CN112083710B - Vehicle-mounted network CAN bus node monitoring system and method - Google Patents
Vehicle-mounted network CAN bus node monitoring system and method Download PDFInfo
- Publication number
- CN112083710B CN112083710B CN202010920524.8A CN202010920524A CN112083710B CN 112083710 B CN112083710 B CN 112083710B CN 202010920524 A CN202010920524 A CN 202010920524A CN 112083710 B CN112083710 B CN 112083710B
- Authority
- CN
- China
- Prior art keywords
- bus
- node
- monitor
- transceiver
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 35
- 238000000034 method Methods 0.000 title claims abstract description 8
- 238000002955 isolation Methods 0.000 claims abstract description 21
- 230000006870 function Effects 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 230000008878 coupling Effects 0.000 claims description 4
- 238000010168 coupling process Methods 0.000 claims description 4
- 238000005859 coupling reaction Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 6
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 229910052802 copper Inorganic materials 0.000 description 2
- 239000010949 copper Substances 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 241000272194 Ciconiiformes Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 229920005994 diacetyl cellulose Polymers 0.000 description 1
- 239000012212 insulator Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000011241 protective layer Substances 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
Abstract
The invention discloses a vehicle-mounted network CAN bus node monitoring system and a method, wherein the system monitoring frame structure is independently coupled, a monitoring channel of a bus monitor is connected to a CAN bus, a feedback channel is connected to a corresponding monitoring node and a transceiver thereof, and one monitor CAN monitor a plurality of bus nodes of the same type at the same time. When the monitor monitors that the node which transmits the message fails, the monitor transmits an error isolation instruction to the node which transmits the message i and the CAN transceiver, blocks the message which is transmitted to the CAN bus by the failure node ECU, and prevents more error node messages from being transmitted to the bus. The system has simple architecture and low system cost, and one monitor can monitor a plurality of nodes of the same type at the same time; the system adopts a logic framework of feedback circulation, monitors CAN nodes through the monitor, controls the working mode of the fault node, reduces the influence of the fault node with failure on the whole system, and has stronger detection capability.
Description
Technical Field
The invention relates to a fault detection system and a fault detection method, in particular to a vehicle-mounted network CAN bus node monitoring system.
Background
With the development of information technology, modern automobiles are increasingly in need of sensors with Electronic Control Units (ECU). There are now approximately 50-100 ECUs deployed on the vehicle, which are no longer isolated from the outside. In practice, each ECU is assigned several functions and is connected via a CAN bus system. The CAN protocol is the most commonly used protocol in the automobile industry, has the advantages of high response speed, good transmission reliability and the like, allows an ECU to send and share messages to control a vehicle through a bus system of the ECU, and simultaneously ensures the predictability of time and the fault tolerance of communication. The main design disadvantage of CAN buses is that CAN does not support security protocols or mechanisms to ensure message confidentiality and integrity by design. The safety problem of the CAN bus has attracted considerable attention in industry and academia. Furthermore, the increased external connection to the on-board control network exacerbates the interference potential of such attacks. By injecting malicious CAN messages through these ports, an attacker may deliberately cause a failure of a series of components, which attacks are mainly achieved by injecting into the CAN bus network from the connection port. For a long time, the trigger system cannot detect a node failure (baseband errors), which is mainly caused by hardware faults or instantaneous interference, and the host computer with the failure CAN command the CAN transceiver to continuously send messages. The wrong node erroneously consumes additional resources in the system and the maximum impact of undetected faults is bounded. If the node sends the message incorrectly, a commit failure occurs if no result should be generated.
Aiming at the problems, the design and development of the vehicle-mounted network CAN bus node monitoring system are used for monitoring node failure in the CAN bus. The monitor and the nodes are mutually and independently connected on the CAN bus, the monitor monitors messages on the bus, judges whether the nodes fail or not through the monitored message parameters, if the nodes have faults, feeds back error isolation instructions to the nodes and the CAN transceiver, and the nodes enter a silence mode, detect errors and correct the errors. After the repair, a request instruction is sent to the monitor, the monitor sends an isolation removing instruction, and the node is restored to a normal state. The system is specially applied to the CAN protocol to prevent the fault node which sends the message frame too frequently from affecting the CAN bus. The overhead of including the impact of undetected frames in the worst case response time analysis is small enough to be of practical value.
Disclosure of Invention
The invention aims to: the invention aims to provide a vehicle-mounted network CAN bus node monitoring system and method which are simple in structure, low in cost and high in detection capability.
The technical scheme is as follows: the invention relates to a vehicle-mounted network CAN bus node monitoring system which is characterized by comprising a bus node ECU, a bus monitor, a CAN transceiver and a CAN bus;
the bus node ECU comprises a microcontroller and a CAN controller, and the CAN controller is connected with the bus monitor through a feedback channel; the microcontroller provides a differential receiving function for the CAN bus;
the bus monitor is connected with the bus node ECU and the transceiver thereof through a feedback channel, is connected with the physical bus through a monitoring channel, and is used for monitoring whether a message node sent to the CAN bus fails or not and sending an error isolation instruction to the failure node and the CAN transceiver when the failure occurs; after the node failure is removed, the node and the transceiver send a request working instruction to the monitor, and the monitor sends an error isolation removing instruction;
the CAN transceiver is an interface between a bus node and a physical bus, is connected with a bus monitor through a feedback channel, converts binary code stream and differential signals, realizes logic level and dominant and recessive conversion, and provides differential transmitting and receiving functions for the CAN bus.
The monitor adopts an independent coupling architecture, and an independent clock is arranged inside the monitor.
When a plurality of nodes are arranged on the CAN bus, the monitor is connected with the nodes at the same physical position, and the monitor CAN monitor a plurality of nodes of the same type at the same time.
The CAN controller is used for receiving and transmitting standard frame and extended frame information, receiving FIFO 64 bytes, single/double acceptance filter in standard and extended formats, mask and code register, error counter of read/write access, programmable error limit alarm.
The model of the CAN controller is SJA1000. The CAN transceiver model is TJA1050.
The invention relates to a vehicle-mounted network CAN bus monitoring method which is characterized by comprising the following steps of:
(1) The monitor collects the following characteristic parameters of the CAN bus in real time: worst case response time R for message i triggering i Known minimum inter-arrival time T between trigger events i Earliest receivable value S of monitor i Message expiration time E i The method comprises the steps of carrying out a first treatment on the surface of the Worst case: all higher priority messages are queued simultaneously (creating maximum interference) and the moment in time when the longest lower priority message just starts (imposing maximum blocking). This event refers to the instance of the message being sent, i.e., the data frame.
(2) Preset threshold G i :G 0 =-∞,G i+1 =max(G i ,E i -R) +T, wherein G i Calculate threshold for message i, G i+1 For a calculated threshold of message i+1, i=0, 1,2 … … N;
(3) Monitor comparison E i And G i Size, e.g. G i ≤E i ≤G i When +R, the monitored node works normally, otherwise, the node fails, and an error isolation instruction is sent to the node sending the message i and the CAN transceiver;
(4) After receiving the error isolation instruction, the CAN transceiver blocks a message sent to a CAN bus by a bus node ECU;
(5) When the node in the step (3) receives the error isolation instruction, the node is converted into a silent mode, the error of the node is found and corrected, after the node is corrected, the corrected node and the transceiver send a request instruction to the monitor, the monitor sends an isolation removing instruction again, and the corrected node realizes normal operation;
(6) And (3) adding one to the value of i, and repeating the steps (3) - (5) until all messages are monitored, namely, until i=n.
The beneficial effects are that: compared with the prior art, the invention has the following remarkable advantages:
the system has simple architecture, and is easy to install and use for a large number of CAN bus nodes; the system has low cost, one monitor CAN monitor a plurality of nodes of the same type at the same time, the device of the whole system adopts common equipment, and the cost of a relatively large number of CAN nodes is low; the system adopts a logic framework of feedback loop, the CAN node is detected through the monitor, the working mode of the fault node is controlled, the influence of the fault node with failure on the whole system is reduced, and the detection capability is high.
Drawings
FIG. 1 is a block diagram of an architecture of the present invention;
fig. 2 is a flow chart of the operation of the present invention.
Detailed Description
The technical scheme of the invention is further described below with reference to the accompanying drawings.
The invention relates to a vehicle-mounted network CAN bus monitoring system which comprises a bus node ECU 2, a bus monitor 1, a CAN transceiver 3, a CAN bus 4, a feedback channel 5 and a monitoring channel 6.
The bus node ECU 2 is composed of a microcontroller and a CAN controller. The microcontroller provides a differential receiving function, and adopts a C8051F020 singlechip, is a fully integrated mixed signal system level MCU chip and is provided with 64 digital I/O pins. The system comprises an 8051 compatible CIP-51 kernel (up to 25 MIPS) with a high-speed and pipeline structure, a full-speed and non-invasive system debugging interface, an 8-channel ADC with PGA and an analog multiway switch, an 8-bit 500-ksps ADC with PGA and an 8-channel analog multiway switch, two 12-bit DACs, a FLASH memory with a programmable data updating mode, 64K bytes and 4352 (4096+256) bytes of on-chip RAM. The CAN controller adopts SJA1000, the SJA1000 is an independent controller used for area network Control (CAN) in a moving object and a general industrial environment, is a substitute product of PHILIPS semiconductor PCA82C200 CAN controller BasicCAN and adds a new working mode PelicAN, and the mode supports CAN 2.0B protocol with a plurality of new characteristics. It has the following functions: the reception and transmission of standard frame and extended frame information, the reception FIFO 64 bytes, the single/double acceptance filter in both standard and extended formats, mask and code registers, error counters for read/write access, programmable error limit alarms. Fig. 1 is a block diagram of a CAN node monitoring architecture.
The bus monitor 1 is connected with the bus node ECU and the transceiver through a feedback channel 5, is connected with the physical bus through a monitoring channel 6, and is used for detecting the fault condition of each node connected to the bus and sending an error isolation instruction to the CAN transceiver when the fault occurs, so as to protect the bus from the influence of a failure node connected to the bus. The bus guardian 1 isolates the nodes in the event of a failure, limiting node communication by "network connection controller". The bus guardian will shut down the node to prevent the failed node from interfering with the proper operation of other nodes in the system. A monitoring algorithm based on the CAN bus characteristics is adopted in the bus monitor. The system monitoring architecture adopts an independent coupling architecture, so that the independence of the nodes and the monitors can be maintained under the condition of accurately monitoring the error nodes, the safety of a bus is ensured, and the independence of the system is ensured. The monitor and node have independent clocks to prevent the fast/slow clocks from becoming a common failure mode. For a system with a wide distribution of nodes, the monitors are directly connected to nodes in the same physical location, so one monitor is needed for each "cluster". Compared with a closely coupled monitoring architecture, the monitor is smaller than the number of nodes, and the overhead of a system is saved. The advantages of node and monitor independence are clear in this architecture, the monitor playing a passive role in the network, but if it detects a node error, it can turn off/disable the node it is monitoring.
The CAN transceiver 3 is an interface between a CAN protocol controller and a physical bus (twisted pair) and is respectively connected with the bus monitor 2 and the CAN bus 4 and is used for receiving and transmitting instructions of the monitor, converting binary code streams and differential signals, realizing logic level and dominant and recessive conversion and providing differential transmission functions for the CAN bus. The CAN transceiver model adopts TJA1050, the design of the TJA1050 adopts advanced silicon-on-insulator SOI technology for processing, and the latest EMC technology, so the TJA1050 has excellent EMC performance, the TJA1050 does not provide a standby mode, and the device has passive characteristics in a non-power-on environment. The microcontroller, the CAN controller and the CAN transceiver form a CAN bus node ECU.
The CAN bus 4 adopts a common twisted pair, which is a transmission medium most commonly used in comprehensive wiring engineering and consists of two copper wires with insulating protective layers. Two insulated copper wires are twisted together according to a certain density, and the electric wave radiated by each wire in transmission can be counteracted by the electric wave emitted by the other wire, so that the degree of signal interference is effectively reduced.
The following further specifically describes the working process of the system according to the overall architecture diagram and the working flow chart of the vehicle-mounted network CAN bus monitoring system:
(1) The bus monitor is connected to the bus as a completely independent node, and the monitoring system monitors the CAN bus node by adopting an independent coupling architecture. The monitor collects the following characteristic parameters of the CAN bus in real time: worst case response time R for message i triggering i The known minimum inter-arrival time between trigger events, ti, the earliest acceptable value of the monitor, S i Message expiration time E i 。
(2) Preset threshold G i :G 0 =-∞,G i+1 =max(G i ,E i -R) +T, wherein G i Calculate threshold for message i, G i+1 For a calculated threshold of message i+1, i=0, 1,2 … … N;
(3) Monitor comparison E i And G i Size, e.g. G i ≤E i ≤G i When +R, the monitored node works normally, otherwise, the node fails, and an error isolation instruction is sent to the node sending the message i and the CAN transceiver;
(4) After receiving the error isolation instruction, the CAN transceiver blocks a message sent to a CAN bus by a bus node ECU;
(5) And (3) when the node in the step (3) receives the error isolation instruction, the node is converted into a silent mode, and the error of the node is found out and corrected. After correction, the node resumes normal mode and retransmits the message. The node sends a request instruction to the monitor, and the monitor receives the request instruction and then sends the request instruction to the CAN transceiver to remove the isolation instruction. After the CAN transceiver receives the isolation removing instruction, the CAN transceiver normally receives and transmits the message, so that information transmission between the node ECU and the CAN bus is realized.
(6) And (3) adding one to the value of i, and repeating the steps (3) - (5) until all messages are monitored, namely, until i=n.
Claims (6)
1. The vehicle-mounted network CAN bus node monitoring system is characterized by comprising a bus node ECU, a bus monitor, a CAN transceiver and a CAN bus;
the bus node ECU comprises a microcontroller and a CAN controller, and the CAN controller is connected with the bus monitor through a feedback channel; the microcontroller provides a differential receiving function for the CAN bus;
the bus monitor is connected with the bus node ECU and the transceiver thereof through a feedback channel, is connected with the physical bus through a monitoring channel, and is used for monitoring whether a message node sent to the CAN bus fails or not and sending an error isolation instruction to the failure node and the CAN transceiver when the failure occurs; after the node failure is removed, the node and the transceiver send a request instruction to the monitor, and the monitor sends an error isolation removing instruction;
the CAN transceiver is an interface between a bus node and a physical bus, is connected with the bus monitor through a feedback channel, and is used for converting binary code stream and differential signals, so that logic level, dominant and recessive conversion is realized, and differential transmitting and receiving functions are provided for the CAN bus;
the method for realizing the monitoring of the CAN bus node of the vehicle-mounted network by using the system comprises the following steps:
(1) The monitor collects the following characteristic parameters of the CAN bus in real time: worst case response time R for message i triggering i Known minimum inter-arrival time T between trigger events i Earliest receivable value S of monitor i Message expiration time E i ;
(2) Preset threshold G i :G 0 =-∞,G i+1 =max(G i ,E i -R i )+T i Wherein G is i Calculate threshold for message i, G i+1 For a calculated threshold of message i+1, i=0, 1,2 … … N;
(3) Monitor comparison E i And G i Size, e.g. G i ≤E i ≤G i +R i When the monitored node works normally, otherwise, the node fails, and an error isolation instruction is sent to the node sending the message i and the CAN transceiver;
(4) After receiving the error isolation instruction, the CAN transceiver blocks a message sent to a CAN bus by a bus node ECU;
(5) When the node in the step (3) receives the error isolation instruction, the node is converted into a silent mode, the error of the node is found and corrected, after the node is corrected, the corrected node and the transceiver send a request instruction to the monitor, the monitor sends an isolation removing instruction again, and the corrected node realizes normal operation;
(6) And (3) adding one to the value of i, and repeating the steps (3) - (5) until all messages are monitored, namely, until i=n.
2. The vehicle-mounted network CAN bus node monitoring system of claim 1, wherein the system monitoring framework adopts an independent coupling architecture, and an independent clock is arranged inside the system monitoring framework.
3. The system of claim 1, wherein the monitor is connected to nodes in a same physical location when there are a plurality of nodes on the CAN bus, and the monitor monitors a plurality of nodes of a same type simultaneously.
4. The on-board network CAN bus node monitoring system of claim 1 wherein the CAN controller is configured to receive and transmit standard and extended frame information, receive FIFO 64 bytes, have single/double acceptance filters in both standard and extended formats, mask and code registers, error counters for read/write access, programmable error limit alarms.
5. The on-board network CAN bus node monitoring system of claim 1, wherein the CAN controller model is SJA1000.
6. The on-board network CAN bus node monitoring system of claim 1, wherein the CAN transceiver model is TJA1050.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010920524.8A CN112083710B (en) | 2020-09-04 | 2020-09-04 | Vehicle-mounted network CAN bus node monitoring system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010920524.8A CN112083710B (en) | 2020-09-04 | 2020-09-04 | Vehicle-mounted network CAN bus node monitoring system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112083710A CN112083710A (en) | 2020-12-15 |
| CN112083710B true CN112083710B (en) | 2024-01-19 |
Family
ID=73731956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010920524.8A Active CN112083710B (en) | 2020-09-04 | 2020-09-04 | Vehicle-mounted network CAN bus node monitoring system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112083710B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102077514A (en) * | 2008-06-27 | 2011-05-25 | 空中客车作业有限公司 | Method for detecting a faulty node |
| CN105051692A (en) * | 2013-01-09 | 2015-11-11 | 微软技术许可有限责任公司 | Automated failure handling through isolation |
| CN108063687A (en) * | 2017-12-12 | 2018-05-22 | 北京时代民芯科技有限公司 | Malfunctioning node determination method in a kind of CAN bus network |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100341283C (en) * | 2005-03-24 | 2007-10-03 | 袁光辉 | On vehicle network central control unit and its managing and controlling method for on-vehicle network |
| CN205405253U (en) * | 2016-03-01 | 2016-07-27 | 南京越博动力系统股份有限公司 | Vehicle failure detecting system based on on -vehicle CAN network |
| US10884966B2 (en) * | 2018-12-04 | 2021-01-05 | Palo Alto Research Center Incorporated | Method and apparatus to prevent a node device from transmitting an unallowable message onto a CAN bus |
| CN110843705A (en) * | 2019-10-29 | 2020-02-28 | 柳州铁道职业技术学院 | Vehicle-mounted CAN bus monitoring system |
-
2020
- 2020-09-04 CN CN202010920524.8A patent/CN112083710B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102077514A (en) * | 2008-06-27 | 2011-05-25 | 空中客车作业有限公司 | Method for detecting a faulty node |
| CN105051692A (en) * | 2013-01-09 | 2015-11-11 | 微软技术许可有限责任公司 | Automated failure handling through isolation |
| CN108063687A (en) * | 2017-12-12 | 2018-05-22 | 北京时代民芯科技有限公司 | Malfunctioning node determination method in a kind of CAN bus network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112083710A (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190052654A1 (en) | Systems And Methods For Neutralizing Masquerading Attacks In Vehicle Control Systems | |
| CN109104352B (en) | Vehicle network operation protocol and method | |
| WO2014209668A1 (en) | Increasing communication safety by preventing false packet acceptance in high-speed links | |
| US11677779B2 (en) | Security module for a can node | |
| US20040098482A1 (en) | Hub unit for preventing the spread of viruses, method and program therefor | |
| US8209594B2 (en) | Sending device, receiving device, communication control device, communication system, and communication control method | |
| US11888866B2 (en) | Security module for a CAN node | |
| US11010323B2 (en) | Apparatuses and methods involving disabling address pointers | |
| EP2985955B1 (en) | Controller area network (can) device and method for emulating classic can error management | |
| US11463198B2 (en) | Security module for a serial communications device | |
| US11119969B2 (en) | Communication system and communication control method | |
| CN112583786B (en) | Method for alarming, transmitter device and receiver device | |
| CN112083710B (en) | Vehicle-mounted network CAN bus node monitoring system and method | |
| CN111726288B (en) | Real-time data transmission and recovery method and system for power secondary equipment | |
| CN104468301A (en) | Safety output method based on MVB communication | |
| CN111522757A (en) | I2C bus-based interrupt reading and clearing control method | |
| EP3726813B1 (en) | Control of ethernet link-partner gpio using oam | |
| CN112052113B (en) | Communication link layer message single event effect fault tolerance method and device | |
| CN114884767A (en) | Synchronous dual-redundancy CAN bus communication system, method, equipment and medium | |
| US6487679B1 (en) | Error recovery mechanism for a high-performance interconnect | |
| Wang et al. | Anomaly information detection and fault tolerance control method for CAN-FD bus network | |
| EP4344150A1 (en) | Controller area network system and a method for the system | |
| JPWO2020090034A1 (en) | Processing equipment | |
| US20230231737A1 (en) | Controller area network module and method for the module | |
| EP4068721B1 (en) | Controller area network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |