CN115021977A - Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium - Google Patents

Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium Download PDF

Info

Publication number
CN115021977A
CN115021977A CN202210533599.XA CN202210533599A CN115021977A CN 115021977 A CN115021977 A CN 115021977A CN 202210533599 A CN202210533599 A CN 202210533599A CN 115021977 A CN115021977 A CN 115021977A
Authority
CN
China
Prior art keywords
information
vehicle
mobile terminal
log
machine system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210533599.XA
Other languages
Chinese (zh)
Inventor
赵豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weilai Automobile Technology Anhui Co Ltd
Original Assignee
Weilai Automobile Technology Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weilai Automobile Technology Anhui Co Ltd filed Critical Weilai Automobile Technology Anhui Co Ltd
Priority to CN202210533599.XA priority Critical patent/CN115021977A/en
Publication of CN115021977A publication Critical patent/CN115021977A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application relates to a vehicle-mounted machine system, a vehicle comprising the same, an early warning method and a storage medium. The car machine system includes: the safety log module is configured to collect log information generated when the car machine system runs; a communication module configured to send the log information to a mobile terminal and receive risk pre-warning information and a recommended solution from the mobile terminal, wherein the risk pre-warning information and the recommended solution are generated by the mobile terminal according to the log information; and a risk pre-warning module configured to present the risk pre-warning information and/or the recommended solutions.

Description

Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium
Technical Field
The present application relates to the field of vehicle safety, and in particular, to a vehicle-mounted device system, a vehicle including the same, a risk early warning method executed by the vehicle-mounted device system, and a computer-readable storage medium.
Background
Automobiles as vehicles are now increasingly featuring their capabilities as intelligent terminals. Meanwhile, the risk of information security of the car system configured on the car is also more and more emphasized. The secondary hazards posed by the vehicle system after an attack (e.g., even a partial operational failure of the vehicle) are significant and require a higher level of security. However, most of the calculation force of the vehicle-mounted machine system is used for driving-related calculation in the driving process (particularly in the auxiliary driving process), and only relatively few resources are allocated to attack detection of information security. On the other hand, in many scenarios, after the smart car machine is attacked, the attack detection capability of the smart car machine is also greatly reduced.
In view of the above, there is a need for an improved security mechanism.
Disclosure of Invention
The embodiment of the application provides a vehicle-mounted machine system, a vehicle comprising the vehicle-mounted machine system, a risk early warning method executed by the vehicle-mounted machine system and a computer-readable storage medium, and the risk early warning method is used for warning risks of the vehicle-mounted machine system.
According to an aspect of the present application, a vehicle machine system is provided. The car machine system includes: the safety log module is configured to collect log information generated when the car machine system operates; a communication module configured to send the log information to a mobile terminal and receive risk pre-warning information from the mobile terminal, wherein the risk pre-warning information is generated by the mobile terminal according to the log information; and a risk pre-warning module configured to present the risk pre-warning information.
In some embodiments of the present application, optionally, the risk pre-warning module is further configured to present a recommended solution, and the recommended solution is generated by the mobile terminal according to the log information.
In some embodiments of the present application, optionally, the log information includes at least one of the following items of the car machine system: the system comprises a system operation log, an Electronic Control Unit (ECU) operation log, authority change information, file operation information, network communication information, chip physical information and chip power consumption information.
In some embodiments of the present application, optionally, the mobile terminal performs software attack detection and hardware attack detection according to the log information to generate the risk early warning information.
In some embodiments of the present application, optionally, the software attack detection comprises at least one of: authority detection, namely determining whether unexpected privilege authority is called or an authority list is modified according to authority change information in the log information; file detection, namely determining whether a sensitive file is modified or abnormally read according to file operation information in the log information; network detection, namely determining whether network links in a non-white list exist according to network communication information in the log information; and interface detection, which determines whether a sensitive or privileged interface is abnormally called or abnormally modified according to a system operation log in the log information.
In some embodiments of the present application, optionally, the hardware attack detection comprises at least one of: firmware attack detection, namely determining whether the firmware used by each ECU on the current vehicle is modified or replaced according to the running log of the ECU in the log information; hardware serial number detection, namely determining whether serial numbers of various hardware on the current vehicle machine are modified according to physical information of chips in the log information to determine whether the hardware is maliciously replaced; and detecting hardware power, and determining whether suspected malicious software runs or not according to the power consumption information of the chip in the log information.
In some embodiments of the present application, optionally, the risk pre-warning information further includes information generated by the mobile terminal through radio attack detection, and the radio attack detection includes the mobile terminal determining whether there is an aggressive radio signal through radio scanning.
In some embodiments of the present application, optionally, the mobile terminal is further configured to present the risk pre-warning information and/or the recommended solution.
According to another aspect of the present application, a vehicle is provided. The vehicle comprises any one of the vehicle machine systems described above.
According to another aspect of the application, a risk early warning method executed by a vehicle machine system is provided. The method comprises the following steps: collecting log information generated in operation; sending the log information to a mobile terminal; and receiving and presenting risk early warning information from the mobile terminal, wherein the risk early warning information is generated by the mobile terminal according to the log information.
In some embodiments of the present application, optionally, the method further comprises: presenting a recommended solution, wherein the recommended solution is generated by the mobile terminal according to the log information.
In some embodiments of the present application, optionally, the log information includes at least one of the following items of the car machine system: the system comprises a system operation log, an Electronic Control Unit (ECU) operation log, authority change information, file operation information, network communication information, chip physical information and chip power consumption information.
In some embodiments of the present application, optionally, the mobile terminal performs software attack detection and hardware attack detection according to the log information to generate the risk early warning information.
In some embodiments of the present application, optionally, the software attack detection comprises at least one of: authority detection, namely determining whether unexpected privilege authority is called or an authority list is modified according to authority change information in the log information; file detection, namely determining whether a sensitive file is modified or abnormally read according to file operation information in the log information; network detection, namely determining whether network links in a non-white list exist according to network communication information in the log information; and interface detection, which determines whether a sensitive or privileged interface is abnormally called or abnormally modified according to a system operation log in the log information.
In some embodiments of the present application, optionally, the hardware attack detection comprises at least one of: firmware attack detection, namely determining whether the firmware used by each ECU on the current vehicle is modified or replaced according to the running log of the ECU in the log information; hardware serial number detection, namely determining whether serial numbers of various hardware on the current vehicle machine are modified according to physical information of chips in the log information to determine whether the hardware is maliciously replaced; and detecting hardware power, and determining whether suspected malicious software runs or not according to the power consumption information of the chip in the log information.
In some embodiments of the present application, optionally, the risk pre-warning information further includes information generated by the mobile terminal through radio attack detection, and the radio attack detection includes the mobile terminal determining whether there is an aggressive radio signal through radio scanning.
In some embodiments of the present application, optionally, the method further comprises: presenting, by the mobile terminal, the risk pre-warning information and/or the recommended solutions.
According to another aspect of the present application, there is provided a computer-readable storage medium having stored therein instructions, which when executed by a processor, cause the processor to perform any one of the risk pre-warning methods described above.
According to the vehicle-mounted device system, the vehicle comprising the vehicle-mounted device system, the risk early warning method executed by the vehicle-mounted device system and the computer-readable storage medium, information safety risks of the vehicle-mounted device system can be detected and early warned by using the mobile terminal of the user. The risk finding and solving mechanism can effectively reduce the risk of vehicle malicious damage under the application scene that the vehicle-mounted machine system participates in automatic driving/auxiliary driving widely nowadays.
Drawings
The above and other objects and advantages of the present application will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings, in which like or similar elements are designated by like reference numerals.
FIG. 1 illustrates a system of a car machine system and a mobile terminal according to an embodiment of the present application;
fig. 2 illustrates a risk pre-warning method performed by a vehicle machine system according to an embodiment of the present application.
Detailed Description
For the purposes of brevity and explanation, the principles of the present application are described herein with reference primarily to exemplary embodiments thereof. However, those skilled in the art will readily recognize that the same principles are equally applicable to all types of in-vehicle systems and vehicles incorporating the same, risk pre-warning methods performed by the in-vehicle systems, and computer-readable storage media, and that these same or similar principles may be implemented therein, with any such variations not departing from the true spirit and scope of the present application.
One aspect of the present application provides a car machine system. As shown in fig. 1, the system 10 includes a car machine system 101 and a mobile terminal 102 according to some embodiments of the present invention. The car machine system 101 comprises a safety log module, a communication module and a risk early warning module. The in-vehicle machine system 101 may be composed of general-purpose or special-purpose software and hardware, and may provide an interface to an external device (e.g., the mobile terminal 102) to achieve a functional complement. For example, the mobile terminal 102 may be connected to the in-vehicle machine system 101, so as to implement the function of controlling the mobile terminal 102 at the in-vehicle machine system 101. The mobile terminal 102 may be a smart phone, in some scenarios, the in-vehicle system 101 may control the mobile terminal 102 to make a call and play music, and the in-vehicle system 101 may be an audio output device of the mobile terminal 102 at this time. The mobile terminal 102 may also be other forms of portable devices, such as, for example, a smart PDA, a laptop computer, a tablet computer, etc.
However, the in-vehicle system 101 is normally in an on state all the time when the user uses the vehicle. In particular, during assisted driving, most of the computational effort of the in-vehicle system 101 is used to process driving-related calculations, so that less resources are available for attack detection assigned to information security. In addition, when the car machine system 101 is attacked, its own attack detection capability is also degraded. The mobile terminal 102 can operate independently of the car machine system 101, thereby providing a large amount of idle resources such as computing power. Therefore, a large amount of idle resources of the mobile terminal 102 can be used for assisting the in-vehicle machine system 101 to perform attack detection, which is helpful for improving the security of the in-vehicle machine system 101.
The security log module of the in-vehicle machine system 101 is configured to collect log information generated when the in-vehicle machine system 101 runs. The operating system of the car machine system 101 may record various recorded information of the car machine system 101 during the operation period and save the recorded information in a log form. These saved log information may be saved for a period of time and may be used for analysis afterwards. In addition, the saved logs can also be used for in-the-fact analysis in real/near real time.
In some embodiments of the present application, the log information may include a system operation log generated by the in-vehicle system 101 during operation, an operation log of the electronic control unit ECU, authority change information, file operation information, network communication information, physical information of the chip, power consumption information of the chip, and the like.
The communication module of the car machine system 101 is configured to transmit the log information to the mobile terminal 102. The mobile terminal 102 may receive the log information from the car machine system 101 through a communication module thereof, and generate risk early warning information according to the log information. Since the mobile terminal 102 has a software and hardware environment independent of the in-vehicle system 101, the system operation condition of the in-vehicle system 101 can be analyzed without using software and hardware resources of the in-vehicle system 101, and thus information capable of warning the risk operation of the in-vehicle system 101 is generated. Because the early warning mechanism does not depend on the software and hardware resources of the in-vehicle machine system 101, a bypass detection scheme can be provided when the software and hardware resources of the in-vehicle machine system 101 are not enough to analyze the running safety state of the equipment. The in-vehicle machine system 101 will then receive the risk pre-warning information from the mobile terminal 102 through the communication module, and present the risk pre-warning information through the risk pre-warning module of the in-vehicle machine system 101. For example, the risk early warning module may pop up a prompt box through a large screen of the car machine system 101 to indicate that a service, a program, and the like with a risk are running on the car machine system 101.
In some embodiments of the present application, the mobile terminal 102 may perform software attack detection and hardware attack detection respectively according to the log information to generate risk early warning information. As the name suggests, software attack detection mainly detects the attack of a software part, and hardware attack detection mainly detects the attack of an intelligent networking automobile hardware part. The classification of this type of detection is determined primarily by the type of attack and the type of log information to be analyzed.
In some embodiments of the present application, the software attack detection performed by the mobile terminal 102 may include the following: the permission detection module of the mobile terminal 102 may perform permission detection so that it may be determined whether an unexpected privilege permission is invoked or a permission list is modified according to the permission change information in the log information. The file detection module can perform file detection, so that whether a sensitive file is modified or abnormally read can be determined according to the file operation information in the log information. The network detection module may perform network detection so that whether there are network links in the non-whitelist may be determined from the network communication information in the log information. The interface detection module can execute interface detection, so that whether a sensitive or privileged interface is abnormally called or abnormally modified can be judged according to a system operation log in log information.
Abnormal rights acquisition, abnormal file modification, abnormal network connection, and abnormal interface calls are typical forms of attack. Some embodiments of the present application implement, by means of the mobile terminal 102 (specifically, the functional module therein), checking of these common attack forms, so as to ensure information security of the in-vehicle machine system 101.
In addition to checking for system and software level attacks, the mobile terminal 102 may also check for hardware level attacks. In some embodiments of the present application, the hardware attack detection performed by the mobile terminal 102 may include the following: the firmware attack detection module of the mobile terminal 102 may perform firmware attack detection, so that whether the firmware used by each ECU currently on the vehicle is modified or replaced may be determined according to the running log of the electronic control unit ECU in the log information. The hardware serial number detection module can execute hardware serial number detection, so that whether the serial numbers of the hardware on the vehicle are modified or not can be determined according to the physical information of the chip in the log information, and whether the hardware is maliciously replaced or not can be determined. The hardware power detection module may perform hardware power detection, so as to determine whether suspected malware is running according to power consumption information of the chip in the log information.
It is described above that the risk early warning module of the in-vehicle machine system 101 may present the risk early warning information received from the mobile terminal 102. Additionally or alternatively, in some embodiments of the present application, the mobile terminal 102 may also generate a recommended solution based on the log information. The risk early warning module of the car machine system 101 may also present recommended solutions. The recommended solution may be to immediately disable the risky services, programs, etc., limit the rights of the risky services, programs, etc. For example, in a case where a prompt box pops up on the large screen of the in-vehicle machine system 101 to indicate that a risky service or program is running on the in-vehicle machine system 101, a dialog box of "deactivate program/service" may be popped up on the large screen together. If the user selects the recommended solution on the dialog box to disable the program/service, the operating system of the in-vehicle machine system 101 may force to disable the corresponding program/service.
In some embodiments of the present application, the risk pre-warning information further includes information generated by the mobile terminal 102 through radio attack detection, and the radio attack detection includes the mobile terminal 102 determining whether there is an aggressive radio signal through radio scanning. For example, the mobile terminal 102 may turn on the scan mode through its own radio device, such as bluetooth, Wi-Fi, NFC module, etc., so as to determine whether there is a signal of the corresponding wireless protocol having an offensive nature in the vicinity of the mobile terminal 102 (i.e., the vicinity of the vehicle, the vicinity of the in-vehicle system 101). For example, the mobile terminal 102 may detect a denial of service attack signal of a bluetooth key, relay attack information, a relay attack signal of a Wi-Fi protocol, and the like.
In some embodiments of the present application, the mobile terminal 102 is further configured to present risk pre-warning information and/or recommend solutions. In the above, it is introduced that the car machine system 101 can use its screen to present information such as risk early warning information and recommended solution. In addition, the screen of the mobile terminal 102 may also be used to present such information, thereby ensuring that such information can be communicated to the driver, vehicle control personnel, and the like.
Another aspect of the present application provides a vehicle. The vehicle comprises a vehicle machine system as any one of the above. Compared with a vehicle with a traditional vehicle machine system, the vehicle with the vehicle machine system has stronger safety protection performance, so that the vehicle using safety is improved. The present application does not limit the form and driving force of the vehicle. For example, the vehicle may be a family car, SUV, truck, or the like. The power for the vehicle may be provided by conventional fossil fuels, by compressed hydrogen, or directly by electricity.
Another aspect of the application provides a risk early warning method executed by a vehicle machine system. As shown in fig. 2, a risk early warning method 20 (hereinafter referred to as method 20) executed by a vehicle system includes the following steps: collecting log information generated at runtime in step S202; transmitting the log information to the mobile terminal in step S204; and receiving and presenting risk early warning information from the mobile terminal in step S206, wherein the risk early warning information is generated by the mobile terminal according to the log information. The specific contents of steps S202, S204, and S206 in the risk pre-warning method 20 may be expanded with reference to the description of the related functions of the security log module, the communication module, and the risk pre-warning module included in the in-vehicle machine system 101, which is not described herein for brevity, and the above contents are also incorporated herein.
In some embodiments of the present application, the method 20 further comprises the steps of: and presenting the recommended solution by the vehicle-mounted machine system, wherein the recommended solution is generated by the mobile terminal according to the log information.
In some embodiments of the present application, the log information includes at least one of the following items of the in-vehicle machine system: the system comprises a system operation log, an Electronic Control Unit (ECU) operation log, authority change information, file operation information, network communication information, chip physical information and chip power consumption information.
In some embodiments of the present application, the mobile terminal performs software attack detection and hardware attack detection according to the log information to generate risk early warning information. In some embodiments of the present application, the software attack detection includes at least one of: authority detection, namely determining whether unexpected privilege authority is called or an authority list is modified according to authority change information in the log information; file detection, namely determining whether a sensitive file is modified or abnormally read according to file operation information in the log information; network detection, namely determining whether network links in a non-white list exist according to network communication information in the log information; and interface detection, which determines whether a sensitive or privileged interface is abnormally called or abnormally modified according to a system operation log in the log information. In some embodiments of the present application, the hardware attack detection includes at least one of: firmware attack detection, namely determining whether the firmware used by each ECU on the current vehicle is modified or replaced according to the running log of the ECU in the log information; hardware serial number detection, namely determining whether serial numbers of various hardware on the current vehicle machine are modified according to physical information of chips in log information to determine whether the hardware is maliciously replaced; and detecting hardware power, namely determining whether suspected malicious software is operated according to the power consumption information of the chip in the log information.
In some embodiments of the present application, the risk pre-warning information further includes information generated by the mobile terminal through radio attack detection, and the radio attack detection includes the mobile terminal determining whether there is an aggressive radio signal through radio scanning.
In some embodiments of the present application, the method 20 further comprises: and presenting risk early warning information and/or recommending a solution by the mobile terminal.
According to another aspect of the present application, there is provided a computer-readable storage medium having stored therein instructions, which when executed by a processor, cause the processor to execute any one of the above risk early warning methods executed by a vehicle machine system. Computer-readable media, as referred to in this application, includes all types of computer storage media, which can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, computer-readable media may include RAM, ROM, EPROM, E 2 PROMs, registers, hard disks, removable disks, CD-ROMs or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any form of machine-readable storage medium capable of being used to carry or store instructions or data structuresOr any other transitory or non-transitory medium that can be accessed by a general purpose or special purpose computer, or a general purpose or special purpose processor. A disk, as used herein, typically reproduces data magnetically, whereas a disc reproduces data optically with a laser. Combinations of the above should also be included within the scope of computer-readable media. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
According to the vehicle-mounted device system and the like provided by some embodiments of the application, the mobile terminal of the user can be used for detecting and early warning the information safety risk of the vehicle-mounted device system. The risk finding and solving mechanism can effectively reduce the risk of vehicle malicious damage under the application scene that the vehicle-mounted machine system participates in automatic driving/auxiliary driving widely nowadays. The application provides a threat perception and protection scheme for using a credible smart phone and other mobile terminals of a user to perform security attack on a vehicle-mounted machine system in the driving process. The above are merely specific embodiments of the present application, but the scope of the present application is not limited thereto. Other possible variations or substitutions may occur to those skilled in the art based on the teachings herein, and are intended to be covered by the present disclosure. In the present invention, the embodiments and features of the embodiments may be combined with each other without conflict. The scope of protection of the present application is subject to the description of the claims.

Claims (13)

1. The utility model provides a car machine system, its characterized in that, car machine system includes:
the safety log module is configured to collect log information generated when the car machine system operates;
a communication module configured to send the log information to a mobile terminal and receive risk pre-warning information and a recommended solution from the mobile terminal, wherein the risk pre-warning information and the recommended solution are generated by the mobile terminal according to the log information; and
a risk pre-warning module configured to present the risk pre-warning information and/or the recommended solutions.
2. The in-vehicle machine system according to claim 1, wherein the log information comprises at least one of the following items of the in-vehicle machine system: the system comprises a system operation log, an Electronic Control Unit (ECU) operation log, authority change information, file operation information, network communication information, chip physical information and chip power consumption information.
3. The in-vehicle machine system according to claim 2, wherein the mobile terminal performs software attack detection and hardware attack detection according to the log information to generate the risk early warning information.
4. The in-vehicle machine system of claim 3, wherein the software attack detection comprises at least one of:
authority detection, namely determining whether unexpected privilege authority is called or an authority list is modified according to authority change information in the log information;
file detection, namely determining whether a sensitive file is modified or abnormally read according to file operation information in the log information;
network detection, namely determining whether network links in a non-white list exist according to network communication information in the log information; and
and interface detection, namely determining whether a sensitive or privileged interface is abnormally called or abnormally modified according to a system operation log in the log information.
5. The in-vehicle machine system of claim 3, wherein the hardware attack detection comprises at least one of:
firmware attack detection, namely determining whether the firmware used by each ECU on the vehicle is modified or replaced according to the running logs of the ECUs in the log information;
hardware serial number detection, namely determining whether serial numbers of various hardware on the current vehicle machine are modified according to physical information of chips in the log information to determine whether the hardware is maliciously replaced; and
and detecting the hardware power, and determining whether suspected malicious software runs or not according to the power consumption information of the chip in the log information.
6. The in-vehicle machine system according to claim 3, wherein the risk pre-warning information further includes information generated by the mobile terminal through radio attack detection, and the radio attack detection includes the mobile terminal determining whether there is an aggressive radio signal through radio scanning.
7. The in-vehicle machine system according to claim 1, wherein the mobile terminal is further configured to present the risk pre-warning information and/or the recommended solution.
8. A vehicle, characterized in that the vehicle comprises a vehicle machine system according to any one of claims 1-7.
9. A risk early warning method executed by a vehicle machine system is characterized by comprising the following steps:
collecting log information generated in operation;
sending the log information to a mobile terminal; and
and receiving and presenting risk early warning information from the mobile terminal, wherein the risk early warning information is generated by the mobile terminal according to the log information.
10. The method of claim 9, further comprising: presenting a recommended solution, wherein the recommended solution is generated by the mobile terminal according to the log information.
11. The method of claim 9, wherein the log information comprises at least one of the following items of a car machine system: the system comprises a system operation log, an Electronic Control Unit (ECU) operation log, authority change information, file operation information, network communication information, chip physical information and chip power consumption information.
12. The method of claim 9, wherein the mobile terminal performs software attack detection and hardware attack detection according to the log information to generate the risk pre-warning information.
13. A computer-readable storage medium having instructions stored therein, which when executed by a processor, cause the processor to perform the method of any one of claims 9-12.
CN202210533599.XA 2022-05-17 2022-05-17 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium Pending CN115021977A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210533599.XA CN115021977A (en) 2022-05-17 2022-05-17 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210533599.XA CN115021977A (en) 2022-05-17 2022-05-17 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium

Publications (1)

Publication Number Publication Date
CN115021977A true CN115021977A (en) 2022-09-06

Family

ID=83068292

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210533599.XA Pending CN115021977A (en) 2022-05-17 2022-05-17 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium

Country Status (1)

Country Link
CN (1) CN115021977A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495439A (en) * 2017-09-11 2019-03-19 通用汽车环球科技运作有限责任公司 System and method for in-vehicle network intrusion detection
CN112233278A (en) * 2020-12-09 2021-01-15 智道网联科技(北京)有限公司 Remote fault analysis method, vehicle-mounted terminal, server, device and medium
CN112636957A (en) * 2020-12-11 2021-04-09 微医云(杭州)控股有限公司 Early warning method and device based on log, server and storage medium
CN113064772A (en) * 2021-03-04 2021-07-02 深圳依时货拉拉科技有限公司 Vehicle-mounted terminal, remote self-checking and fault early warning method thereof and server
CN113348111A (en) * 2019-01-21 2021-09-03 Ntt通信公司 Vehicle safety monitoring device, method, and program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495439A (en) * 2017-09-11 2019-03-19 通用汽车环球科技运作有限责任公司 System and method for in-vehicle network intrusion detection
CN113348111A (en) * 2019-01-21 2021-09-03 Ntt通信公司 Vehicle safety monitoring device, method, and program
CN112233278A (en) * 2020-12-09 2021-01-15 智道网联科技(北京)有限公司 Remote fault analysis method, vehicle-mounted terminal, server, device and medium
CN112636957A (en) * 2020-12-11 2021-04-09 微医云(杭州)控股有限公司 Early warning method and device based on log, server and storage medium
CN113064772A (en) * 2021-03-04 2021-07-02 深圳依时货拉拉科技有限公司 Vehicle-mounted terminal, remote self-checking and fault early warning method thereof and server

Similar Documents

Publication Publication Date Title
US8952800B2 (en) Prevention of texting while operating a motor vehicle
US9525700B1 (en) System and method for detecting malicious activity and harmful hardware/software modifications to a vehicle
CN113065195B (en) Vehicle information security threat assessment method, device, medium and electronic equipment
EP2988472B1 (en) Method for detecting eavesdropping activity and terminal device
CN112640516B (en) Wireless interference detection method and device
US20220247772A1 (en) Attack monitoring center apparatus and attack monitoring terminal apparatus
CN112525553A (en) Vehicle fault remote diagnosis method and related equipment
WO2020050761A1 (en) Method to detect vehicle component or system failure
CN102486750A (en) Device for dynamic analysis of embedded software of vehicle
US11971982B2 (en) Log analysis device
CN114995330A (en) Vehicle CAN bus intrusion detection test method and test system
CN115021977A (en) Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium
KR20130077020A (en) Ecu monitoring system and monitoring method
US20230007034A1 (en) Attack analyzer, attack analysis method and attack analysis program
CN116340092A (en) Security monitoring method, device, equipment and medium for software development kit
CN115534867A (en) Vehicle anti-theft method, device, vehicle and storage medium
CN107205241B (en) Wireless communication detection method and equipment thereof
CN114630329A (en) Method and device for identifying relay attack in PEPS scene
CN115022058A (en) Safety detection method and device for controller local area network and electronic equipment
JP2022017873A (en) Unauthorized intrusion prevention device, unauthorized intrusion prevention method, and unauthorized intrusion prevention program
Najafi et al. Data leakage prevention model for vehicular networks
US11341238B2 (en) Electronic device intrusion detection
CN115296894B (en) In-vehicle privacy data risk assessment method and device, electronic equipment and storage medium
Rao et al. Accident Detection in Vehicular Networks Using Android-based Smartphones
CN114003913B (en) Operation control method and device for application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination