CN112751831A - Automobile vulnerability classification and processing method, device, equipment and readable storage medium - Google Patents
Automobile vulnerability classification and processing method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN112751831A CN112751831A CN202011494644.2A CN202011494644A CN112751831A CN 112751831 A CN112751831 A CN 112751831A CN 202011494644 A CN202011494644 A CN 202011494644A CN 112751831 A CN112751831 A CN 112751831A
- Authority
- CN
- China
- Prior art keywords
- attack
- vulnerability
- level
- vehicle
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Abstract
The embodiment of the invention discloses a method, a device, equipment and a readable storage medium for automobile vulnerability classification and processing. The automobile vulnerability classification and processing method comprises the following steps: acquiring a scene, an attack difficulty degree and an attack result required when a vulnerability to be processed is attacked; evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence; counting leak sets exceeding a set level, and acquiring target vehicle characteristics of each leak in the leak sets and characteristics of drivers in the target vehicles; performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability; and verifying and processing the vulnerability of the vehicle with the target characteristics. The embodiment of the invention is based on a perfect vulnerability assessment system and a characteristic analysis method, and can be used for timely and accurately grading, identifying and processing the automobile vulnerability.
Description
Technical Field
The embodiment of the invention relates to the technology of vehicle networking, in particular to a method, a device, equipment and a readable storage medium for vehicle vulnerability classification and processing.
Background
With the continuous development of the intelligent level and the car networking technology, intelligent cars come into operation and are regarded as an excellent mode capable of thoroughly solving traffic jam, improving travel efficiency and reducing accident rate. The development of science and technology brings high efficiency and convenience and brings great insecurity, and hackers use vulnerabilities existing in intelligent automobiles to carry out long-range or short-range attack, so that threats such as out-of-control vehicles and private data leakage are caused.
At present, in the field of information security of the Internet of vehicles, a mature vulnerability grade evaluation system does not exist, and automobile vulnerabilities cannot be processed in time, so that the Internet of vehicles system is exposed in a dangerous environment for a long time.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a readable storage medium for grading and processing automobile bugs, so that the automobile bugs are timely and accurately processed based on a perfect bug evaluation system and a feature analysis method.
In a first aspect, an embodiment of the present invention provides a car vulnerability classification and processing method, including:
acquiring a scene, an attack difficulty degree and an attack result required when a vulnerability to be processed is attacked;
evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence;
counting leak sets exceeding a set level, and acquiring target vehicle characteristics of each leak in the leak sets and characteristics of drivers in the target vehicles;
performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and verifying and processing the vulnerability of the vehicle with the target characteristics.
In a second aspect, an embodiment of the present invention further provides an apparatus for classifying and processing car bugs, including:
the acquisition module is used for acquiring a scene, an attack difficulty degree and an attack result which are required when the vulnerability to be processed is attacked;
the evaluation module is used for evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence;
the characteristic acquisition module is used for counting leak sets exceeding a set level and acquiring the characteristics of a target vehicle where each leak in the leak sets is located and the characteristics of a driver in the target vehicle;
the statistical analysis module is used for performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and the processing module is used for verifying and processing the vulnerability of the vehicle with the target characteristics.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a memory for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the car vulnerability classification and processing method of any of the embodiments.
In a fourth aspect, the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the car bug classification and processing method according to any one of the embodiments.
The embodiment of the invention firstly provides a mature and complete automobile vulnerability evaluation system so as to comprehensively and objectively evaluate the danger level of the vulnerability to be processed according to the scene required by the attacked, the attack difficulty degree and the attack result; then, summarizing, counting the vulnerability sets exceeding the set level based on the danger level of the vulnerability to be processed, thereby obtaining the vulnerability sets which are dangerous and need to be processed urgently; obtaining the characteristics of a target vehicle where each loophole in the loophole set is located and the characteristics of a driver in the target vehicle; the target vehicle characteristics and the characteristics of the driver are subjected to statistical analysis to obtain target characteristics related to each vulnerability, so that vehicles which are to be potentially attacked by the vulnerability to be processed, namely vehicles with the target characteristics, can be searched, the vehicles can be accurately locked through a statistical analysis method without paying attention to the attacking mechanism and principle of the vulnerability, finally, the vulnerability of the vehicles can be timely and accurately processed, and the automobile internet of vehicles is prevented from being exposed in a dangerous environment for a long time.
Drawings
Fig. 1 is a flowchart of a first method for classification and processing of car vulnerabilities according to an embodiment of the present invention;
FIG. 2 is a flowchart of a second car vulnerability classification and processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of cluster analysis and correlation analysis of features provided by an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an automobile vulnerability classification and processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a flowchart of a first car vulnerability classification and processing method provided in an embodiment of the present invention, which is applicable to classification and processing of vulnerabilities of an internet of vehicles system of a car, and is executed by a car vulnerability classification and processing apparatus, which may be formed by hardware and/or software and is generally integrated in an electronic device. As shown in fig. 1, the method specifically comprises the following steps:
s110, acquiring a scene, an attack difficulty degree and an attack consequence which are required when the vulnerability to be processed is attacked.
Optionally, a scene, an attack difficulty level and an attack result required when the vulnerability to be processed is attacked are collected in the information security test. The number of the loopholes to be processed is multiple, and required scenes, attack difficulty degrees and attack consequences can be collected respectively on the basis of each loophole to be processed.
And S120, evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence.
The vulnerability evaluation system of the embodiment starts from a plurality of angles of scenes, attack difficulty degrees and attack consequences, changes the conventional evaluation mode of too subjective vulnerability grades, and can evaluate the danger grades of the vulnerabilities into high-risk, medium-risk and low-risk grades through the vulnerability grade evaluation system.
S130, calculating a vulnerability set exceeding a set level, and acquiring the target vehicle characteristics of each vulnerability in the vulnerability set and the characteristics of a driver in the target vehicle.
And under the condition of obtaining the danger levels of a plurality of loopholes, counting the loopholes (such as high-risk loopholes) exceeding a set level to form a loophole set.
Then, acquiring the vehicle characteristics of each vulnerability in the vulnerability set, wherein the vehicle characteristics are called target vehicle characteristics; and characteristics of the driver within the target vehicle. Vehicle characteristics include, but are not limited to, vehicle brand, price, internet of vehicles security policy, hardware and software deployment information, among others. The characteristics of the driver include, but are not limited to, driving behavior characteristics of the driver, and personal characteristics such as age, interest, and the like.
S140, carrying out statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability.
In some cases, information such as an attack mechanism and a principle of the vulnerability is unclear, and some vulnerabilities may not be discovered yet, so that missing situations may exist when which vehicles become attacked are analyzed based on the attack mechanism and the principle of the vulnerability; however, hackers tend to attack vehicles with certain vehicle characteristics and driver characteristics, regardless of the scenario chosen, the ease of attack, and the consequences of the attack. Based on this, the target vehicle characteristics and the characteristics of the driver, which are closely related to the vulnerability, can be first acquired from the attack motivation of the hacker.
In order to more accurately determine the characteristics closely related to the vulnerability, statistical analysis is performed on the characteristics of the target vehicle and the characteristics of the driver. Illustratively, the target features include 30-40 ages, financing drivers, vehicle deployment of the internet of vehicles system, but no installation of safety protection software, and the like.
And S150, verifying and processing the vulnerability of the vehicle with the target characteristics.
Optionally, a detection means is taken for the vehicle with the target feature to verify whether the vehicle has a bug, if so, a patch of the bug is issued to the vehicle with the target feature, and the patch installation is monitored to be completed. Specifically, a vehicle with target characteristics and positioning information of the vehicle are determined through an intelligent network system; and then, issuing a patch of the vulnerability to the vehicle according to the positioning information, and monitoring the installation condition of the patch.
It should be noted that the leak here is a leak in the vehicle having the target feature, and is obtained through the step in S130.
The embodiment of the invention firstly provides a mature and complete automobile vulnerability evaluation system so as to comprehensively and objectively evaluate the danger level of the vulnerability to be processed according to the scene required by the attacked, the attack difficulty degree and the attack result; then, summarizing, counting the vulnerability sets exceeding the set level based on the danger level of the vulnerability to be processed, thereby obtaining the vulnerability sets which are dangerous and need to be processed urgently; obtaining the characteristics of a target vehicle where each loophole in the loophole set is located and the characteristics of a driver in the target vehicle; the target vehicle characteristics and the characteristics of the driver are subjected to statistical analysis to obtain target characteristics associated with each vulnerability, so that vehicles which are potentially attacked by the vulnerability to be processed, namely vehicles with the target characteristics, can be searched for, the vehicle can be accurately locked through a statistical analysis method without paying attention to the attacking mechanism and principle of the vulnerability, finally, the vulnerability of the vehicle can be accurately processed in time, and the vehicle internet of vehicles is prevented from being exposed in a dangerous environment for a long time.
In addition, the embodiment of the invention provides a set of vulnerability discovery and processing method which completely realizes vulnerability rating, characteristic statistical analysis and final vulnerability processing, and is automatically executed integrally without manual participation.
It should be further noted that, in the present embodiment, a vulnerability to be processed is screened from a technical level (a required scene, an attack difficulty level, and an attack result) associated with the vulnerability, and a vehicle that is potentially attacked is searched from an incentive (a target characteristic) of a hacker, so that the technical level and the incentive are combined, and timeliness and accuracy of vulnerability processing are improved.
In the above-described embodiment and the following embodiments, the scenario required when being attacked includes at least one of the degree of technical mastery, the vehicle condition, and the attack area; the attack difficulty level comprises at least one of a window under attack, a knowledge skill level required to launch an attack, a device to launch an attack, and an attack scope; the consequences of the attack include at least one of personal safety, loss of property, vehicle impact operation, privacy violation, public safety violation, and regulation and duration of damage.
The embodiment provides scientific and reasonable vulnerability assessment characteristics, fully refers to SAE J3061 automobile safety guidelines, an EVITA threat severity classification model, a HEAVANES model, a CVSS general vulnerability scoring system and the like, and develops evaluation aiming at technical mastery and 13 dimensions of the vehicle working conditions by combining years of research experience in the field of automobile information safety.
Each of these features is described in detail below. The technical mastery degree in the scene required by the attack comprises low level, medium level and high level, the working conditions of the vehicle comprise static, low speed, medium speed, high speed and high speed, and the attack area comprises single-vehicle attack, single-vehicle attack and multi-vehicle attack; each feature has a corresponding score, detailed in the example of table 1.
Features and scores in the scenarios of Table 1 (in parentheses in the Table for short)
The attacked window in the attack difficulty level comprises remote, close, local and physical contact, the knowledge skill level required to launch the attack comprises amateurs, skilled operators, car security experts and multi-domain security experts, the equipment for launching the attack comprises open hardware equipment and mass building, open special hardware equipment and software, custom or proprietary hardware equipment and software and a plurality of custom or proprietary hardware and software, and the attack scope comprises single, multiple and all. Each feature has a corresponding score, as detailed in the example of table 2.
TABLE 2 features and scores at challenge level
Personal safety includes none, mild injury, severe injury and life threatening in the consequences of an attack, property loss includes none, low, medium and high, vehicle affecting operation includes none, medium, low and high, whether privacy is violated includes none, medium, low and high, whether public safety and regulations are violated includes none, medium, low and high, the duration of the hazard includes none, short, long and irrecoverable. Each feature has a corresponding score, as detailed in the example of table 3.
TABLE 3 characteristics and scores under the consequences of the attacks
Fig. 2 is a flowchart of a second method for classifying and processing car vulnerabilities provided in the embodiment of the present invention, where the optimization of the evaluation process of a vulnerability risk level in the embodiment specifically includes:
s210, obtaining a scene, an attack difficulty degree and an attack consequence which are needed when the vulnerability to be processed is attacked.
And S220, carrying out quantitative analysis on the scene to obtain the score of the scene.
And S230, carrying out quantitative analysis on the attack difficulty level to obtain a score of the attack difficulty level.
And S240, carrying out quantitative analysis on the attack consequence to obtain the score of the attack consequence.
Quantitative analysis is carried out on the scene, the attack difficulty degree and the attack consequence by adopting the same method, specifically, the loopholes to be processed are corresponding to a table 1, a table 2 and a table 3, and the score of each feature is obtained; then, determining the weight of each feature score by adopting an analytic hierarchy process, and respectively carrying out weighted summation on the scene, the attack difficulty degree and the features under the attack consequences to obtain 3 scores.
Illustratively, quantitative analysis of the scene, in conjunction with table 1, resulted in a scene score SP of 0.952 TM +1.905 VC +1.429 AA. In conjunction with table 2, quantitative analysis of the challenge difficulty was performed to obtain a score for challenge difficulty, TP-1.905 WD +0.952 KS +0.952 EM +1.905 SA. In conjunction with table 2, quantitative analysis of the challenge outcome yielded a score IP of 3.333 PS +1.429 PP +0.952 OA +0.953 PA +2.381 PR +0.952 DT.
And S250, carrying out qualitative analysis on the scores of the scenes and the scores of the attack difficulty degrees to obtain the attack level of the vulnerability to be processed.
Optionally, adding the scores of the scenes and the scores of the attack difficulty degrees to obtain a total score; and determining a score segment where the total score falls, and determining an attack level score corresponding to the score segment. Specifically, different score sections correspond to different grade scores, and the higher the score is, the higher the attack grade score is, and the more dangerous the vulnerability is. Table 4 shows the attack level scores for the different score segments of the total score. If the total score is 60, the attack level score is 3.
TABLE 4 comparison of score segments of total scores and attack level scores
| Fraction segment of total score | Attack Level (AL) | Attack level score |
| 0-15 | Is low in | 1 |
| 16-40 | In | 2 |
| 41-70 | Height of | 3 |
| 70 or more | Super high | 4 |
And S260, carrying out qualitative analysis on the scores of the attack consequences to obtain the influence level of the vulnerability to be processed.
And similarly to the total score, determining a score segment where the score of the attack consequence falls, and determining an influence grade score corresponding to the score segment. Table 5 shows the impact level scores for the different score segments of the attack outcome. If the outcome of the attack is scored 80, the impact rating score is 4.
TABLE 5 comparison of score segments and grade scores for ease of attack
| Fractional segment of attack consequence | Grade of Influence (IL) | Impact rating score |
| 0-15 | Is low in | 1 |
| 16-40 | In | 2 |
| 41-70 | Height of | 3 |
| 70 or more | Super high | 4 |
S270, obtaining the danger level of the vulnerability to be processed according to the attack level and the influence level of the vulnerability to be processed.
Optionally, the attack level score and the impact level score of the vulnerability to be processed are analyzed by a matrix analysis method to obtain the risk level of the vulnerability to be processed, which is shown in table 6.
TABLE 6 vulnerability hazard level demarcation Table
S280, counting leak sets exceeding a set level, and acquiring the characteristics of a target vehicle where each leak in the leak sets is located and the characteristics of a driver in the target vehicle.
And S290, carrying out statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability.
And S291, verifying and processing the vulnerability of the vehicle with the target characteristics.
The vulnerability rating process is scientific and reasonable, and the presentation form is more visual. The vulnerability evaluation process adopts a scoring form, so that the intermediate process is quantifiable, the influence of subjective human factors is reduced as much as possible, and meanwhile, the vulnerability grades are divided into a high class, a medium class and a low class by adopting a matrix table form according to evaluation scores, so that results are more visually presented.
The vulnerability grade evaluation system is started from multiple angles, changes the previous evaluation mode of too subjective vulnerability grade, enables the vulnerability grade to be quantifiable, and can evaluate the vulnerability into a high-risk vulnerability, a medium-risk vulnerability and a low-risk vulnerability through the vulnerability grade evaluation system. Meanwhile, compared with qualitative rating, the quantitative rating process is more objective, and a rating result is calculated through a quantitative formula. However, quantitative scoring does not give a more intuitive understanding of vulnerability hazards. Therefore, the method of combining quantitative evaluation and qualitative evaluation is adopted, the vulnerability evaluation score is obtained firstly, and then the vulnerability is classified into three categories of high/medium/low-risk vulnerabilities according to the score.
In the foregoing embodiment and the following embodiments, the performing statistical analysis on the target vehicle characteristic and the characteristic of the driver to obtain the target characteristic associated with each vulnerability includes: performing single-feature cluster analysis on the target vehicle features and the features of the driver to obtain a plurality of categories of the features, and selecting the target categories of which the number exceeds a set value from the features; and performing correlation analysis on the characteristics of each target category and the existence of the corresponding loopholes within the range of the characteristics of the target vehicle where all the loopholes are located and the characteristics of the driver to obtain the characteristics meeting the correlation requirements.
Specifically, the risk level of each to-be-processed vulnerability in the to-be-processed vulnerabilities is evaluated, which is specifically referred to the records of the above embodiments and is not described herein again. And then, calculating the medium-risk and high-risk vulnerabilities to construct a vulnerability set. And for each vulnerability in the vulnerability set, obtaining the characteristics of the target vehicle where the vulnerability is located and the characteristics of a driver in the target vehicle.
Fig. 3 is a schematic diagram of cluster analysis and correlation analysis performed on features according to an embodiment of the present invention. And performing cluster analysis on the target vehicle characteristics of each vulnerability or the characteristics of each driver, for example, performing age clustering, hobby clustering, vehicle brand clustering and the like to obtain a plurality of categories of each characteristic, wherein the number of each category may be different. And traversing the number of each category under each characteristic, and selecting the target categories of which the number exceeds a set value. The set value can be set manually. Assuming that 3 target-out categories are selected under the characteristics of the target vehicle: brand a, vehicle deployed internet of vehicles system, not installed safety protection software. The driver selects 2 target categories under their characteristics: age 30-40, and are good for financing.
Through the analysis, as shown in fig. 3, the characteristics of the target category corresponding to each vulnerability are obtained; that is, there is a high probability that the vehicle with the vulnerability has the features of the target classes, but it is still not certain that the features of the target classes have a strong association with the vulnerability. Based on this, with continued reference to fig. 3, in the range of the target vehicle characteristics and the driver characteristics where all the vulnerabilities are located, correlation analysis is performed on the characteristics of each target category and the existence of the corresponding vulnerability, respectively, so as to obtain characteristics meeting the correlation requirements.
Fig. 4 is a schematic structural diagram of an automobile vulnerability classification and processing apparatus provided in an embodiment of the present invention, which is suitable for a situation of vulnerability classification and processing of an automobile networking system, and specifically includes: an acquisition module 401, an evaluation module 402, a feature acquisition module 403, a statistical analysis module 404, and a processing module 405.
The obtaining module 401 is configured to obtain a scene, an attack difficulty level, and an attack result required when the vulnerability to be processed is attacked;
the evaluation module 402 is configured to evaluate a risk level of the vulnerability to be processed according to the scene, the attack difficulty level and the attack consequence;
the feature acquisition module 403 is configured to count leak sets exceeding a set level, and acquire a target vehicle feature where each leak in the leak set is located and a feature of a driver in the target vehicle;
a statistical analysis module 404, configured to perform statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and the processing module 405 is used for verifying and processing the vulnerability of the vehicle with the target characteristics.
The embodiment of the invention firstly provides a mature and complete automobile vulnerability evaluation system so as to comprehensively and objectively evaluate the danger level of the vulnerability to be processed according to the scene required by the attacked, the attack difficulty degree and the attack result; then, summarizing, counting the vulnerability sets exceeding the set level based on the danger level of the vulnerability to be processed, thereby obtaining the vulnerability sets which are dangerous and need to be processed urgently; obtaining the characteristics of a target vehicle where each loophole in the loophole set is located and the characteristics of a driver in the target vehicle; the target vehicle characteristics and the characteristics of the driver are subjected to statistical analysis to obtain target characteristics related to each vulnerability, so that vehicles which are to be potentially attacked by the vulnerability to be processed, namely vehicles with the target characteristics, can be searched, the vehicles can be accurately locked through a statistical analysis method without paying attention to the attacking mechanism and principle of the vulnerability, finally, the vulnerability of the vehicles can be timely and accurately processed, and the automobile internet of vehicles is prevented from being exposed in a dangerous environment for a long time.
Optionally, the scene required by the attack includes at least one of a technical mastery degree, a vehicle working condition and an attack area; the attack difficulty level comprises at least one of a window under attack, a knowledge skill level required to launch an attack, a device to launch an attack, and an attack scope; the consequences of the attack include at least one of personal safety, loss of property, vehicle impact operation, privacy violation, public safety violation, and regulation and duration of damage.
Optionally, the technical mastery degree includes low level, medium level and high level, the vehicle working condition includes static state, low speed, medium speed, high speed and high speed, and the attack area includes single vehicle attack, single vehicle type attack and multi-vehicle type attack; the attacked window includes remote, close, local and physical contact, the level of knowledge skill required to launch the attack includes amateurs, skilled operators, car security experts and multi-domain security experts, the devices to launch the attack include public hardware devices and mass, public dedicated hardware devices and software, custom or proprietary hardware devices and software, and a variety of custom or proprietary hardware and software, the scope of the attack includes single, multiple and all; personal safety includes none, mild injury, severe injury and life threatening, property loss includes none, low, medium and high, vehicle influencing operations include none, medium, low and high, whether privacy is violated includes none, medium, low and high, whether public safety and regulations are violated includes none, medium, low and high, hazard duration includes none, short time, long time and irrecoverable.
Optionally, the evaluation module is specifically configured to: carrying out quantitative analysis on the scene to obtain the score of the scene; carrying out quantitative analysis on the attack difficulty degree to obtain a score of the attack difficulty degree; carrying out quantitative analysis on the attack consequences to obtain the scores of the attack consequences; carrying out qualitative analysis on the scores of the scenes and the scores of the attack difficulty degrees to obtain the attack level of the vulnerability to be processed; carrying out qualitative analysis on the scores of the attack consequences to obtain the influence level of the vulnerability to be processed; and obtaining the danger level of the vulnerability to be processed according to the attack level and the influence level of the vulnerability to be processed.
Optionally, the evaluation module is specifically configured to, when performing qualitative analysis on the score of the scene and the score of the attack difficulty level to obtain the attack level of the vulnerability to be processed: adding the scores of the scenes and the scores of the attack difficulty degrees to obtain a total score; determining a score segment where the total score falls, and determining an attack level score corresponding to the score segment; the evaluation module is specifically configured to, when performing qualitative analysis on the score of the attack consequence to obtain the impact level of the vulnerability to be processed: and determining a score segment where the score of the attack consequence falls, and determining an influence level score corresponding to the score segment.
Optionally, when the evaluation module obtains the risk level of the vulnerability to be processed according to the attack level and the impact level of the vulnerability to be processed, the evaluation module is specifically configured to: and analyzing the attack level score and the influence level score of the vulnerability to be processed by adopting a matrix analysis method to obtain the danger level of the vulnerability to be processed.
Optionally, the statistical analysis module is specifically configured to: performing single-feature cluster analysis on the target vehicle features and the features of the driver to obtain a plurality of categories of the features, and selecting the target categories of which the number exceeds a set value from the features; performing correlation analysis on the characteristics of each target category and the existence of the corresponding loopholes in the range of the characteristics of the target vehicles where all the loopholes are located and the characteristics of the driver to obtain the characteristics meeting the correlation requirements; the processing module is specifically used for verifying whether the vehicle with the target characteristics has a bug, issuing a patch of the bug to the vehicle with the target characteristics if the vehicle with the target characteristics has the bug, and monitoring that the patch is installed completely.
The automobile vulnerability classification and processing device provided by the embodiment of the invention can execute the automobile vulnerability classification and processing method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 5, the electronic device includes a processor 50, a memory 51, an input device 52, and an output device 53; the number of processors 50 in the device may be one or more, and one processor 50 is taken as an example in fig. 5; the processor 50, the memory 51, the input device 52 and the output device 53 in the apparatus may be connected by a bus or other means, which is exemplified in fig. 5.
The memory 51 is used as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the car bug classification and processing method in the embodiment of the present invention (for example, the obtaining module 401, the evaluating module 402, the feature obtaining module 403, the statistical analysis module 404, and the processing module 405 in the car bug classification and processing device). The processor 50 executes various functional applications and data processing of the device by running software programs, instructions and modules stored in the memory 51, so as to implement the car bug classification and processing method.
The memory 51 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 51 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 51 may further include memory located remotely from the processor 50, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 52 is operable to receive input numeric or character information and to generate key signal inputs relating to user settings and function controls of the apparatus. The output device 53 may include a display device such as a display screen.
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a method for vehicle vulnerability classification and processing, the method comprising:
acquiring a scene, an attack difficulty degree and an attack result required when a vulnerability to be processed is attacked;
evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence;
counting leak sets exceeding a set level, and acquiring target vehicle characteristics of each leak in the leak sets and characteristics of drivers in the target vehicles;
performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and verifying and processing the vulnerability of the vehicle with the target characteristics.
Of course, the storage medium provided by the embodiments of the present invention includes computer-executable instructions, and the computer-executable instructions are not limited to the above method operations, and may also perform related operations in the car bug classification and processing method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods of the embodiments of the present invention.
It should be noted that, in the embodiment of the car vulnerability classification and processing apparatus, each included unit and module are only divided according to functional logic, but are not limited to the above division as long as the corresponding function can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. The automobile vulnerability classification and processing method is characterized by comprising the following steps:
acquiring a scene, an attack difficulty degree and an attack result required when a vulnerability to be processed is attacked;
evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence;
counting leak sets exceeding a set level, and acquiring target vehicle characteristics of each leak in the leak sets and characteristics of drivers in the target vehicles;
performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and verifying and processing the vulnerability of the vehicle with the target characteristics.
2. The method according to claim 1, wherein the scene required when attacked comprises at least one of a technical mastery degree, a vehicle condition and an attack area;
the attack difficulty level comprises at least one of a window under attack, a knowledge skill level required to launch an attack, a device to launch an attack, and an attack scope;
the consequences of the attack include at least one of personal safety, loss of property, vehicle impact operation, privacy violation, public safety violation, and regulation and duration of damage.
3. The method of claim 2, wherein the technical mastery level comprises a low level, a medium level, and a high level, the vehicle operating conditions comprise stationary, low speed, medium speed, higher speed, and high speed, the attack zones comprise single vehicle attacks, single vehicle type attacks, and multi-vehicle type attacks;
the attacked window includes remote, close, local and physical contact, the level of knowledge skill required to launch the attack includes amateurs, skilled operators, car security experts and multi-domain security experts, the devices to launch the attack include public hardware devices and mass, public dedicated hardware devices and software, custom or proprietary hardware devices and software, and a variety of custom or proprietary hardware and software, the scope of the attack includes single, multiple and all;
personal safety includes none, mild injury, severe injury and life threatening, property loss includes none, low, medium and high, vehicle influencing operations include none, medium, low and high, whether privacy is violated includes none, medium, low and high, whether public safety and regulations are violated includes none, medium, low and high, hazard duration includes none, short time, long time and irrecoverable.
4. The method according to claim 1, wherein the evaluating the risk level of the vulnerability to be processed according to the scenario, the attack difficulty level and the attack consequence comprises:
carrying out quantitative analysis on the scene to obtain the score of the scene;
carrying out quantitative analysis on the attack difficulty degree to obtain a score of the attack difficulty degree;
carrying out quantitative analysis on the attack consequences to obtain the scores of the attack consequences;
carrying out qualitative analysis on the scores of the scenes and the scores of the attack difficulty degrees to obtain the attack level of the vulnerability to be processed;
carrying out qualitative analysis on the scores of the attack consequences to obtain the influence level of the vulnerability to be processed;
and obtaining the danger level of the vulnerability to be processed according to the attack level and the influence level of the vulnerability to be processed.
5. The method according to claim 4, wherein the qualitatively analyzing the scores of the scenes and the scores of the attack difficulty levels to obtain the attack level of the vulnerability to be processed comprises:
adding the scores of the scenes and the scores of the attack difficulty degrees to obtain a total score;
determining a score segment where the total score falls, and determining an attack level score corresponding to the score segment;
the qualitative analysis is carried out on the scores of the attack consequences to obtain the influence level of the vulnerability to be processed, and the method comprises the following steps:
and determining a score segment where the score of the attack consequence falls, and determining an influence level score corresponding to the score segment.
6. The method according to claim 5, wherein obtaining the risk level of the vulnerability to be processed according to the attack level and the impact level of the vulnerability to be processed comprises:
and analyzing the attack level score and the influence level score of the vulnerability to be processed by adopting a matrix analysis method to obtain the danger level of the vulnerability to be processed.
7. The method according to any one of claims 1 to 6, wherein the performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain the target characteristics associated with each vulnerability comprises:
performing single-feature cluster analysis on the target vehicle features and the features of the driver to obtain a plurality of categories of the features, and selecting the target categories of which the number exceeds a set value from the features;
performing correlation analysis on the characteristics of each target category and the existence of the corresponding loopholes in the range of the characteristics of the target vehicles where all the loopholes are located and the characteristics of the driver to obtain the characteristics meeting the correlation requirements;
the vulnerability verification and processing of the vehicle with the target characteristics comprises the following steps:
and verifying whether the vehicle with the target characteristics has a bug, issuing a patch of the bug to the vehicle with the target characteristics if the vehicle with the target characteristics has the bug, and monitoring that the patch is installed completely.
8. The utility model provides a car vulnerability is hierarchical and processing apparatus which characterized in that includes:
the acquisition module is used for acquiring a scene, an attack difficulty degree and an attack result which are required when the vulnerability to be processed is attacked;
the evaluation module is used for evaluating the danger level of the vulnerability to be processed according to the scene, the attack difficulty degree and the attack consequence;
the characteristic acquisition module is used for counting leak sets exceeding a set level and acquiring the characteristics of a target vehicle where each leak in the leak sets is located and the characteristics of a driver in the target vehicle;
the statistical analysis module is used for performing statistical analysis on the target vehicle characteristics and the characteristics of the driver to obtain target characteristics associated with each vulnerability;
and the processing module is used for verifying and processing the vulnerability of the vehicle with the target characteristics.
9. An electronic device, comprising:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the car vulnerability stratification and treatment method according to any of claims 1-7.
10. A storage medium containing computer-executable instructions for performing the car vulnerability classification and treatment method of any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011494644.2A CN112751831B (en) | 2020-12-17 | 2020-12-17 | Automobile vulnerability classification and processing method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011494644.2A CN112751831B (en) | 2020-12-17 | 2020-12-17 | Automobile vulnerability classification and processing method, device, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112751831A true CN112751831A (en) | 2021-05-04 |
| CN112751831B CN112751831B (en) | 2022-04-15 |
Family
ID=75648566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011494644.2A Active CN112751831B (en) | 2020-12-17 | 2020-12-17 | Automobile vulnerability classification and processing method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112751831B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113268738A (en) * | 2021-05-08 | 2021-08-17 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
| CN113872950A (en) * | 2021-09-18 | 2021-12-31 | 恒安嘉新(北京)科技股份公司 | Automobile safety analysis method and device, electronic equipment and storage medium |
| CN116049836A (en) * | 2023-03-31 | 2023-05-02 | 江苏智能网联汽车创新中心有限公司 | Method, device, equipment and storage medium for determining vehicle vulnerability priority |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102393681A (en) * | 2011-06-15 | 2012-03-28 | 王瑞 | Real-time comprehensive automatic monitoring system for long-distance numerous transport devices and monitoring method thereof |
| CN103366120A (en) * | 2012-04-10 | 2013-10-23 | 中国信息安全测评中心 | Bug attack graph generation method based on script |
| CN106882048A (en) * | 2017-02-21 | 2017-06-23 | 上海建桥学院 | A kind of driver is suitable to drive detection and behavior identification system |
| CN107196955A (en) * | 2017-06-15 | 2017-09-22 | 北京理工大学 | The network system active defense method analyzed based on vulnerability correlation |
| CN108377184A (en) * | 2018-01-09 | 2018-08-07 | 清华大学 | A kind of intelligent automobile internal network distributed authentication encryption method |
| CN108932435A (en) * | 2018-07-05 | 2018-12-04 | 宇龙计算机通信科技(深圳)有限公司 | A kind of information security management method, terminal device and computer readable storage medium |
| CN110445810A (en) * | 2019-09-12 | 2019-11-12 | 北京京航计算通讯研究所 | Vehicle control system network security detection method based on multilevel feedback queue |
| CN110807196A (en) * | 2019-10-30 | 2020-02-18 | 国汽(北京)智能网联汽车研究院有限公司 | Car networking leak public survey system |
| CN111385291A (en) * | 2020-03-02 | 2020-07-07 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for evaluating vehicle information security vulnerability |
-
2020
- 2020-12-17 CN CN202011494644.2A patent/CN112751831B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102393681A (en) * | 2011-06-15 | 2012-03-28 | 王瑞 | Real-time comprehensive automatic monitoring system for long-distance numerous transport devices and monitoring method thereof |
| CN103366120A (en) * | 2012-04-10 | 2013-10-23 | 中国信息安全测评中心 | Bug attack graph generation method based on script |
| CN106882048A (en) * | 2017-02-21 | 2017-06-23 | 上海建桥学院 | A kind of driver is suitable to drive detection and behavior identification system |
| CN107196955A (en) * | 2017-06-15 | 2017-09-22 | 北京理工大学 | The network system active defense method analyzed based on vulnerability correlation |
| CN108377184A (en) * | 2018-01-09 | 2018-08-07 | 清华大学 | A kind of intelligent automobile internal network distributed authentication encryption method |
| CN108932435A (en) * | 2018-07-05 | 2018-12-04 | 宇龙计算机通信科技(深圳)有限公司 | A kind of information security management method, terminal device and computer readable storage medium |
| CN110445810A (en) * | 2019-09-12 | 2019-11-12 | 北京京航计算通讯研究所 | Vehicle control system network security detection method based on multilevel feedback queue |
| CN110807196A (en) * | 2019-10-30 | 2020-02-18 | 国汽(北京)智能网联汽车研究院有限公司 | Car networking leak public survey system |
| CN111385291A (en) * | 2020-03-02 | 2020-07-07 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for evaluating vehicle information security vulnerability |
Non-Patent Citations (1)
| Title |
|---|
| 邵学彬: "《基于HEAVENS模型的汽车行业漏洞等级划分研究》", 《江苏科技信息》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113268738A (en) * | 2021-05-08 | 2021-08-17 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
| CN113268738B (en) * | 2021-05-08 | 2022-10-04 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
| CN113872950A (en) * | 2021-09-18 | 2021-12-31 | 恒安嘉新(北京)科技股份公司 | Automobile safety analysis method and device, electronic equipment and storage medium |
| CN116049836A (en) * | 2023-03-31 | 2023-05-02 | 江苏智能网联汽车创新中心有限公司 | Method, device, equipment and storage medium for determining vehicle vulnerability priority |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112751831B (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112751831B (en) | Automobile vulnerability classification and processing method, device, equipment and readable storage medium | |
| CN111030962B (en) | Vehicle-mounted network intrusion detection method and computer-readable storage medium | |
| US8549645B2 (en) | System and method for detection of denial of service attacks | |
| CN107220549B (en) | Vulnerability risk basic evaluation method based on CVSS | |
| CN101950338A (en) | Bug repair method based on hierarchical bug threat assessment | |
| CN110807196B (en) | Car networking leak public survey system | |
| CN110855497B (en) | Alarm sequencing method and device based on big data environment | |
| CN105025011A (en) | A vehicle information security evaluation method | |
| CN110505134A (en) | A kind of car networking CAN bus data detection method and device | |
| WO2017152877A1 (en) | Network threat event evaluation method and apparatus | |
| CN110011976B (en) | Network attack destruction capability quantitative evaluation method and system | |
| CN111126832A (en) | Automobile information safety test evaluation method | |
| CN111447167B (en) | Safety protection method and device for vehicle-mounted system | |
| CN108259223B (en) | Unmanned aerial vehicle network system security situation perception evaluation method for preventing GPS deception | |
| CN111786974A (en) | Network security assessment method and device, computer equipment and storage medium | |
| CN116016198B (en) | Industrial control network topology security assessment method and device and computer equipment | |
| CN112150046A (en) | Road intersection safety risk index calculation method | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| Zhang et al. | Test and evaluation system for automotive cybersecurity | |
| Chen et al. | MDFD: A multi-source data fusion detection framework for Sybil attack detection in VANETs | |
| CN110287703A (en) | The method and device of vehicle safety risk supervision | |
| CN112287345B (en) | Trusted edge computing system based on intelligent risk detection | |
| CN113673304A (en) | Scene semantic driving-based vehicle-mounted expected function safety hazard analysis and evaluation method | |
| CN116362543A (en) | Comprehensive risk assessment method and device integrating information security and functional security | |
| CN115632884B (en) | Network security situation perception method and system based on event analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |