CN112084185B - Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning - Google Patents
Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning Download PDFInfo
- Publication number
- CN112084185B CN112084185B CN202010979175.7A CN202010979175A CN112084185B CN 112084185 B CN112084185 B CN 112084185B CN 202010979175 A CN202010979175 A CN 202010979175A CN 112084185 B CN112084185 B CN 112084185B
- Authority
- CN
- China
- Prior art keywords
- electronic control
- data set
- vehicle
- control unit
- damaged
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/0205—Diagnosing or detecting failures; Failure detection models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2474—Sequence data queries, e.g. querying versioned data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
- G06F30/27—Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Abstract
The invention discloses a damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning, which comprises the following steps of 1: preprocessing data to obtain a plurality of preprocessed data sets; and 2, step: sequence extraction, namely processing each preprocessed data set A to generate a data set B, and carrying out full-arrangement on the data set B to obtain a mode sequence; and step 3: and (4) attack identification, namely comparing the read sequence with the pattern sequence, marking the attack sequence, and simultaneously marking the corresponding electronic control unit as damaged. The invention has better identification accuracy than the existing intrusion detection method based on the clock no matter the intrusion detection method is divided by speed or attack type.
Description
Technical Field
The invention relates to a damaged electronic control unit positioning method of vehicle-mounted edge equipment based on association learning, and belongs to the field of industrial Internet of things safety.
Background
In modern vehicles, the use of sensors and Electronic Control Units (ECUs) provides the driver with intelligence and convenience, and enables autopilot. However, an attack on modern vehicles by intelligent electronic devices seriously threatens driving safety. An attack message is injected into the vehicle through a wireless channel and is connected to a Controller Area Network (CAN) bus of the vehicle, so that an attacker CAN control the vehicle and make the vehicle leave a safe operation mode. Therefore, it is critical that rapid, efficient forensics and accurate security repairs be made against these security threats.
Many methods of defending against vehicle attacks have been proposed and have identified attacks as the basis for accurate defense. Attack identification can accurately detect an attack in a vehicle, but if it is not known which Electronic Control Unit (ECU) is damaged, the corresponding Electronic Control Unit (ECU) cannot be precisely isolated or repaired, and the vehicle remains in an unsafe state. It is worth mentioning that isolating or repairing the Electronic Control Units (ECUs) that are definitely damaged is more economical than blindly, simply considering all the Electronic Control Units (ECUs) as damaged, and implementing the isolation or repair of these Electronic Control Units (ECUs).
Currently available damaged Electronic Control Unit (ECU) identification algorithms have certain deficiencies. One of the algorithms for identifying a damaged Electronic Control Unit (ECU) uses the intervals of onboard messages to detect intrusion and locate the damaged Electronic Control Unit (ECU) through accumulation and analysis. However, the algorithm has a problem of cycle dependency, and if attack messages are injected irregularly, the algorithm cannot be used for identification and location of a damaged Electronic Control Unit (ECU). Another algorithm identifies a damaged Electronic Control Unit (ECU) on a Controller Area Network (CAN) bus through voltage measurements. The algorithm requires complex and accurate measurements and the vehicle user needs to upload their private data to a third party data center.
Disclosure of Invention
In order to solve the technical defects in the prior art, the invention provides a damaged Electronic Control Unit (ECU) positioning method of vehicle-mounted edge equipment based on associated learning, which avoids complex measurement and periodic dependence, realizes edge calculation and accurately identifies a damaged Electronic Control Unit (ECU).
The invention mainly adopts the technical scheme that:
a damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning comprises the following specific steps:
step 1: data preprocessing, namely marking known electronic control units by adopting an ascending state and a descending state respectively, recording state catastrophe points, and obtaining a plurality of preprocessing data sets, wherein the preprocessing data sets comprise: recording state catastrophe points, IDs (identity) of all known electronic control units, state numbers and timestamps, wherein each preprocessing data set which is not attacked is recorded as a preprocessing data set A;
step 2, sequence extraction, namely sequencing the state numbers of the electronic control units ID in each preprocessed data set A from small to large and deleting repeated data to generate a data set B, carrying out full arrangement on the data set B, calculating the occurrence frequency of each arrangement result, deleting the arrangement results of which the occurrence frequency is smaller than the support degree according to the support degree, and taking the rest arrangement results as mode sequences;
and step 3: and (3) attack identification, namely traversing and reading sequences of all the attacked preprocessed data sets, comparing the currently read sequences with the mode sequences extracted in the step (2), if the currently read sequences are not in the mode sequences, marking the sequences as attacks, and simultaneously marking the corresponding electronic control units as damaged.
Preferably, the support degree in step 2 is a specific number of occurrences, and the calculation process is as follows: counting the occurrence times of each electronic control unit in the preprocessed data set A, then performing ascending arrangement according to the occurrence times, deleting repeated data and zero-value data to obtain a data set C, and expressing the data set C as { C | C ═ a1,…,aiAnd f, wherein i is the number of elements in the data set C, and the value of the support degree is ajAnd j is 0.05 × i.
Preferably, the pattern sequence obtained in step 2 is optimized, and in each time slot with the length of T, deep learning is realized by iterating the following steps to obtain a damaged electronic control unit positioning model, and the specific process is as follows:
s1: an edge calculation center in the vehicle-mounted edge device distributes the model parameters to a plurality of vehicles;
s2: each vehicle receiving the model parameters updates the model parameter values using local data on its on-board computer system;
s3: each vehicle receiving the model parameters transmits the updated model parameter values to the edge calculation center;
s4: and the edge calculation center collects the received model parameters, calculates the loss function of the deep learning model according to the updated model parameters, enables the loss function to be the minimum and serves as the current updated positioning model until the iteration times are met or the positioning model reaches certain precision, and returns to the step S1 to continue iterative optimization learning if the loss function is the minimum.
Has the beneficial effects that: the invention provides a damaged electronic control unit positioning method based on associated learning for vehicle-mounted edge equipment, which is superior to the existing intrusion detection method based on a clock in identification accuracy rate no matter whether the damaged electronic control unit is divided by speed or attack type.
Drawings
FIG. 1 is a schematic diagram of the optimization of the localization model according to the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
A damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning comprises the following specific steps:
step 1: data preprocessing, namely marking known electronic control units by adopting an ascending state and a descending state respectively, recording state catastrophe points, and obtaining a plurality of preprocessing data sets, wherein the preprocessing data sets comprise: recording state catastrophe points, IDs (identity) of all known electronic control units, state numbers and timestamps, wherein each preprocessing data set which is not attacked is recorded as a preprocessing data set A;
step 2, sequence extraction, namely sequencing the state numbers of the electronic control units ID in each preprocessed data set A from small to large and deleting repeated data to generate a data set B, carrying out full arrangement on the data set B, calculating the occurrence frequency of each arrangement result, deleting the arrangement results of which the occurrence frequency is smaller than the support degree according to the support degree, and taking the rest arrangement results as mode sequences; in the present invention, the sequence extraction is performed on each preprocessed data set a, and all the sequences extracted from the preprocessed data sets a are integrated into one file for comparison with the extracted sequence in step 3.
And step 3: and (3) attack identification, namely traversing and reading sequences (namely segmenting all the attacked preprocessed data sets into sequences with the length of 2) for all the attacked preprocessed data sets, comparing the currently read sequences with the mode sequences extracted in the step (2), if the currently read sequences are not in the mode sequences, marking the sequences as attacks, and simultaneously marking the corresponding electronic control units as damaged.
Preferably, the support degree in step 2 is a specific number of occurrences, and the calculation process is as follows: counting the occurrence times of each electronic control unit in the preprocessed data set A, then performing ascending arrangement according to the occurrence times, deleting repeated data and zero-value data to obtain a data set C, and expressing the data set C as { C | C ═ a1,…,aiAnd f, wherein i is the number of elements in the data set C, and the value of the support degree is ajAnd j is 0.05 × i.
In the present invention, the reason for setting the support value is: when j is 0.05 × i, j is 0.1 × i, j is 0.2 × i, and j is 0.5 × i, the accuracy of attack recognition is: 0.9308, 0.9270, 0.9256, and 0.9256. According to the comparison result, the accuracy is highest when j is 0.05 × i.
Preferably, the pattern sequence obtained in step 2 is optimized, and in each time slot with the length of T, deep learning is realized by iterating the following steps to obtain a damaged electronic control unit positioning model, and the specific process is as follows:
s1: an edge calculation center in the vehicle-mounted edge device distributes the model parameters to a plurality of vehicles;
s2: each vehicle receiving the model parameters updates the model parameter values using local data on its on-board computer system;
s3: each vehicle receiving the model parameters transmits the updated model parameter values to the edge calculation center;
s4: the edge calculation center collects the received model parameters, calculates the loss function of the deep learning model according to the updated model parameters, and enables the minimum loss function to serve as the current updated positioning model until the iteration times are met or the positioning model reaches a certain precision (the precision can be set according to actual requirements), and if not, returns to the step S1 to continue iterative optimization learning.
Comparative experiment 1: the positioning model and the intrusion detection method based on the clock are adopted to identify the same vehicle attack at different speeds, the identification accuracy of the positioning model and the intrusion detection method is calculated, and the result is shown in table 1. Wherein, the calculation formula of the accuracy is as follows:
wherein TP is true positive: the actual value is "attack", and the calculated value is "attack"; FP was false positive: the actual value is "normal", and the calculated value is "attack"; TN is true negative: the actual value is "normal", the calculated value is "normal"; FN was false negative: the actual value is "attack" and the calculated value is "normal".
TABLE 1 recognition accuracy of two recognition methods under different vehicle speeds
As can be seen from the table 1, compared with the intrusion detection method based on the clock, the identification accuracy of the method is improved by 41.5% when the vehicle speed is 0 km/h; when the vehicle speed is 20km/h, the identification accuracy is improved by 60.7%; when the vehicle speed is 40km/h, the identification accuracy is improved by 96.7%; when the vehicle speed is 60km/h, the identification accuracy is improved by 48.0 percent; when the vehicle speed is 80km/h, the identification accuracy is improved by 64.1 percent.
Comparative experiment 2: four different vehicle attacks (toyota Camry) are identified under the same vehicle speed environment by adopting the positioning model and the clock-based intrusion detection method, and the identification accuracy results are shown in Table 2:
TABLE 2 identification accuracy of two identification methods for different vehicle attack types
As can be seen from the table 2, compared with the intrusion detection method based on the clock, the identification accuracy of the diagnosis attack is improved by 8.2 percent; the identification accuracy of the fuzzy attack is improved by 50.4%; the recognition accuracy of the replay attack is improved by 13.3%; the identification accuracy of the spoofing attack is improved by 25.6%. The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (2)
1. A damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning is characterized by comprising the following specific steps:
step 1: data preprocessing, namely marking known electronic control units by adopting an ascending state and a descending state respectively, recording state catastrophe points, and obtaining a plurality of preprocessing data sets, wherein the preprocessing data sets comprise: recording state catastrophe points, IDs (identity) of all known electronic control units, state numbers and timestamps, wherein each preprocessing data set which is not attacked is recorded as a preprocessing data set A;
step 2, sequence extraction, namely sequencing the state numbers of the electronic control units ID in each preprocessed data set A from small to large and deleting repeated data to generate a data set B, carrying out full arrangement on the data set B, and calculating the output of each arrangement resultAnd deleting the arrangement result with the occurrence frequency smaller than the support degree according to the support degree, wherein the rest arrangement result is the mode sequence, the support degree is a specific occurrence frequency, and the calculation process is as follows: counting the occurrence times of each electronic control unit in the preprocessed data set A, then performing ascending arrangement according to the occurrence times, deleting repeated data and zero-value data to obtain a data set C, and expressing the data set C as { C | C ═ a1,…,aiAnd f, wherein, i is the number of elements in the data set C, and the value of the support degree is ajAnd j is 0.05 × i;
and 3, step 3: and (3) attack identification, namely traversing and reading sequences of all the attacked preprocessed data sets, comparing the currently read sequences with the mode sequences extracted in the step (2), if the currently read sequences are not in the mode sequences, marking the sequences as attacks, and simultaneously marking the corresponding electronic control units as damaged.
2. The damaged electronic control unit positioning method based on association learning of vehicle-mounted edge equipment according to claim 1, wherein the pattern sequence obtained in the step 2 is optimized, and in each time slot with the length of T, deep learning is realized by iterating the following steps to obtain a damaged electronic control unit positioning model, and the specific process is as follows:
s1: an edge calculation center in the vehicle-mounted edge device distributes the model parameters to a plurality of vehicles;
s2: each vehicle receiving the model parameters updates the model parameter values using local data on its on-board computer system;
s3: each vehicle receiving the model parameters transmits the updated model parameter values to the edge calculation center;
s4: and the edge calculation center collects the received model parameters, calculates the loss function of the deep learning model according to the updated model parameters, enables the loss function to be the minimum and serves as the current updated positioning model until the iteration times are met or the positioning model reaches certain precision, and returns to the step S1 to continue iterative optimization learning if the loss function is the minimum.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010979175.7A CN112084185B (en) | 2020-09-17 | 2020-09-17 | Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010979175.7A CN112084185B (en) | 2020-09-17 | 2020-09-17 | Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112084185A CN112084185A (en) | 2020-12-15 |
CN112084185B true CN112084185B (en) | 2022-05-31 |
Family
ID=73738130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010979175.7A Active CN112084185B (en) | 2020-09-17 | 2020-09-17 | Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112084185B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101669946B1 (en) * | 2015-08-28 | 2016-10-28 | 고려대학교 산학협력단 | Appratus and method for identification of ecu using voltage signal |
CN108040073A (en) * | 2018-01-23 | 2018-05-15 | 杭州电子科技大学 | Malicious attack detection method based on deep learning in information physical traffic system |
CN109257358A (en) * | 2018-09-28 | 2019-01-22 | 成都信息工程大学 | A kind of In-vehicle networking intrusion detection method and system based on clock skew |
KR20190098092A (en) * | 2019-07-31 | 2019-08-21 | 엘지전자 주식회사 | Management method of hacking vehicle in automatic driving system and the apparatus for the method |
CN110896393A (en) * | 2018-09-13 | 2020-03-20 | 北京奇虎科技有限公司 | Intrusion detection method and device for automobile bus and computing equipment |
CN111355714A (en) * | 2020-02-20 | 2020-06-30 | 杭州电子科技大学 | Attacker identification method based on fingerprint feature learning of vehicle control unit |
CN111355706A (en) * | 2020-02-10 | 2020-06-30 | 华东师范大学 | Vehicle-mounted intrusion detection method and system based on CAN bus |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3274845B1 (en) * | 2015-03-26 | 2021-07-07 | Red Bend Ltd. | Security systems and method for identification of in-vehicle attack originator |
US11444961B2 (en) * | 2019-12-20 | 2022-09-13 | Intel Corporation | Active attack detection in autonomous vehicle networks |
-
2020
- 2020-09-17 CN CN202010979175.7A patent/CN112084185B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101669946B1 (en) * | 2015-08-28 | 2016-10-28 | 고려대학교 산학협력단 | Appratus and method for identification of ecu using voltage signal |
CN108040073A (en) * | 2018-01-23 | 2018-05-15 | 杭州电子科技大学 | Malicious attack detection method based on deep learning in information physical traffic system |
CN110896393A (en) * | 2018-09-13 | 2020-03-20 | 北京奇虎科技有限公司 | Intrusion detection method and device for automobile bus and computing equipment |
CN109257358A (en) * | 2018-09-28 | 2019-01-22 | 成都信息工程大学 | A kind of In-vehicle networking intrusion detection method and system based on clock skew |
KR20190098092A (en) * | 2019-07-31 | 2019-08-21 | 엘지전자 주식회사 | Management method of hacking vehicle in automatic driving system and the apparatus for the method |
CN111355706A (en) * | 2020-02-10 | 2020-06-30 | 华东师范大学 | Vehicle-mounted intrusion detection method and system based on CAN bus |
CN111355714A (en) * | 2020-02-20 | 2020-06-30 | 杭州电子科技大学 | Attacker identification method based on fingerprint feature learning of vehicle control unit |
Non-Patent Citations (4)
Title |
---|
《基于报警网关的CAN总线传输异常检测方法》;潘琪等;《中国计量大学学报》;20190630;全文 * |
Fiden: Intelligent Fingerprint Learning for;陈媛芳等;《IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS》;20191227;全文 * |
Fingerprinting Electronic Control Units;Kyong-Tak Cho 等;《the Proceedings of the》;20160812;全文 * |
Viden: Atacker Identification on In-Vehicle Networks;Kyong-Tak Cho;《CCS"17 Session E3: Physical Side Channels》;20171103;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112084185A (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111030962B (en) | Vehicle-mounted network intrusion detection method and computer-readable storage medium | |
CN109581871B (en) | Industrial control system intrusion detection method of immune countermeasure sample | |
CN103259962B (en) | A kind of target tracking method and relevant apparatus | |
CN108556682B (en) | Driving range prediction method, device and equipment | |
CN110365647B (en) | False data injection attack detection method based on PCA and BP neural network | |
CN111970229B (en) | CAN bus data anomaly detection method aiming at multiple attack modes | |
CN111131247B (en) | Vehicle-mounted internal network intrusion detection system | |
CN114900331B (en) | Vehicle-mounted CAN bus intrusion detection method based on CAN message characteristics | |
CN115718874A (en) | Anomaly detection | |
CN111355714A (en) | Attacker identification method based on fingerprint feature learning of vehicle control unit | |
CN112084185B (en) | Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning | |
CN114157469A (en) | Vehicle-mounted network variant attack intrusion detection method and system based on domain-confronted neural network | |
Kang et al. | A transfer learning based abnormal can bus message detection system | |
Deng et al. | A lightweight sender identification scheme based on vehicle physical layer characteristics | |
Kang et al. | A study on attack pattern generation and hybrid MR-IDS for in-vehicle network | |
CN107622667B (en) | Method and system for detecting altered license plate number | |
CN115361224A (en) | Deep reinforcement learning traffic signal control poisoning defense method based on strong disturbance detection and model retraining | |
CN104951893A (en) | Urban-traffic-oriented method for evaluating road police alarm handling efficiency of traffic polices | |
CN113722982A (en) | Automobile sensor attack detection and defense method based on multi-model fusion | |
Kang et al. | Abnormal message detection for CAN bus based on message transmission behaviors | |
CN112751822B (en) | Communication apparatus, operation method, abnormality determination apparatus, abnormality determination method, and storage medium | |
CN115731261B (en) | Vehicle lane change behavior recognition method and system based on expressway radar data | |
CN116828397B (en) | Track information acquisition method and device, electronic equipment and storage medium | |
CN117201107A (en) | Cloud vehicle linkage intrusion detection method and system based on multidimensional features | |
WO2022123696A1 (en) | Mobile body, information processing device, information processing method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |