CN114095271A - Communication bus detection method and device, electronic equipment and storage medium - Google Patents

Communication bus detection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114095271A
CN114095271A CN202111442509.8A CN202111442509A CN114095271A CN 114095271 A CN114095271 A CN 114095271A CN 202111442509 A CN202111442509 A CN 202111442509A CN 114095271 A CN114095271 A CN 114095271A
Authority
CN
China
Prior art keywords
signal
detected
target parameter
function model
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111442509.8A
Other languages
Chinese (zh)
Inventor
崔圳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202111442509.8A priority Critical patent/CN114095271A/en
Publication of CN114095271A publication Critical patent/CN114095271A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Abstract

The disclosure relates to the technical field of automobile communication safety, and provides a communication bus detection method and device, electronic equipment and a storage medium. The method comprises the following steps: the method comprises the steps that a signal to be detected is obtained, and the signal to be detected is any one of at least one signal included in a CAN message; calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, wherein the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change value of at least two continuous signals to be detected; determining a preset range corresponding to the target parameter based on the target parameter; and obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal or indicating that the signal to be detected is not abnormal. By adopting the method, the accuracy of the detection result of the communication bus can be improved.

Description

Communication bus detection method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of automotive communication security technologies, and in particular, to a communication bus detection method and apparatus, an electronic device, and a storage medium.
Background
With the development of the automobile industry, many intelligent functions based on embedded electronic technology are widely applied to the automobile industry, so that the comfort, functionality and safety of the whole automobile are improved through the electronic configuration inside the automobile and the interrelation among various components. But also brings security aggressivity problem for automobile driving, mainly attacks the communication network in the automobile communication system, which causes security accidents to occur in the automobile driving process of users, influences the life security of users and causes economic loss of users.
In the prior art, a Database (DBC) file of a CAN is used to obtain a physical value parameter corresponding to a to-be-detected signal in at least one signal included in an in-vehicle message, and determine whether the physical value parameter corresponding to the to-be-detected signal is within a specification range set in the DBC file, so as to determine whether the detection signal is abnormal.
However, in the prior art, the correlation between the signal to be detected and other signals included in the message is ignored, which results in low accuracy of the detection result.
Disclosure of Invention
In view of the above, it is necessary to provide a communication bus detection method, apparatus, electronic device and storage medium for solving the above technical problems.
The embodiment of the disclosure provides a communication bus detection method, which comprises the following steps:
acquiring a signal to be detected, wherein the signal to be detected is any one of at least one signal included in the CAN message;
calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, wherein the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change value of at least two continuous signals to be detected;
determining a preset range corresponding to the target parameter based on the target parameter;
and obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal, or the detection result is used for indicating that the signal to be detected is non-abnormal.
In one embodiment, before acquiring the signal to be detected, the method further includes:
acquiring a CAN message;
obtaining at least one signal included in the CAN message based on the CAN message and an extraction mode of the at least one signal included in the CAN message, wherein the extraction mode of the at least one signal is obtained according to a communication protocol specification;
and determining the signal to be detected in at least one signal included in the CAN message.
In one embodiment, the calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected includes:
acquiring a physical value conversion mode corresponding to the signal to be detected;
determining a first physical value parameter corresponding to the signal to be detected based on the physical value conversion mode;
and calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and the function model corresponding to the signal to be detected.
In one embodiment, the calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and a function model corresponding to the signal to be detected includes:
when the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, inputting the first physical value parameter into a first function model corresponding to the signal to be detected, and calculating a first target parameter corresponding to the signal to be detected;
wherein the first functional model is defined by the following expression:
Figure BDA0003383843390000031
wherein x, y and z are physical value parameters corresponding to other signals except the signal to be detected in at least one signal in the CAN message; a and n represent function model parameters corresponding to physical value parameters of the x signal; b and m represent function model parameters corresponding to physical value parameters of the y signal; c and h represent the function model parameters corresponding to the physical value parameters of the z signal.
In one embodiment, the calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and a function model corresponding to the signal to be detected includes:
when the function model is determined according to the change values of at least two continuous signals to be detected, inputting the first physical value parameter into a second function model corresponding to the signals to be detected, and calculating a second target parameter corresponding to the signals to be detected;
wherein the second functional model is defined by the following expression:
Sc=Sn-Sn-1
wherein S isn、Sn-1And the first physical value parameters respectively corresponding to two continuous signals to be detected are represented.
In one embodiment, the determining, based on the target parameter, a preset range corresponding to the target parameter includes:
determining a first preset range corresponding to the first target parameter based on the first target parameter;
obtaining a detection result based on the preset range and the signal to be detected, including:
obtaining a detection result based on the first preset range and a first physical value parameter corresponding to the signal to be detected;
and/or
The determining the preset range corresponding to the target parameter based on the target parameter includes:
determining a second preset range corresponding to the second target parameter based on the second target parameter;
obtaining a detection result based on the preset range and the signal to be detected, including:
and obtaining a detection result based on the second preset range and a second target parameter corresponding to the signal to be detected.
In one embodiment, the method further comprises:
and when the detection result indicates that the signal to be detected is abnormal, sending an alarm signal to a user.
The disclosed embodiment provides a communication bus detection device, which is characterized by comprising:
the device comprises a to-be-detected signal acquisition module, a to-be-detected signal acquisition module and a to-be-detected signal acquisition module, wherein the to-be-detected signal acquisition module is used for acquiring a to-be-detected signal which is any one of at least one signal included in a CAN message;
a target parameter obtaining module, configured to calculate a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, where the function model is determined according to the signal to be detected and at least one signal in the CAN message other than the signal to be detected, and/or the function model is determined according to a variation value of at least two consecutive signals to be detected;
the preset range determining module is used for determining a preset range corresponding to the target parameter based on the target parameter;
and the detection result determining module is used for obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal or indicating that the signal to be detected is not abnormal.
The embodiment of the present disclosure provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the communication bus detection method provided in any embodiment of the present disclosure when executing the computer program.
The embodiments of the present disclosure provide a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of a communication bus detection method provided by any embodiment of the present disclosure.
According to the communication bus detection method provided by the embodiment of the disclosure, a signal to be detected is obtained, and the signal to be detected is any one of at least one signal included in a CAN message; calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, wherein the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change value of at least two continuous signals to be detected; determining a preset range corresponding to the target parameter based on the target parameter; and obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal or indicating that the signal to be detected is not abnormal. Therefore, by constructing a function model between the signal to be detected and other signals in the CAN message and a function model of a change value between continuous signals to be detected, determining a target parameter corresponding to the signal to be detected according to the function model, determining a preset range corresponding to the signal to be detected based on the target parameter, and further determining whether the signal to be detected is abnormal or not based on the actual signal to be detected and the preset range monitored in real time, whether the signal to be detected is abnormal or not is determined only aiming at the signal to be detected in the prior art, but also the incidence relation among a plurality of signals is ignored, and the change value between continuous signals to be detected is concerned, so that the situation that an attacker jumps the signal to be detected when injecting an attack or performing a fuzzy attack is avoided, and the accuracy of a communication bus detection result is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a communication bus detection method according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another communication bus detection method provided in the embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another communication bus detection method according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another communication bus detection method according to an embodiment of the present disclosure;
fig. 5 is a schematic flowchart of another communication bus detection method according to an embodiment of the present disclosure;
fig. 6 is a schematic flowchart of another communication bus detection method according to an embodiment of the present disclosure;
fig. 7 is a schematic flowchart of another communication bus detection method according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a communication bus detection apparatus according to an embodiment of the present disclosure;
fig. 9 is an internal structural diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
With the development of the automobile industry, many intelligent functions based on embedded electronic technology are widely applied to the automobile industry, so that the comfort, functionality and safety of the whole automobile are improved through the electronic configuration inside the automobile and the interrelation among various components. But also brings security aggressivity problem for automobile driving, mainly attacks the communication network in the automobile communication system, which causes security accidents to occur in the automobile driving process of users, influences the life security of users and causes economic loss of users.
In the prior art, a Database (DBC) file of a CAN is used to obtain a physical value parameter corresponding to a to-be-detected signal in at least one signal included in an in-vehicle message, and determine whether the physical value parameter corresponding to the to-be-detected signal is within a specification range set in the DBC file, so as to determine whether the detection signal is abnormal. However, in the prior art, the correlation between the signal to be detected and other signals included in the message is ignored, which results in low accuracy of the detection result.
The utility model provides a communication bus detection method, through constructing the function model between the signal to be detected and other signals in the CAN message, and the function model of the change value between the continuous signal to be detected, and confirm the target parameter that the signal to be detected corresponds according to this function model, confirm the preset range that the signal to be detected corresponds based on the target parameter, further confirm whether the signal to be detected is unusual based on the actual signal to be detected who monitors in real time and preset range, thereby avoided determining whether unusual only to the signal to be detected in the prior art, and neglected the incidence relation between a plurality of signals, and paid attention to the change value between the continuous signal to be detected, avoid the attacker when injecting the attack or carrying out the fuzzy attack, cause the jump of the signal to be detected, so that the accuracy of communication bus detection result is improved.
The communication bus detection method provided by the disclosure can be applied to a communication bus detection device, the device can be electronic equipment such as various personal computers, notebook computers, smart phones, tablet computers and portable wearable equipment, and optionally, the device can also be a functional module or a functional entity which can realize the communication bus detection method in the electronic equipment.
In an embodiment, as shown in fig. 1, fig. 1 is a schematic flow chart of a communication bus detection method provided in the embodiment of the present disclosure, which specifically includes the following steps:
s11: and acquiring a signal to be detected.
The signal to be detected is any one of at least one signal included in the CAN message. The CAN message refers to a CAN message obtained by monitoring a CAN bus by using a CAN transceiver and collecting traffic on the CAN bus in an automobile communication network, and the CAN message includes one or more communication signals, which may be, for example, speed and acceleration of an automobile or an angle signal of stepping on an accelerator.
S13: and calculating target parameters corresponding to the signals to be detected based on the signals to be detected and the function models corresponding to the signals to be detected.
The function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change values of at least two continuous signals to be detected.
It should be noted that, after determining the signal to be detected, it is determined whether a function model corresponding to the signal to be detected exists in the plurality of function models, and when it is determined that the function model corresponding to the signal to be detected does not exist in the plurality of function models, the signal to be detected is not detected currently, or a user may define the function model according to an actual situation, and further detect the signal to be detected. The function model CAN be customized by a user according to actual conditions when the target parameters of the current signal to be detected cannot be acquired according to the function model or when the function model cannot correctly express the association relationship between the signal to be detected and at least one signal in the CAN message except the signal to be detected.
Specifically, a signal to be detected of the automobile is obtained based on a plurality of signals included in the CAN message obtained in the automobile communication network, and a target parameter corresponding to the signal to be detected is obtained through calculation according to a function model corresponding to the signal to be detected and the signal to be detected.
For example, in an automobile communication network, a CAN transceiver monitors a CAN bus, collects flow data on the CAN bus in real time, obtains a CAN message, determines that a signal to be detected is an automobile acceleration signal based on a plurality of signals included in the CAN message, such as an automobile acceleration signal, a speed signal, and an angle signal of stepping on an accelerator, and determines a target parameter corresponding to the automobile acceleration signal according to the acceleration signal of the automobile and a function model corresponding to the automobile acceleration signal, but is not limited thereto, and the disclosure is not particularly limited.
S15: and determining a preset range corresponding to the target parameter based on the target parameter.
The preset range is a range to which the signal to be detected belongs when the signal to be detected is judged to be non-abnormal, and the value of the preset range is determined according to target parameters calculated by different signals to be detected.
For example, when the signal to be detected is the acceleration of the vehicle, the preset range may be calculated according to the acceleration of the vehicle to obtain a target parameter such as-5.9 m/s2Determining the preset range to be [ -6.1m/s ] according to the target parameter2,-5.8m/s2]However, the present disclosure is not limited thereto, and those skilled in the art can set the method according to the actual situation.
S17: and obtaining a detection result based on the preset range and the signal to be detected.
The detection result is used for indicating that the signal to be detected is abnormal, or the detection result is used for indicating that the signal to be detected is not abnormal. It should be noted that whether the message corresponding to the signal to be detected is abnormal is determined by using whether the signal to be detected is abnormal, and when the signal to be detected is abnormal, the message corresponding to the signal to be detected is also abnormal.
Specifically, a target parameter corresponding to the signal to be detected is determined according to the signal to be detected and a function model corresponding to the signal to be detected, a preset range corresponding to the signal to be detected is obtained based on the target parameter, and a detection result corresponding to the signal to be detected is obtained based on the signal to be detected, wherein the detection result can indicate that the signal to be detected is abnormal or indicate that the signal to be detected is not abnormal.
Thus, the embodiment acquires the signal to be detected, which is any one of at least one signal included in the CAN message; calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, wherein the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change value of at least two continuous signals to be detected; determining a preset range corresponding to the target parameter based on the target parameter; and obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal or indicating that the signal to be detected is not abnormal. Therefore, by constructing a function model between the signal to be detected and other signals in the CAN message and a function model of a change value between continuous signals to be detected, determining a target parameter corresponding to the signal to be detected according to the function model, determining a preset range corresponding to the signal to be detected based on the target parameter, and further determining whether the signal to be detected is abnormal or not based on the actual signal to be detected and the preset range monitored in real time, whether the signal to be detected is abnormal or not is determined only aiming at the signal to be detected in the prior art, but also the incidence relation among a plurality of signals is ignored, and the change value between continuous signals to be detected is concerned, so that the situation that an attacker jumps the signal to be detected when injecting an attack or performing a fuzzy attack is avoided, and the accuracy of a communication bus detection result is improved.
Fig. 2 is a schematic flowchart of another communication bus detection method provided in the embodiment of the present disclosure, and fig. 2 is based on fig. 1, and as shown in fig. 2, before acquiring a signal to be detected, the method further includes:
s111: and acquiring the CAN message.
Specifically, in an automobile communication network, a CAN transceiver is used for monitoring a CAN bus, and when communication flow exists on the CAN bus, the flow on the CAN bus is collected so as to obtain a CAN message.
S112: and obtaining at least one signal included in the CAN message based on the CAN message and the extraction mode of the at least one signal included in the CAN message.
Wherein, the extraction mode of at least one signal is obtained according to the communication protocol specification; the communication protocol specification is a DBC file, the DBC file is a specification protocol set by different automobile manufacturers for automobiles of the same factory, the DBC file is a file for describing data communication between CAN network nodes, contains the specific meaning represented by a protocol data machine in a CAN bus protocol, CAN monitor and analyze message data on a CAN network by using the DBC specification file, or CAN also be used for simulating the CAN nodes, signal parameters such as start bit, length, type (integer or real number), byte order, signal factor, deviation value and the like are defined in the DBC file, and the extraction modes of a plurality of signals included in CAN messages corresponding to different automobiles and the conversion modes of physical values corresponding to different signals are obtained by analyzing the DBC file.
S113: and determining the signal to be detected in at least one signal included in the CAN message.
Specifically, the method includes acquiring one or more signals in a CAN message by means of extracting a plurality of signals included in the CAN message acquired through a CAN transceiver on a CAN bus and analyzed according to a DBC specification file, and determining the signals to be detected for detection in the one or more signals when the one or more signals included in the CAN message are acquired.
In this way, in this embodiment, by analyzing the communication protocol specification, one or more signals included in the CAN packet are obtained according to the extraction manner of the plurality of signals obtained by the analysis, and the signal to be detected is determined in the one or more signals, and the signal to be detected is further detected, so that the accuracy of the detection result is improved.
Fig. 3 is a schematic flowchart of another communication bus detection method provided in an embodiment of the present disclosure, where fig. 3 is a flowchart of fig. 2, and as shown in fig. 3, the calculating a target parameter corresponding to a signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected includes:
s131: and acquiring a physical value conversion mode corresponding to the signal to be detected.
S132: and determining a first physical value parameter corresponding to the signal to be detected based on the physical value conversion mode.
The physical value conversion mode is a calculation mode of a physical value parameter obtained by calculating based on a signal value corresponding to a signal to be detected according to parameter information corresponding to the signal defined in the DBC file, such as a signal factor and an offset value.
For example, the physical value parameter is, but not limited to, signal value signal factor + offset value, and the disclosure is not particularly limited thereto.
Specifically, the physical value conversion mode of the signal to be detected corresponding to the CAN message is obtained by analyzing the DBC file, and the first physical value parameter corresponding to the signal to be detected is calculated based on the parameter information and the signal value according to the signal value corresponding to the signal to be detected and the parameter information defined in the DBC file.
S133: and calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and the function model corresponding to the signal to be detected.
Specifically, a first physical value parameter corresponding to the signal to be detected is obtained through calculation, and further, the first physical value parameter is brought into a function model corresponding to the signal to be detected, so that a target parameter corresponding to the signal to be detected is obtained through calculation.
Fig. 4 is a schematic flowchart of another communication bus detection method provided by an embodiment of the present disclosure, where fig. 4 is a flowchart of fig. 3, and as shown in fig. 4, based on the first physical value parameter and the function model corresponding to the signal to be detected, calculating a target parameter corresponding to the signal to be detected, where the method includes:
s133 a: when the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, the first physical value parameter is input into the first function model corresponding to the signal to be detected, and the first target parameter corresponding to the signal to be detected is calculated.
Wherein the first functional model is defined by the expression:
Figure BDA0003383843390000111
wherein x, y and z are physical value parameters corresponding to other signals except the signal to be detected in at least one signal in the CAN message; a and n represent function model parameters corresponding to physical value parameters of the x signal; b and m represent function model parameters corresponding to physical value parameters of the y signal; c and h represent the function model parameters corresponding to the physical value parameters of the z signal.
Optionally, on the basis of the foregoing embodiments, in some embodiments of the present disclosure, when the first function model between the signal to be detected and one signal in the CAN message is defined by the following expression:
Figure BDA0003383843390000121
wherein x is a physical value parameter corresponding to one signal in at least one signal included in the CAN message; a. b and n represent function model parameters corresponding to physical value parameters of the x signal. a. The values of b and n can be determined according to the incidence relation between the signal to be detected and the x signal.
It should be noted that the first function model between the signal to be detected and the at least one signal is not limited to this, and those skilled in the art can set the function according to actual situations.
For example, when it is determined that the signal to be detected is an automobile acceleration signal, the x signal is an angle signal of stepping on the accelerator, and values of a, b, and n are determined according to an inverse relationship between the angle signal of stepping on the accelerator and the automobile acceleration signal, but the disclosure is not limited thereto, and those skilled in the art may specifically set the values according to actual conditions.
Specifically, when a first function model determined in the plurality of function models is determined according to a signal to be detected and one or more signals except the signal to be detected in the CAN message, a first physical value parameter corresponding to the signal to be detected is brought into the first function model, and a first target parameter corresponding to the model to be detected is obtained through calculation.
In this way, in the embodiment, the target parameter is calculated and obtained by constructing the function model between the signal to be detected and the other signals in the CAN message, so that the incidence relation between the other signals in the CAN message and the signal to be detected is considered when the signal to be detected is detected, and the accuracy of the detection result is improved.
Fig. 5 is a schematic flowchart of another communication bus detection method provided by an embodiment of the present disclosure, where fig. 5 is a flowchart of fig. 3, and as shown in fig. 5, the calculating a target parameter corresponding to a signal to be detected based on the first physical value parameter and a function model corresponding to the signal to be detected includes:
s133 b: when the function model is determined according to the change values of at least two continuous signals to be detected, inputting the first physical value parameter into a second function model corresponding to the signals to be detected, and calculating a second target parameter corresponding to the signals to be detected;
wherein the second functional model is defined by the following expression:
Sc=Sn-Sn-1
wherein S isn、Sn-1And the first physical value parameters respectively corresponding to two continuous signals to be detected are represented.
Specifically, when a first function model determined in the plurality of function models is determined according to the variation values of at least two continuous signals to be detected, a first physical value parameter corresponding to the signals to be detected is brought into a second function model, and a second target parameter corresponding to the model to be detected is obtained through calculation.
In this way, in the embodiment, the second function model is constructed based on the variation value between the first physical parameter values respectively corresponding to the two continuous signals to be detected, and the target parameter is calculated and obtained, so that when the signals to be detected are detected, the signal to be detected is prevented from jumping when an attacker performs injection attack or fuzzy attack, and the accuracy of the detection result is improved.
Fig. 6 is a schematic flowchart of another communication bus detection method provided in the embodiment of the present disclosure, and fig. 6 is a flowchart of fig. 4, as shown in fig. 6, based on the target parameter, determining a preset range corresponding to the target parameter, and obtaining a detection result based on the preset range and a signal to be detected, where an implementation manner is as follows:
s15 a: and determining a first preset range corresponding to the first target parameter based on the first target parameter.
S17 a: and obtaining a detection result based on the first preset range and the first physical value parameter corresponding to the signal to be detected.
The value of the first preset range is determined according to the first target parameter calculated by different signals to be detected.
For example, the first preset range may be a first target parameter [ S-d, S + d ], where for different signals to be detected, a value of d may be determined according to a DBC file, and the disclosure is not particularly limited.
Specifically, a first function model corresponding to a signal to be detected is determined in the plurality of function models, a first target parameter is determined based on the first function model, a first preset range is determined based on the first target parameter, then a first logistics value parameter corresponding to the signal to be detected which is actually acquired is compared with the first preset range, when a first physical value parameter corresponding to the signal to be detected is within the first preset range, the signal to be detected is non-abnormal, namely, a CAN message corresponding to the signal to be detected is non-abnormal, and when the first physical value parameter corresponding to the signal to be detected is not within the first preset range, the signal to be detected is abnormal, namely, the CAN message corresponding to the signal to be detected is abnormal.
Therefore, in the embodiment, the detection of the signal to be detected is realized by associating the signal to be detected with other signals included in the CAN message, so that the correctness of the detection result is improved.
Fig. 7 is a schematic flowchart of another communication bus detection method provided in the embodiment of the present disclosure, and fig. 7 is a flowchart of fig. 5, where as shown in fig. 7, on the basis of the target parameter, a preset range corresponding to the target parameter is determined, and a detection result is obtained on the basis of the preset range and a signal to be detected, and an implementation manner is as follows:
s15 b: and determining a second preset range corresponding to the second target parameter based on the second target parameter.
S17 b: and obtaining a detection result based on the second preset range and a second target parameter corresponding to the signal to be detected.
And the value of the second preset range is determined according to the second target parameter calculated by different signals to be detected.
Specifically, a second function model corresponding to the signal to be detected is determined in the plurality of function models, a second target parameter is determined based on the second function model, a second preset range is determined according to the DBC file and the second target parameter, then the second target parameter corresponding to the signal to be detected which is actually acquired is compared with the second preset range, when the second target parameter corresponding to the signal to be acquired is within the second preset range, it is indicated that the signal to be detected is non-abnormal, that is, the CAN message corresponding to the signal to be detected is non-abnormal, and when the second target parameter corresponding to the signal to be acquired is not within the second preset range, it is indicated that the signal to be detected is abnormal, that is, the CAN message corresponding to the signal to be detected is abnormal.
In this way, the present embodiment realizes the detection of the signal to be detected by paying attention to the variation value between the continuous signals to be detected, thereby improving the accuracy of the detection result.
On the basis of the above embodiments, in some embodiments of the present disclosure, the method further includes: and when the detection result indicates that the signal to be detected is abnormal, sending an alarm signal to a user.
Therefore, when the message including the signal to be detected is detected to be abnormal, alarm information is sent to the user in time, so that the user can take safety measures in time, and safety accidents are avoided.
Fig. 8 is a communication bus detection apparatus provided in an embodiment of the present disclosure, including: the device comprises a signal to be detected acquisition module 11, a target parameter acquisition module 13, a preset range determination module 15 and a detection result determination module 17.
The device comprises a to-be-detected signal acquisition module 11, a to-be-detected signal acquisition module and a to-be-detected signal acquisition module, wherein the to-be-detected signal acquisition module is used for acquiring a to-be-detected signal which is any one of at least one signal included in a CAN message;
a target parameter obtaining module 13, configured to calculate a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, where the function model is determined according to the signal to be detected and at least one signal in the CAN message other than the signal to be detected, and/or the function model is determined according to a variation value of at least two consecutive signals to be detected;
a preset range determining module 15, configured to determine, based on the target parameter, a preset range corresponding to the target parameter;
and a detection result determining module 17, configured to obtain a detection result based on the preset range and the signal to be detected, where the detection result is used to indicate that the signal to be detected is abnormal, or the detection result is used to indicate that the signal to be detected is not abnormal.
In the above embodiment, the module 11 for acquiring a signal to be detected further includes: the CAN acquisition module is used for acquiring a CAN message; obtaining at least one signal included in the CAN message based on the CAN message and an extraction mode of the at least one signal included in the CAN message, wherein the extraction mode of the at least one signal is obtained according to a communication protocol specification; and determining the signal to be detected in at least one signal included in the CAN message.
In the above embodiment, the target parameter obtaining module 13 is specifically configured to obtain a physical value conversion mode corresponding to the signal to be detected; determining a first physical value parameter corresponding to the signal to be detected based on the physical value conversion mode; and calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and the function model corresponding to the signal to be detected.
In the above embodiment, the target parameter obtaining module 13 is further specifically configured to, when the function model is determined according to the signal to be detected and at least one signal in the CAN message other than the signal to be detected, input the first physical value parameter into a first function model corresponding to the signal to be detected, and calculate a first target parameter corresponding to the signal to be detected; wherein the first functional model is defined by the following expression:
Figure BDA0003383843390000161
wherein x, y and z are physical value parameters corresponding to other signals except the signal to be detected in at least one signal in the CAN message; a and n represent function model parameters corresponding to physical value parameters of the x signal; b and m represent function model parameters corresponding to physical value parameters of the y signal; c and h represent the function model parameters corresponding to the physical value parameters of the z signal.
In the above embodiment, the target parameter obtaining module 13 is specifically configured to, when the function model is determined according to a variation value of at least two consecutive signals to be detected, input the first physical value parameter into a second function model corresponding to the signals to be detected, and calculate a second target parameter corresponding to the signals to be detected; wherein the second functional model is defined by the following expression:
Sc=Sn-Sn-1
wherein S isn、Sn-1And the first physical value parameters respectively corresponding to two continuous signals to be detected are represented.
In the foregoing embodiment, the preset range determining module 15 is specifically configured to determine, based on the first target parameter, a first preset range corresponding to the first target parameter;
the detection result determining module 17 is specifically configured to obtain a detection result based on the first preset range and a first physical value parameter corresponding to the signal to be detected;
in the above embodiment, the preset range determining module 15 is further specifically configured to determine, based on the second target parameter, a second preset range corresponding to the second target parameter;
the detection result determining module 17 is specifically further configured to obtain a detection result based on the second preset range and a second target parameter corresponding to the signal to be detected.
In this way, in the embodiment, a function model between a signal to be detected and other signals in the CAN message and a function model of a change value between consecutive signals to be detected are constructed, a target parameter corresponding to the signal to be detected is determined according to the function model, a preset range corresponding to the signal to be detected is determined based on the target parameter, and whether the signal to be detected is abnormal is further determined based on the actual signal to be detected and the preset range which are monitored in real time, so that the situation that whether the signal to be detected is abnormal is avoided being determined only for the signal to be detected in the prior art, the incidence relation among a plurality of signals is ignored, and the change value between consecutive signals to be detected is concerned, so that the accuracy of a communication bus detection result is improved.
The apparatus of this embodiment may be used to implement the technical solution of any one of the method embodiments shown in fig. 1 to fig. 7, and the implementation principle and the technical effect are similar, which are not described herein again.
An embodiment of the present disclosure provides an electronic device, as shown in fig. 9, including: the communication bus detection method provided by the embodiment of the disclosure can be implemented when the processor executes the computer program, for example, the technical scheme of any one of the method embodiments shown in fig. 1 to 7 can be implemented when the processor executes the computer program, and the implementation principle and the technical effect are similar, and are not described herein again.
The present disclosure also provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, can implement the communication bus detection method provided in the embodiment of the present disclosure, for example, when executed by the processor, implement the technical solution of any one of the method embodiments shown in fig. 1 to 7, and the implementation principle and the technical effect are similar, and are not described herein again.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for communication bus detection, comprising:
acquiring a signal to be detected, wherein the signal to be detected is any one of at least one signal included in the CAN message;
calculating a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, wherein the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, and/or the function model is determined according to the change value of at least two continuous signals to be detected;
determining a preset range corresponding to the target parameter based on the target parameter;
and obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal, or the detection result is used for indicating that the signal to be detected is non-abnormal.
2. The method of claim 1, wherein before acquiring the signal to be detected, further comprising:
acquiring a CAN message;
obtaining at least one signal included in the CAN message based on the CAN message and an extraction mode of the at least one signal included in the CAN message, wherein the extraction mode of the at least one signal is obtained according to a communication protocol specification;
and determining the signal to be detected in at least one signal included in the CAN message.
3. The method according to claim 1, wherein the calculating the target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected comprises:
acquiring a physical value conversion mode corresponding to the signal to be detected;
determining a first physical value parameter corresponding to the signal to be detected based on the physical value conversion mode;
and calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and the function model corresponding to the signal to be detected.
4. The method according to any one of claims 1 to 3, wherein the calculating a target parameter corresponding to the signal to be detected based on the first physical value parameter and a function model corresponding to the signal to be detected comprises:
when the function model is determined according to the signal to be detected and at least one signal except the signal to be detected in the CAN message, inputting the first physical value parameter into a first function model corresponding to the signal to be detected, and calculating a first target parameter corresponding to the signal to be detected;
wherein the first functional model is defined by the following expression:
Figure FDA0003383843380000021
wherein x, y and z are physical value parameters corresponding to other signals except the signal to be detected in at least one signal in the CAN message; a and n represent function model parameters corresponding to physical value parameters of the x signal; b and m represent function model parameters corresponding to physical value parameters of the y signal; c and h represent the function model parameters corresponding to the physical value parameters of the z signal.
5. The method according to any one of claims 1 to 3, wherein the calculating the target parameter corresponding to the signal to be detected based on the first physical value parameter and the function model corresponding to the signal to be detected comprises:
when the function model is determined according to the change values of at least two continuous signals to be detected, inputting the first physical value parameter into a second function model corresponding to the signals to be detected, and calculating a second target parameter corresponding to the signals to be detected;
wherein the second functional model is defined by the following expression:
Sc=Sn-Sn-1
wherein S isn、Sn-1And the first physical value parameters respectively corresponding to two continuous signals to be detected are represented.
6. The method according to claim 1, wherein the determining the preset range corresponding to the target parameter based on the target parameter comprises:
determining a first preset range corresponding to the first target parameter based on the first target parameter;
obtaining a detection result based on the preset range and the signal to be detected, including:
obtaining a detection result based on the first preset range and a first physical value parameter corresponding to the signal to be detected;
and/or
The determining the preset range corresponding to the target parameter based on the target parameter includes:
determining a second preset range corresponding to the second target parameter based on the second target parameter;
obtaining a detection result based on the preset range and the signal to be detected, including:
and obtaining a detection result based on the second preset range and a second target parameter corresponding to the signal to be detected.
7. The method of claim 1, further comprising:
and when the detection result indicates that the signal to be detected is abnormal, sending an alarm signal to a user.
8. A communication bus detection apparatus, comprising:
the device comprises a to-be-detected signal acquisition module, a to-be-detected signal acquisition module and a to-be-detected signal acquisition module, wherein the to-be-detected signal acquisition module is used for acquiring a to-be-detected signal which is any one of at least one signal included in a CAN message;
a target parameter obtaining module, configured to calculate a target parameter corresponding to the signal to be detected based on the signal to be detected and a function model corresponding to the signal to be detected, where the function model is determined according to the signal to be detected and at least one signal in the CAN message other than the signal to be detected, and/or the function model is determined according to a variation value of at least two consecutive signals to be detected;
the preset range determining module is used for determining a preset range corresponding to the target parameter based on the target parameter;
and the detection result determining module is used for obtaining a detection result based on the preset range and the signal to be detected, wherein the detection result is used for indicating that the signal to be detected is abnormal or indicating that the signal to be detected is not abnormal.
9. An electronic device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN202111442509.8A 2021-11-30 2021-11-30 Communication bus detection method and device, electronic equipment and storage medium Pending CN114095271A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111442509.8A CN114095271A (en) 2021-11-30 2021-11-30 Communication bus detection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111442509.8A CN114095271A (en) 2021-11-30 2021-11-30 Communication bus detection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114095271A true CN114095271A (en) 2022-02-25

Family

ID=80305910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111442509.8A Pending CN114095271A (en) 2021-11-30 2021-11-30 Communication bus detection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114095271A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884857A (en) * 2022-07-13 2022-08-09 中车工业研究院(青岛)有限公司 Signal quality detection method and device and computer readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016125111A1 (en) * 2015-02-05 2016-08-11 Mohite Sumedh Hiraji Systems and methods for monitoring and controlling vehicles
CN106184068A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 Automotive interior network security detection method and device, automobile
CN108011743A (en) * 2017-07-28 2018-05-08 北京经纬恒润科技有限公司 A kind of method and device of direct fault location
CN110351295A (en) * 2019-07-22 2019-10-18 百度在线网络技术(北京)有限公司 Message detecting method and device, electronic equipment, computer-readable medium
CN111311914A (en) * 2020-02-26 2020-06-19 广州小鹏汽车科技有限公司 Vehicle driving accident monitoring method and device and vehicle
CN112491920A (en) * 2020-12-07 2021-03-12 北京天融信网络安全技术有限公司 Abnormity detection method and device for vehicle-mounted CAN bus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016125111A1 (en) * 2015-02-05 2016-08-11 Mohite Sumedh Hiraji Systems and methods for monitoring and controlling vehicles
CN106184068A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 Automotive interior network security detection method and device, automobile
CN108011743A (en) * 2017-07-28 2018-05-08 北京经纬恒润科技有限公司 A kind of method and device of direct fault location
CN110351295A (en) * 2019-07-22 2019-10-18 百度在线网络技术(北京)有限公司 Message detecting method and device, electronic equipment, computer-readable medium
CN111311914A (en) * 2020-02-26 2020-06-19 广州小鹏汽车科技有限公司 Vehicle driving accident monitoring method and device and vehicle
CN112491920A (en) * 2020-12-07 2021-03-12 北京天融信网络安全技术有限公司 Abnormity detection method and device for vehicle-mounted CAN bus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884857A (en) * 2022-07-13 2022-08-09 中车工业研究院(青岛)有限公司 Signal quality detection method and device and computer readable storage medium
CN114884857B (en) * 2022-07-13 2022-10-25 中车工业研究院(青岛)有限公司 Signal quality detection method and device and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN111030962B (en) Vehicle-mounted network intrusion detection method and computer-readable storage medium
US9767624B2 (en) Method and system for retrieving vehicular parameters from a vehicle data bus
CN109033829A (en) Vehicle network intrusion detection householder method, apparatus and system
US20130231894A1 (en) Method and apparatus for providing battery information
CN104512423A (en) System for informing functions of vehicle
CN112491920A (en) Abnormity detection method and device for vehicle-mounted CAN bus
Gao et al. Intrusion detection system using SOEKS and deep learning for in-vehicle security
CN110392046B (en) Method and device for detecting abnormity of network access
Bozdal et al. WINDS: A wavelet-based intrusion detection system for Controller Area Network (CAN)
CN114095271A (en) Communication bus detection method and device, electronic equipment and storage medium
CN113163369A (en) Vehicle intrusion prevention processing method and device and automobile
CN113703868A (en) Vehicle diagnostic software configuration method, electronic device and readable storage medium
CN114157469B (en) Vehicle-mounted network variant attack intrusion detection method based on domain antagonism neural network
JP2023031255A (en) Anomaly detection
CN102868685A (en) Method and device for judging automatic scanning behavior
CN109117639A (en) A kind of detection method and device of intrusion risk
CN112345869A (en) Automobile electronic equipment testing method and system, electronic equipment and storage medium
CN111858140A (en) Method, device, server and medium for checking pollutant monitoring data
CN115278757A (en) Method and device for detecting abnormal data and electronic equipment
CN111860661B (en) Data analysis method and device based on user behaviors, electronic equipment and medium
CN111866017B (en) Method and device for detecting abnormal frame interval of CAN bus
Li et al. GAN model using field fuzz mutation for in-vehicle CAN bus intrusion detection
CN107909809B (en) Power failure alarm verification method, equipment and computer readable storage medium
CN110782114A (en) Driving behavior mining method and device, electronic equipment and storage medium
CN206331587U (en) The detection means and system of rule riding are not conformed to

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220225