other.
Based on the content of the foregoing method embodiment, as an optional embodiment, in the visual V2X network security defense method provided in the embodiment of the present invention, the starting attack procedure performs broadband traffic overload on the video module divided into the VLAN region, and includes: and the attack program carries out broadband flow overload on one VLAN area in the two VLAN areas, and a video module in the VLAN area cannot acquire video information.
Specifically, when the device is not yet operated, both cameras of the demonstration box screen can normally communicate (i.e., before the demonstration starts, both cameras are normally used). The notebook computer is opened and the desktop open icon is double clicked. And the attack program can be opened after the password is input. Clicking Attack 1, the tool will Attack according to the preset configuration automatically. Clicking the attach start starts to Attack the device. The straight line represents incoming traffic and the curve represents outgoing traffic, where it can be seen that the curve rises very fast until it reaches the top, indicating that the attack has filled the device bandwidth (i.e., the broadband traffic is overloaded). As the broadband flow is overloaded, one camera is attacked, the connection between the camera and the screen is lost, and no signal is displayed on the screen.
Based on the content of the foregoing method embodiment, as an optional embodiment, the visual V2X network security defense method provided in the embodiment of the present invention, where the network defense mechanism is started to block the broadband traffic overload, includes: and starting a network defense mechanism, blocking the broadband flow overload of the VLAN area, and enabling the video module in the VLAN area to acquire the video information again.
Specifically, an open switch in network defense is clicked, and a defense function is turned on. After several tens of seconds, the image of the camera is displayed on the screen again (namely the attacked camera returns to normal), which indicates that the blocking attack is successful. In particular, the curve has dropped to the same level as the straight line, and it can be seen that the attack is effectively blocked and the bandwidth is restored to be clear.
Based on the content of the foregoing method embodiment, as an optional embodiment, the visual V2X network security defense method provided in the embodiment of the present invention further includes, after the blocking process is shown in real time: and closing a network defense mechanism, and carrying out broadband flow overload on the VLAN area again by the attack program, wherein the video module in the VLAN area can not acquire video information again.
Specifically, a close switch in the network defense is clicked, and the network defense function is closed. After tens of seconds, the camera which is not protected is attacked again, and the connection with the screen is lost.
Based on the content of the foregoing method embodiment, as an optional embodiment, the visual V2X network security defense method provided in the embodiment of the present invention further includes, after the video module in the VLAN region cannot acquire video information again, that: and closing the attack program, and acquiring the video information again by the video module in the VLAN area.
Specifically, clicking the attach stop in the Attack tool closes the Attack program. After tens of seconds, the cameras are connected with the screen again, and both the cameras operate normally.
According to the visual V2X network security defense method provided by the embodiment of the invention, the video module is partitioned into the VLAN areas, the video module is distributed into different VLAN areas, the attack program is blocked by matching with a network defense mechanism, and the blocking process is displayed in real time, so that the domain control security of the vehicle-mounted V2X system, the damage effect of the vehicle under network attack and the protection effect after the network defense mechanism is started can be visually displayed.
The implementation basis of the various embodiments of the present invention is realized by programmed processing performed by a device having a processor function. Therefore, in engineering practice, the technical solutions and functions thereof of the embodiments of the present invention can be packaged into various modules. Based on the actual situation, on the basis of the above embodiments, the embodiments of the present invention provide a visual V2X network security defense apparatus, which is used to execute the visual V2X network security defense method in the above method embodiments. Referring to fig. 2, the apparatus includes:
the area division module 201 is used for dividing the video module into VLAN areas according to the determined version to be demonstrated;
the defense display module 202 is used for starting an attack program to carry out broadband traffic overload on the video module divided with the VLAN area, starting a network defense mechanism to block the broadband traffic overload, and displaying the blocking process in real time.
The visual V2X network security defense device provided by the embodiment of the invention adopts the area division module and the defense display module, allocates the video module to different VLAN areas by dividing the video module into the VLAN areas, then blocks an attack program by matching with a network defense mechanism, and displays the blocking process in real time, so that the domain control security of the vehicle-mounted V2X system, the damage effect of the vehicle under network attack and the protection effect after the network defense mechanism is started can be visually displayed.
It should be noted that, the apparatus in the apparatus embodiment provided by the present invention may be used for implementing methods in other method embodiments provided by the present invention, except that corresponding function modules are provided, and the principle of the apparatus embodiment provided by the present invention is basically the same as that of the apparatus embodiment provided by the present invention, so long as a person skilled in the art obtains corresponding technical means by combining technical features on the basis of the apparatus embodiment described above, and obtains a technical solution formed by these technical means, on the premise of ensuring that the technical solution has practicability, the apparatus in the apparatus embodiment described above may be modified, so as to obtain a corresponding apparatus class embodiment, which is used for implementing methods in other method class embodiments. For example:
based on the content of the above device embodiment, as an optional embodiment, the visual V2X network security defense device provided in the embodiment of the present invention further includes: and the VLAN module is used for dividing the video module into two VLAN areas, and the two VLAN areas are isolated from each other in communication.
Based on the content of the above device embodiment, as an optional embodiment, the visual V2X network security defense device provided in the embodiment of the present invention further includes: and the flow overload module is used for carrying out broadband flow overload on one VLAN area in the two VLAN areas by an attack program, and the video module in the VLAN area can not acquire video information.
Based on the content of the above device embodiment, as an optional embodiment, the visual V2X network security defense device provided in the embodiment of the present invention further includes: and the blocking module is used for starting a network defense mechanism, blocking the broadband flow overload of the VLAN area, and the video module in the VLAN area acquires the video information again.
Based on the content of the above device embodiment, as an optional embodiment, the visual V2X network security defense device provided in the embodiment of the present invention further includes: and the network defense mechanism closing module is used for closing the network defense mechanism, the attack program carries out broadband flow overload on the VLAN area again, and the video module in the VLAN area can not acquire video information again.
Based on the content of the above device embodiment, as an optional embodiment, the visual V2X network security defense device provided in the embodiment of the present invention further includes: and the attack program closing module is used for closing the attack program, and the video module in the VLAN area acquires the video information again.
The method of the embodiment of the invention is realized by depending on the electronic equipment, so that the related electronic equipment is necessarily introduced. To this end, an embodiment of the present invention provides an electronic apparatus, as shown in fig. 3, including: at least one processor (processor)301, a communication Interface (Communications Interface)304, at least one memory (memory)302 and a communication bus 303, wherein the at least one processor 301, the communication Interface 304 and the at least one memory 302 are configured to communicate with each other via the communication bus 303. The at least one processor 301 may invoke logic instructions in the at least one memory 302 to perform all or a portion of the steps of the methods provided by the various method embodiments described above.
Furthermore, the logic instructions in the at least one memory 302 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the method embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. Based on this recognition, each block in the flowchart or block diagrams may represent a module, a program segment, or a portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In this patent, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.