CN113472800A - Automobile network security risk assessment method and device, storage medium and electronic equipment - Google Patents
Automobile network security risk assessment method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113472800A CN113472800A CN202110779965.5A CN202110779965A CN113472800A CN 113472800 A CN113472800 A CN 113472800A CN 202110779965 A CN202110779965 A CN 202110779965A CN 113472800 A CN113472800 A CN 113472800A
- Authority
- CN
- China
- Prior art keywords
- hazard
- threat
- network security
- attack
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012502 risk assessment Methods 0.000 title claims description 48
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 230000006378 damage Effects 0.000 claims description 45
- 238000012360 testing method Methods 0.000 claims description 18
- 238000004088 simulation Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 13
- 230000001960 triggered effect Effects 0.000 claims description 4
- 230000007123 defense Effects 0.000 abstract description 9
- 238000012854 evaluation process Methods 0.000 abstract description 3
- 239000013598 vector Substances 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 241000700605 Viruses Species 0.000 description 3
- 208000027418 Wounds and injury Diseases 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 208000014674 injury Diseases 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009931 harmful effect Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009525 mild injury Effects 0.000 description 1
- 230000009526 moderate injury Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000009528 severe injury Effects 0.000 description 1
- 208000037974 severe injury Diseases 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method, a device, a storage medium and electronic equipment for evaluating automobile network security risks, which are used for determining an automatic driving threat scene list, wherein each threat scene in the automatic driving threat scene list is associated with a risk asset, carrying out hazard analysis based on basic hazard parameters and intelligent operation hazard parameters, carrying out attack feasibility analysis based on different attack difficulty factors, comprehensively evaluating the hazards of network security attacks on intelligent vehicles in different threat scenes, and quantizing the risk level of the network security attacks so as to support the decision of a network security defense scheme of an intelligent driving automobile, and the whole risk evaluation process is automatic and has high risk evaluation efficiency.
Description
Technical Field
The invention relates to the technical field of automobile risk assessment, in particular to an automobile network security risk assessment method, an automobile network security risk assessment device, a storage medium and electronic equipment.
Background
With the continuous improvement of automobile intellectualization, networking and electromotion degrees, the network security problem of intelligent automobiles is more and more serious, and means such as information tampering and virus intrusion are successfully applied to automobile attack by hackers. The function realization is considered at the beginning of the design of the vehicle system, which usually only focuses on reliability and real-time performance, but neglects network safety for a long time.
Technical means such as intrusion detection and a protective wall on a traditional information system easily cause that vehicles are difficult to be effectively protected even if the vehicles are modified to be deployed in a vehicle-mounted network due to compatibility problems. However, the intelligent automobile network security crisis can not only cause personal privacy and enterprise economic loss, but also can cause serious consequences of car damage and death, so how to provide an automobile network security risk assessment method becomes a technical problem that needs to be solved by technical personnel in the field.
Disclosure of Invention
In view of this, the invention discloses a method, an apparatus, a storage medium and an electronic device for evaluating the risk of the network security of an automobile, so as to realize the risk evaluation of the network security of the automobile.
A method for evaluating the safety risk of an automobile network comprises the following steps:
determining a list of autonomous driving threat scenarios, each threat scenario in the list of autonomous driving threat scenarios associated with a risky asset;
carrying out hazard analysis on hazard influences of the intelligent vehicle under each threat scene by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score;
carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
and determining a target network security risk level based on the hazard score and the attack feasibility score corresponding to each threat scene.
Optionally, the basic hazard parameters include: personal safety, property, operation control and privacy; the smart operational hazard parameters include: the controllability of the driver on the intelligent vehicle and the controllability of the intelligent driving system on the vehicle.
Optionally, the determining the automatic driving threat scene list specifically includes:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
Optionally, the determining each automatic driving threat scenario associated with each risk asset in the risk asset evaluation list to obtain the automatic driving threat scenario list specifically includes:
and extracting each automatic driving threat scene associated with each risk asset in the risk asset evaluation list from the generated network security event classification based on the STRIDE threat modeling and association rule recommendation algorithm to obtain the automatic driving threat scene list.
Optionally, the hazard analysis is performed on the hazard influence of the intelligent vehicle in each threat scenario by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score, which specifically includes:
determining different influence levels based on the basic hazard parameters, and recording the different influence levels as a first influence level;
performing hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
and adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
Optionally, the performing hazard analysis on the hazard impact of the intelligent vehicle in each threat scenario for each second impact level to obtain a second hazard score specifically includes:
and performing simulation network attack test on the intelligent driving virtual simulation test platform aiming at the hazard influence of the intelligent vehicle under each threat scene of each second influence level, and performing hazard analysis on the hazard influence caused by the intelligent vehicle by combining network security attack triggered in the simulation network attack test process to obtain a second hazard score.
Optionally, the attack difficulty factor includes: attack window, attacker knowledge skills, equipment required for attack, and system knowledge skills required for attack.
Optionally, the method further includes:
determining the target network security risk to be equal to the corresponding target alarm information from the corresponding relation between the pre-stored network security risk level and the alarm information;
and outputting the target alarm information.
An automobile network security risk assessment device, comprising:
a scene list determination unit for determining an autopilot threat scene list, each threat scene in the autopilot threat scene list being associated with a risk asset;
the hazard analysis unit is used for carrying out hazard analysis on the hazard influence of the intelligent vehicle under each threat scene by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score;
the feasibility analysis unit is used for carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
and the risk grade determining unit is used for determining the target network security risk grade based on the damage score and the attack feasibility score corresponding to each threat scene.
Optionally, the scene list determining unit is specifically configured to:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
Optionally, the hazard analysis unit is specifically configured to:
determining different influence levels based on the basic hazard parameters, and recording the different influence levels as a first influence level;
performing hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
and adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
Optionally, the method further includes:
the warning information determining unit is used for determining that the target network security risk is equal to the corresponding target warning information from the corresponding relation between the pre-stored network security risk level and the warning information;
and the alarm information output unit is used for outputting the target alarm information.
An electronic device comprising a memory and a processor;
the memory is to store at least one instruction;
the processor is used for executing the at least one instruction to realize the automobile network security risk assessment method.
A computer readable storage medium storing at least one instruction which, when executed by a processor, implements the automobile network security risk assessment method described above.
According to the technical scheme, the invention discloses an automobile network security risk assessment method, an automobile network security risk assessment device, a storage medium and electronic equipment, wherein an automatic driving threat scene list is determined, each threat scene in the automatic driving threat scene list is associated with a risk asset, the hazard influence of an intelligent vehicle in each threat scene is subjected to hazard analysis by using basic hazard parameters and intelligent operation hazard parameters to obtain a hazard score, each threat scene is subjected to attack feasibility analysis based on different attack difficulty factors to obtain an attack feasibility score, and a target network security risk grade is determined based on the hazard score and the attack feasibility score corresponding to each threat scene. The method comprehensively evaluates the damage of the network security attack to the intelligent vehicle in different threat scenes based on the basic damage parameters, the intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of the network security defense scheme of the intelligent driving vehicle. In addition, the whole risk assessment process is automatic, so that the risk assessment efficiency is high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the disclosed drawings without creative efforts.
FIG. 1 is a flowchart of a method for evaluating network security risk of an automobile according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for performing hazard analysis on hazard effects of intelligent vehicles in various threat scenarios to obtain a hazard score using basic hazard parameters and intelligent operational hazard parameters, according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an automobile network security risk assessment apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a method, a device, a storage medium and electronic equipment for evaluating automobile network security risk, which are used for determining an automatic driving threat scene list, wherein each threat scene in the automatic driving threat scene list is associated with a risk asset, carrying out hazard analysis on the hazard influence of an intelligent vehicle under each threat scene by using basic hazard parameters and intelligent operation hazard parameters to obtain a hazard score, carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score, and determining a target network security risk grade based on the hazard score and the attack feasibility score corresponding to each threat scene. The method comprehensively evaluates the damage of the network security attack to the intelligent vehicle in different threat scenes based on the basic damage parameters, the intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of the network security defense scheme of the intelligent driving vehicle. In addition, the whole risk assessment process is automatic, so that the risk assessment efficiency is high.
Referring to fig. 1, a flow chart of a method for evaluating a network security risk of an automobile according to an embodiment of the present invention includes:
s101, determining an automatic driving threat scene list;
wherein each threat scenario in the autodrive threat scenario list is associated with a risk asset.
Step S101 may specifically include:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
In practical application, each automatic driving threat scene associated with each risk asset in the risk asset evaluation list is extracted from the generated network security event classification based on the STRIDE threat modeling and association rule recommendation algorithm, so that the automatic driving threat scene list is obtained.
Step S102, carrying out hazard analysis on hazard influences of the intelligent vehicle under each threat scene by using basic hazard parameters and intelligent operation hazard parameters to obtain a hazard score;
wherein, basic hazard parameters include: personal safety, property, operation control and privacy.
Specifically, (1) personal safety refers to the severity of safety injury to a person in an automobile after an attack is initiated, and in practical application, the severity can be classified into five grades, namely no injury, mild injury, moderate injury, severe injury (possible survival), life-threatening fatal injury (uncertain whether survival can be achieved), and the like.
(2) Property refers to the total consideration of property for direct and indirect damage to automobile manufacturers, component manufacturers and individuals after attack, and is classified into five grades of none, low, medium, high and serious:
none: property loss can not be generated;
low: property loss of the bicycle;
the method comprises the following steps: property loss of multiple cars;
high: the whole car factory or the component factory suffers from great property loss
Severe: a number of related organizations suffer huge property losses and even national automobile industry.
(3) The operation control means that after the attack is started, unexpected loss is caused on the aspect of automobile functions and is divided into five grades such as none, low, medium, high and serious:
none: no operational influence can be generated;
low: appearance or audible noise (vehicle still operational, but no operational impact, 25% to 75% of customers feel uncomfortable);
the method comprises the following steps: reduced auxiliary functionality (vehicle still operational, reduced comfort and convenience);
high: loss of ancillary functions (vehicle still operational, complete failure of comfort and convenience functions);
severe: the vehicle powertrain system is affected and the primary function is lost (the vehicle is unable to operate properly).
In the smart driving mode start-up case, the operation is subdivided into a system-based control capability/driver-based control capability.
The privacy refers to the loss caused by invading personal privacy data after attack is started, and is divided into five grades of none, low, medium, high, serious and the like:
none: no loss of private data can be generated;
low: private data such as personal accounts, keys, address books and the like are infringed;
the method comprises the following steps: private data such as multi-person accounts, keys, address books and the like are infringed;
high: violations of law and possible impact on business operations and finances (e.g., economic penalties, market share loss, media reports);
severe: the privacy data of the relevant users of the whole vehicle type, the whole vehicle factory and even the whole vehicle factory.
It should be noted that, the respective grading standards of personal safety, property, operation control and privacy can be referred to the existing mature scheme, and are not described herein again.
The intelligent operational hazard parameters include: the controllability of the driver on the intelligent vehicle and the controllability of the intelligent driving system on the vehicle. In this embodiment, the controllability of the driver on the intelligent vehicle is brought forward from the perspective of the vehicle speed.
S103, carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
in this embodiment, for each threat scene in the automatic driving threat scene list, attack feasibility analysis is performed based on any one or more different attack difficulty factors to obtain an attack feasibility score.
The attack difficulty factor in this embodiment includes: attack window, attacker knowledge skills, equipment required for attack, and system knowledge skills required for attack.
(1) The attack window refers to the attack path adopted when the attack is started by using the vulnerability, and is divided into four levels of remote, close, local and physical contact, as shown in table 1.
TABLE 1
(2) The knowledge skill of an attacker refers to the comprehensive consideration of the basic principle, the method, the audience space of knowledge groups and the like when the attack is started, namely the difficulty level when the attack is started, and is divided into four levels of amateurs, skilled operators, automobile safety experts and multi-field safety experts, as shown in table 2.
TABLE 2
(3) The devices required for attacks refer to the high level of devices used to exploit and exploit risks and mount attacks, and are classified into four levels, open hardware devices and software, open dedicated hardware devices and software, customized or proprietary hardware devices and software, and various customized or proprietary hardware and software, as shown in table 3.
TABLE 3
(4) The system knowledge skill required by the attack refers to the disclosure degree of relevant information such as vehicle model, architecture, intelligent driving algorithm, key and the like, and is divided into four levels of disclosed information, limited disclosed information, sensitive information, key protection information and the like, as shown in table 4.
TABLE 4
It should be noted that, the classification criteria of each grade in tables 1 to 4 can be referred to the existing mature scheme, and are not described herein again.
And S104, determining a target network security risk level based on the hazard score and the attack feasibility score corresponding to each threat scene.
In practical applications, the target cyber-security risk level may be output in the form of a risk assessment report.
In summary, the invention discloses an automobile network security risk assessment method, which comprises the steps of determining an automatic driving threat scene list, associating each threat scene in the automatic driving threat scene list with a risk asset, carrying out hazard analysis on the hazard influence of an intelligent vehicle under each threat scene by using basic hazard parameters and intelligent operation hazard parameters to obtain a hazard score, carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score, and determining a target network security risk grade based on the hazard score and the attack feasibility score corresponding to each threat scene. The method comprehensively evaluates the damage of the network security attack to the intelligent vehicle in different threat scenes based on the basic damage parameters, the intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of the network security defense scheme of the intelligent driving vehicle. In addition, the whole risk assessment process is automatic, so that the risk assessment efficiency is high.
In order to further optimize the above embodiments, referring to fig. 2, a flowchart of a method for performing hazard analysis on hazard influences of an intelligent vehicle in each threat scenario by using a basic hazard parameter and an intelligent operation hazard parameter to obtain a hazard score is disclosed in an embodiment of the present invention, and the method includes:
step S201, determining different influence levels based on basic hazard parameters, and recording the different influence levels as first influence levels;
the basic hazard parameters in this embodiment include: personal safety, property, operation control and privacy, and the personal safety, property, operation control and privacy can be respectively divided into the levels shown in tables 1 to 4, and the four dimensions can be comprehensively divided into five levels shown in table 5.
TABLE 5
It should be particularly noted that, the 5 levels shown in table 5 are also the first influence level shown in this embodiment, and the division criteria of the 5 levels shown in table 5 may refer to the existing mature scheme, which is not described herein again.
Step S202, carrying out hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
s203, determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
the intelligent operational hazard parameters include: the controllability of the driver on the intelligent vehicle and the controllability of the intelligent driving system on the vehicle.
The intelligent operation hazard parameter is expanded on the basis of the basic hazard parameter, and the influence of the fault-tolerant capability of the automatic driving system and/or the driver on the attack related risk is quantified in the intelligent vehicle scene through the intelligent operation hazard parameter.
The second influence level obtained by dividing the smart operation hazard parameter refers to the smart driving function operation control influence table in the attack state shown in table 6.
TABLE 6
In this embodiment, for the intelligent operation hazard parameter, different impact levels are divided based on different speed intervals.
Step S204, performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
specifically, simulation network attack testing is performed on the intelligent driving virtual simulation testing platform according to the harm influence of the intelligent vehicle under each threat scene of each second influence level in the automatic driving threat list, and the harm influence of the network security attack triggered in the simulation network attack testing process on the intelligent vehicle is subjected to harm analysis to obtain a second harm score so as to accurately evaluate the harm influence of the intelligent vehicle.
In the embodiment, when the virtual simulation test platform for intelligent driving is used for carrying out simulation network attack test, network security attack vectors including but not limited to viruses, trojans and malicious applications can be input, functional failures caused after the sensors such as a camera, a laser radar and a millimeter wave radar receive the network security attack vectors can be simulated, influences on execution of an intelligent driving decision algorithm after the network security attack vectors are simulated, functional failures caused after a chassis and a power system are simulated by the network security attack vectors can be simulated, and fault signals can be output.
It should be noted that, due to the complexity of the intelligent driving automobile system, the harmful effect of some network security attacks is not necessarily known in advance, so that the analysis result of the intelligent driving harm is incomplete. Based on the above, the network security attack injection based on the simulation platform provides effective supplement for evaluating the influence of the network security attack on the security and controllability of the intelligent driving system, the damage influence caused during the operation of the intelligent driving system can be obtained by utilizing the preset network security attack amount (namely, different influence levels are determined based on the intelligent operation damage parameters), and the intelligent driving damage analysis result is optimized by analyzing the simulation data, so that a better network security defense scheme is selected.
Step S205, adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
In practical application, different alarm information can be set according to different network security risk levels, so that technicians can find network security risks in time and take effective measures.
Therefore, to further optimize the above embodiment, on the basis of the embodiment shown in fig. 1, after step S104, the method may further include:
determining the target network security risk to be equal to the corresponding target alarm information from the corresponding relation between the pre-stored network security risk level and the alarm information;
and outputting the target alarm information.
It should be noted that, in this embodiment, basic data used for performing network security risk assessment of an automobile, such as a risk asset list, an automatic driving threat scene list, and a correspondence between network security risk levels and warning information, are all stored in a database.
In summary, the invention discloses an automobile network security risk assessment method, which comprehensively assesses the damage of network security attack to an intelligent vehicle in different threat scenes based on basic damage parameters, intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of a network security defense scheme of an intelligent driving automobile. In addition, the method can realize automatic modeling of the threat scene of the intelligent driving automobile, and the whole risk assessment process is automatic, so that the risk assessment efficiency is high. Meanwhile, in the evaluation process, by combining an intelligent driving virtual simulation test platform and simulating network security attack in a virtual simulation environment, the damage to the intelligent driving vehicle caused by the network security attack is comprehensively evaluated, and the accuracy of network security risk level evaluation of the intelligent driving vehicle is improved.
Corresponding to the embodiment of the method, the invention also discloses an automobile network security risk assessment device.
Referring to fig. 3, a schematic structural diagram of an automobile network security risk assessment apparatus disclosed in the embodiment of the present invention is shown, where the assessment apparatus includes:
a scene list determining unit 301, configured to determine an automatic driving threat scene list, where each threat scene in the automatic driving threat scene list is associated with a risk asset;
the scene list determining unit 301 may specifically be configured to:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
In practical application, each automatic driving threat scene associated with each risk asset in the risk asset evaluation list is extracted from the generated network security event classification based on the STRIDE threat modeling and association rule recommendation algorithm, so that the automatic driving threat scene list is obtained.
A hazard analysis unit 302, configured to perform hazard analysis on the hazard influence of the intelligent vehicle in each threat scenario by using the basic hazard parameters and the intelligent operation hazard parameters, so as to obtain a hazard score;
wherein, basic hazard parameters include: personal safety, property, operation control and privacy.
The intelligent operational hazard parameters include: the controllability of the driver on the intelligent vehicle and the controllability of the intelligent driving system on the vehicle. In this embodiment, the controllability of the driver on the intelligent vehicle is brought forward from the perspective of the vehicle speed.
The feasibility analysis unit 303 is configured to perform attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
in this embodiment, for each threat scene in the automatic driving threat scene list, attack feasibility analysis is performed based on any one or more different attack difficulty factors to obtain an attack feasibility score.
The attack difficulty factor in this embodiment includes: attack window, attacker knowledge skills, equipment required for attack, and system knowledge skills required for attack.
A risk level determination unit 304, configured to determine a target network security risk level based on the hazard score and the attack feasibility score corresponding to each of the threat scenarios.
In practical applications, the target cyber-security risk level may be output in the form of a risk assessment report.
In summary, the invention discloses an automobile network security risk assessment device, which determines an automatic driving threat scene list, wherein each threat scene in the automatic driving threat scene list is associated with a risk asset, carries out hazard analysis on the hazard influence of an intelligent vehicle under each threat scene by using basic hazard parameters and intelligent operation hazard parameters to obtain a hazard score, carries out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score, and determines a target network security risk grade based on the hazard score and the attack feasibility score corresponding to each threat scene. The method comprehensively evaluates the damage of the network security attack to the intelligent vehicle in different threat scenes based on the basic damage parameters, the intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of the network security defense scheme of the intelligent driving vehicle. In addition, the whole risk assessment process is automatic, so that the risk assessment efficiency is high.
To further optimize the above embodiment, the hazard analysis unit 302 is specifically configured to:
determining different influence levels based on the basic hazard parameters, and recording the different influence levels as a first influence level;
performing hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
and adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
Specifically, simulation network attack testing is performed on the intelligent driving virtual simulation testing platform according to the harm influence of the intelligent vehicle under each threat scene of each second influence level in the automatic driving threat list, and the harm influence of the network security attack triggered in the simulation network attack testing process on the intelligent vehicle is subjected to harm analysis to obtain a second harm score so as to accurately evaluate the harm influence of the intelligent vehicle.
In the embodiment, when the virtual simulation test platform for intelligent driving is used for carrying out simulation network attack test, network security attack vectors including but not limited to viruses, trojans and malicious applications can be input, functional failures caused after the sensors such as a camera, a laser radar and a millimeter wave radar receive the network security attack vectors can be simulated, influences on execution of an intelligent driving decision algorithm after the network security attack vectors are simulated, functional failures caused after a chassis and a power system are simulated by the network security attack vectors can be simulated, and fault signals can be output.
It should be noted that, due to the complexity of the intelligent driving automobile system, the harmful effect of some network security attacks is not necessarily known in advance, so that the analysis result of the intelligent driving harm is incomplete. Based on the above, the network security attack injection based on the simulation platform provides effective supplement for evaluating the influence of the network security attack on the security and controllability of the intelligent driving system, the damage influence caused during the operation of the intelligent driving system can be obtained by utilizing the preset network security attack amount (namely, different influence levels are determined based on the intelligent operation damage parameters), and the intelligent driving damage analysis result is optimized by analyzing the simulation data, so that a better network security defense scheme is selected.
In practical application, different alarm information can be set according to different network security risk levels, so that technicians can find network security risks in time and take effective measures.
Therefore, to further optimize the above embodiment, the automobile network security risk assessment device may further include:
the warning information determining unit is used for determining that the target network security risk is equal to the corresponding target warning information from the corresponding relation between the pre-stored network security risk level and the warning information;
and the alarm information output unit is used for outputting the target alarm information.
In summary, the invention discloses an automobile network security risk assessment device which comprehensively assesses the damage of network security attack to an intelligent vehicle in different threat scenes based on basic damage parameters, intelligent operation damage parameters and different attack difficulty factors, and quantifies the risk level of the network security attack so as to support the decision of a network security defense scheme of an intelligent driving automobile. In addition, the method can realize automatic modeling of the threat scene of the intelligent driving automobile, and the whole risk assessment process is automatic, so that the risk assessment efficiency is high. Meanwhile, in the evaluation process, by combining an intelligent driving virtual simulation test platform and simulating network security attack in a virtual simulation environment, the damage to the intelligent driving vehicle caused by the network security attack is comprehensively evaluated, and the accuracy of network security risk level evaluation of the intelligent driving vehicle is improved.
It should be noted that, for the specific working principle of each component in the device embodiment, please refer to the corresponding part of the method embodiment, which is not described herein again.
The invention also provides an electronic device, which comprises a memory and a processor;
the memory is to store at least one instruction;
the processor is used for executing the at least one instruction to realize the automobile network security risk assessment method in the embodiment.
The invention further provides a computer-readable storage medium, which stores at least one instruction, and the at least one instruction is executed by a processor to implement the automobile network security risk assessment method according to the embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (14)
1. A method for evaluating the safety risk of an automobile network is characterized by comprising the following steps:
determining a list of autonomous driving threat scenarios, each threat scenario in the list of autonomous driving threat scenarios associated with a risky asset;
carrying out hazard analysis on hazard influences of the intelligent vehicle under each threat scene by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score;
carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
and determining a target network security risk level based on the hazard score and the attack feasibility score corresponding to each threat scene.
2. The automobile network security risk assessment method according to claim 1, wherein the basic hazard parameters comprise: personal safety, property, operation control and privacy; the smart operational hazard parameters include: the controllability of the driver on the intelligent vehicle and the controllability of the intelligent driving system on the vehicle.
3. The automobile network security risk assessment method according to claim 1, wherein the determining of the automatic driving threat scene list specifically comprises:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
4. The automobile network security risk assessment method according to claim 3, wherein the determining each automatic driving threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list specifically comprises:
and extracting each automatic driving threat scene associated with each risk asset in the risk asset evaluation list from the generated network security event classification based on the STRIDE threat modeling and association rule recommendation algorithm to obtain the automatic driving threat scene list.
5. The automobile network security risk assessment method according to claim 1, wherein the performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scenario by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score specifically comprises:
determining different influence levels based on the basic hazard parameters, and recording the different influence levels as a first influence level;
performing hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
and adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
6. The automobile network security risk assessment method according to claim 5, wherein the performing hazard analysis on the hazard impact of the intelligent vehicle in each of the threat scenarios for each of the second impact levels to obtain a second hazard score specifically comprises:
and performing simulation network attack test on the intelligent driving virtual simulation test platform aiming at the hazard influence of the intelligent vehicle under each threat scene of each second influence level, and performing hazard analysis on the hazard influence caused by the intelligent vehicle by combining network security attack triggered in the simulation network attack test process to obtain a second hazard score.
7. The automobile network security risk assessment method according to claim 1, wherein the attack difficulty factor comprises: attack window, attacker knowledge skills, equipment required for attack, and system knowledge skills required for attack.
8. The automobile network security risk assessment method according to claim 1, further comprising:
determining the target network security risk to be equal to the corresponding target alarm information from the corresponding relation between the pre-stored network security risk level and the alarm information;
and outputting the target alarm information.
9. An automobile network security risk assessment device, characterized by comprising:
a scene list determination unit for determining an autopilot threat scene list, each threat scene in the autopilot threat scene list being associated with a risk asset;
the hazard analysis unit is used for carrying out hazard analysis on the hazard influence of the intelligent vehicle under each threat scene by using the basic hazard parameters and the intelligent operation hazard parameters to obtain a hazard score;
the feasibility analysis unit is used for carrying out attack feasibility analysis on each threat scene based on different attack difficulty factors to obtain an attack feasibility score;
and the risk grade determining unit is used for determining the target network security risk grade based on the damage score and the attack feasibility score corresponding to each threat scene.
10. The automobile network security risk assessment device according to claim 9, wherein the scene list determination unit is specifically configured to:
identifying the risk assets based on the attack surface of the intelligent vehicle to be evaluated to obtain a risk asset evaluation list;
and determining each threat scenario associated with each risk asset in the risk asset assessment list to obtain the automatic driving threat scenario list.
11. The automobile network security risk assessment device according to claim 9, wherein the hazard analysis unit is specifically configured to:
determining different influence levels based on the basic hazard parameters, and recording the different influence levels as a first influence level;
performing hazard analysis on hazard influences of the intelligent vehicle under each threat scene aiming at each first influence level to obtain a first hazard score;
determining different influence levels based on the intelligent operation hazard parameters, and recording the different influence levels as second influence levels;
performing hazard analysis on the hazard influence of the intelligent vehicle under each threat scene aiming at each second influence level to obtain a second hazard score;
and adding the first hazard score and the second hazard score corresponding to each threat scene at the same time to obtain the hazard score corresponding to each threat scene.
12. The network security risk assessment device of claim 9, further comprising:
the warning information determining unit is used for determining that the target network security risk is equal to the corresponding target warning information from the corresponding relation between the pre-stored network security risk level and the warning information;
and the alarm information output unit is used for outputting the target alarm information.
13. An electronic device, comprising a memory and a processor;
the memory is to store at least one instruction;
the processor is used for executing the at least one instruction to realize the automobile network security risk assessment method according to any one of claims 1-8.
14. A computer-readable storage medium storing at least one instruction which, when executed by a processor, implements the method for assessing security risk of an automobile network according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110779965.5A CN113472800A (en) | 2021-07-09 | 2021-07-09 | Automobile network security risk assessment method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110779965.5A CN113472800A (en) | 2021-07-09 | 2021-07-09 | Automobile network security risk assessment method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113472800A true CN113472800A (en) | 2021-10-01 |
Family
ID=77879488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110779965.5A Pending CN113472800A (en) | 2021-07-09 | 2021-07-09 | Automobile network security risk assessment method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472800A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826713A (en) * | 2022-04-12 | 2022-07-29 | 中国第一汽车股份有限公司 | Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium |
| CN115310079A (en) * | 2022-10-13 | 2022-11-08 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
| CN117834310A (en) * | 2024-03-06 | 2024-04-05 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090106843A1 (en) * | 2007-10-18 | 2009-04-23 | Pil-Yong Kang | Security risk evaluation method for effective threat management |
| US20180146004A1 (en) * | 2016-11-22 | 2018-05-24 | Aon Global Operations Ltd (Singapore Branch) | Systems and methods for cybersecurity risk assessment |
| CN110682875A (en) * | 2019-09-19 | 2020-01-14 | 中国第一汽车股份有限公司 | Vehicle safety risk assessment method and device and vehicle |
| CN112329022A (en) * | 2020-11-11 | 2021-02-05 | 浙江长三角车联网安全技术有限公司 | Intelligent network automobile information security risk assessment method and system |
| CN112465395A (en) * | 2020-12-15 | 2021-03-09 | 同济大学 | Multi-dimensional comprehensive evaluation method and device for automatically-driven automobile |
| CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
-
2021
- 2021-07-09 CN CN202110779965.5A patent/CN113472800A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090106843A1 (en) * | 2007-10-18 | 2009-04-23 | Pil-Yong Kang | Security risk evaluation method for effective threat management |
| US20180146004A1 (en) * | 2016-11-22 | 2018-05-24 | Aon Global Operations Ltd (Singapore Branch) | Systems and methods for cybersecurity risk assessment |
| CN110682875A (en) * | 2019-09-19 | 2020-01-14 | 中国第一汽车股份有限公司 | Vehicle safety risk assessment method and device and vehicle |
| CN112329022A (en) * | 2020-11-11 | 2021-02-05 | 浙江长三角车联网安全技术有限公司 | Intelligent network automobile information security risk assessment method and system |
| CN112465395A (en) * | 2020-12-15 | 2021-03-09 | 同济大学 | Multi-dimensional comprehensive evaluation method and device for automatically-driven automobile |
| CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
Non-Patent Citations (6)
| Title |
|---|
| DTR/ITS-0050005: "Technical Report Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA)", 《TSI TR 102 893》 * |
| DTR/ITS-0050005: "Technical Report Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA)", 《TSI TR 102 893》, 31 March 2010 (2010-03-31) * |
| T. TSAO;R. ALEXANDER;EATON AMP;APOS;S COOPER POWER SYSTEMS BUSINESS;M. DOHLER;CTTC; V. DAZA; A. LOZANO;UNIVERSITAT POMPEU FABRA;M.: "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)", IETF * |
| 李玉峰等: "智能网联汽车网络安全浅析", 《电信科学》 * |
| 李玉峰等: "智能网联汽车网络安全浅析", 《电信科学》, no. 04, 20 April 2020 (2020-04-20) * |
| 黄鹏;张娜;: "基于网络安全风险评估的攻防博弈模型", 西昌学院学报(自然科学版), no. 04 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826713A (en) * | 2022-04-12 | 2022-07-29 | 中国第一汽车股份有限公司 | Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium |
| CN115310079A (en) * | 2022-10-13 | 2022-11-08 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
| CN115310079B (en) * | 2022-10-13 | 2023-01-10 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
| CN117834310A (en) * | 2024-03-06 | 2024-04-05 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
| CN117834310B (en) * | 2024-03-06 | 2024-05-03 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113472800A (en) | Automobile network security risk assessment method and device, storage medium and electronic equipment | |
| Pfleeger et al. | Analyzing computer security: A threat/vulnerability/countermeasure approach | |
| Kostopoulos | Cyberspace and cybersecurity | |
| Elyas et al. | Towards a systemic framework for digital forensic readiness | |
| Bloomfield et al. | Security-informed safety: if it’s not secure, it’s not safe | |
| CN111565184A (en) | Network security assessment device, method, equipment and medium | |
| CN110807196B (en) | Car networking leak public survey system | |
| Maglaras et al. | Threats, countermeasures and attribution of cyber attacks on critical infrastructures | |
| Maglaras et al. | Threats, protection and attribution of cyber attacks on critical infrastructures | |
| CN111581643B (en) | Penetration attack evaluation method and device, electronic device and readable storage medium | |
| Wynn et al. | Threat assessment and remediation analysis (tara) | |
| CN111881460B (en) | Vulnerability exploitation detection method, system, equipment and computer storage medium | |
| Yu et al. | Implications of AI in national security: understanding the security issues and ethical challenges | |
| CN110287703B (en) | Method and device for detecting vehicle safety risk | |
| CN113987509A (en) | Risk rating method, device, equipment and storage medium for information system security vulnerability | |
| Zhang et al. | Test and evaluation system for automotive cybersecurity | |
| CN115190058A (en) | Vehicle network data security risk assessment system, method and device | |
| CN116112211A (en) | Knowledge-graph-based network attack chain reduction method | |
| Sibai | AI crimes: a classification | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| Baiardi et al. | Twin based continuous patching to minimize cyber risk | |
| CN112925805A (en) | Big data intelligent analysis application method based on network security | |
| CN116362543A (en) | Comprehensive risk assessment method and device integrating information security and functional security | |
| JP7000271B2 (en) | Vehicle unauthorized access countermeasure device and vehicle unauthorized access countermeasure method | |
| CN115659351B (en) | Information security analysis method, system and equipment based on big data office |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |