CN115951647A - Abnormal event detection method and system for UDS vehicle diagnosis service scene - Google Patents
Abnormal event detection method and system for UDS vehicle diagnosis service scene Download PDFInfo
- Publication number
- CN115951647A CN115951647A CN202211271505.2A CN202211271505A CN115951647A CN 115951647 A CN115951647 A CN 115951647A CN 202211271505 A CN202211271505 A CN 202211271505A CN 115951647 A CN115951647 A CN 115951647A
- Authority
- CN
- China
- Prior art keywords
- response code
- abnormal event
- uds
- message
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention relates to an abnormal event detection method and system for a UDS vehicle diagnosis service scene. The abnormal event detection method facing the UDS vehicle diagnosis service scene comprises the following steps: step S1, establishing a mapping table for recording a mapping relation from a response code set of a UDS message to an abnormal event type set of an abnormal event; s2, acquiring a diagnosis communication message containing a service identifier and a corresponding response code from a vehicle-mounted bus; s3, analyzing the diagnosis communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code; s4, judging whether the current response code is matched with the response codes in the response code set; s5, acquiring a corresponding abnormal event type from a mapping table according to the response code matching result; and S6, outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
Description
Technical Field
The invention belongs to the technical field of automotive electronic information security, and particularly relates to an abnormal event detection method and system for a UDS vehicle diagnosis service scene.
Background
Early vehicle fault diagnosis must rely on experienced professional maintenance personnel, requiring significant labor and time costs. After a diagnostic module is deployed in an Electronic Control Unit (ECU) of an automobile, a fault code is automatically generated when the automobile breaks down and stored in the diagnostic module, and at the moment, the diagnostic instrument can read the fault code to know the root cause of the automobile breaking down. In addition to reading fault information, the automotive diagnostic service may perform diagnostics and communication management, data transmission, online programming, and functional and component testing.
However, the development, deployment, implementation, and maintenance of different diagnostic service protocols can introduce unnecessary costs to the overall vehicle manufacturer, system supplier, and ECU supplier. Universal Diagnostic Services (UDS) is a Diagnostic communication protocol in the automotive electronic ECU environment specified by international standard ISO14229, and has received approval from international and domestic automotive manufacturers. UDS services may be deployed on CAN, LIN, flexray, internet, and K-line buses. The UDS service is widely applied, and a malicious attacker can utilize the universality of the UDS service to damage the automobile safety.
Disclosure of Invention
The present invention is made to solve the above problems, and an object of the present invention is to provide an abnormal event detection method and system for a UDS vehicle diagnostic service scenario, which can effectively detect an abnormal event existing in the UDS vehicle diagnostic service scenario in time, thereby ensuring the safety of an automotive electronic control unit.
In order to achieve the purpose, the invention adopts the following scheme:
< embodiment one >
The invention provides an abnormal event detection method for a UDS vehicle diagnosis service scene, which is characterized by comprising the following steps:
step S1, establishing a mapping table for recording a mapping relation from a response code set of a UDS message to an abnormal event type set of an abnormal event;
s2, acquiring a diagnosis communication message containing a service identifier and a corresponding response code from the vehicle-mounted bus;
s3, analyzing the diagnosis communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code;
s4, judging whether the current response code is matched with the response codes in the response code set;
s5, acquiring a corresponding abnormal event type from a mapping table according to the response code matching result;
and S6, outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention also has the following characteristics that: in step S1, the UDS message includes a unified diagnostic service message specified in international standard ISO14229 and applied to an automotive electronic control unit environment, and a user-defined custom diagnostic service message conforming to a format specified in international standard ISO 14229.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention can also have the following characteristics: in step S1, the exception type of the exception includes UDS denial of service, UDS detection, illegal UDS request, illegal acquisition right, and data security threat.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention can also have the following characteristics: in step S2, the diagnostic communication packet is collected in a real-time collection or diagnostic packet log collection manner.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention can also have the following characteristics: in step S2, the diagnostic communication packet includes a request packet and a response packet of the diagnostic service, and the response packet is an affirmative response packet or a negative response packet.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention can also have the following characteristics: in step S3, the current service identifier and the response code are both parsed from the diagnostic communication packet according to the packet format specified in international standard ISO 14229.
The abnormal event detection method for the UDS vehicle diagnosis service scene provided by the invention also has the following characteristics that: wherein, in step S6, an abnormal event report is formed by a command line terminal, a visual interface or a log file.
< scheme two >
The invention also provides an abnormal event detection system facing the UDS vehicle diagnosis service scene, which is characterized by comprising the following steps: the mapping table establishing module is used for establishing a mapping table for recording the mapping relation from the response code set of the UDS message to the abnormal type set of the abnormal event; the message acquisition module is used for acquiring a diagnosis communication message containing the service identifier and the corresponding response code from the vehicle-mounted bus; the message analysis module is used for analyzing the diagnostic communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code; the response matching judgment module is used for judging whether the current response code is matched with the response codes in the response code set; the abnormal event type acquisition module is used for acquiring a corresponding abnormal event type from the mapping table according to the response code matching result; and the abnormal event report output module is used for outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
Action and Effect of the invention
According to the abnormal event detection method and system for the UDS vehicle diagnosis service scene, a mapping table for recording the mapping relation from a response code set of a UDS message to an abnormal event type set of an abnormal event is established, a diagnosis communication message which is acquired from a vehicle-mounted bus and contains a service identifier and a corresponding response code is analyzed to obtain a current service identifier and a corresponding current response code, whether the current response code is matched with the response code in the response code set or not is judged, the corresponding abnormal event type is acquired from the mapping table according to the response code matching result, and an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier is output.
Drawings
FIG. 1 is an operational flow diagram of an abnormal event detection method for a UDS vehicle diagnostic service-oriented scenario in an embodiment of the present invention; and
FIG. 2 is a block diagram of an abnormal event detection system for a UDS vehicle diagnostic service scenario in an embodiment of the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is specifically explained in the following with the combination of the embodiment and the attached drawings.
< example >
Referring to fig. 1, in the present embodiment, a method for detecting an abnormal event in a UDS vehicle diagnostic service scenario, where a user detects an abnormal event in the UDS vehicle diagnostic service scenario, includes the following steps S1 to S6.
Step S1, establishing a mapping table for recording the mapping relation from a response code set of the UDS message to an abnormal event type set of an abnormal event.
Specifically, step S1 builds and maintains the mapping table described above according to domain expert knowledge.
The UDS message includes a unified diagnostic Service message applied to an automotive electronic control unit environment specified by international standard ISO14229, and a customized diagnostic Service message corresponding to a user-defined diagnostic Service and conforming to a format specified by international standard ISO14229, that is, information such as a Service Identifier (SID), a Service function, a positive response code, and a negative response code in the UDS message conforms to a diagnostic communication protocol specified by international standard ISO 14229.
The abnormal events refer to information security threats possibly caused by different diagnostic services to the automobile ECU, and the types of the abnormal events comprise UDS denial services, UDS detection, illegal UDS requests, illegal acquisition rights and data security threats.
The mapping table for recording the mapping relationship from the response code set of the UDS packet to the abnormal event type set of the abnormal event, which is established in this embodiment, is shown in table 1. NRC is an abbreviation of Negative Response Code (Negative Response Code), which can be parsed and read from the UDS diagnostic message.
TABLE 1 mapping table
Step S2, a diagnostic communication packet containing the service identifier and the corresponding response code is collected from the on-board bus 200.
Specifically, in step S2, a diagnostic communication packet is collected by real-time collection or diagnostic packet log collection.
The diagnostic communication message includes a request message and a response message of the diagnostic service, and the response message includes a positive response message or a negative response message.
And S3, analyzing the diagnosis communication message to obtain a service identifier serving as the current service identifier and a corresponding response code serving as the current response code.
Specifically, the current service identifier and the response code are both parsed from the diagnostic communication message according to the message format specified in international standard ISO 14229.
And S4, judging whether the current response code is matched with the response codes in the response code set.
And S5, acquiring the corresponding abnormal event type from the mapping table according to the response code matching result.
And S6, outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
Specifically, the abnormal event report is output in the form of a command line terminal, a visual interface or a log file.
Correspondingly, the invention also provides an abnormal event detection system for the UDS vehicle diagnosis service scene, which corresponds to the abnormal event detection method for the UDS vehicle diagnosis service scene. As shown in fig. 2, the abnormal event detection system 100 for the scenario of diagnosing the vehicle with the UDS service from the base plane is disposed on the vehicle with the UDS service, and includes a mapping table establishing module 10, a message collecting module 20, a message parsing module 30, a response matching determining module 40, an abnormal event type obtaining module 50, and an abnormal event report outputting module 60.
A mapping table establishing module 10, configured to establish a mapping table for recording a mapping relationship from a response code set of the UDS packet to an exception type set of the exception event.
And a message collection module 20, configured to collect a diagnostic communication message including the service identifier and the corresponding response code from the vehicle-mounted bus.
The message parsing module 30 is configured to parse the diagnostic communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code.
And the response matching judging module 40 is used for judging whether the current response code is matched with the response codes in the response code set.
And an abnormal event type obtaining module 50, configured to obtain a corresponding abnormal event type from the mapping table according to the response code matching result.
And an abnormal event report output module 60, configured to output an abnormal event report including the obtained abnormal event type, the current response code, and the current service identifier.
Examples effects and effects
According to the abnormal event detection method and system for the UDS vehicle diagnosis service scene, a mapping table for recording a mapping relation from a response code set of a UDS message to an abnormal event type set of an abnormal event is established, a diagnosis communication message which is acquired from a vehicle-mounted bus and contains a service identifier and a corresponding response code is analyzed to obtain a current service identifier and a corresponding current response code, whether the current response code is matched with the response code in the response code set or not is judged, the corresponding abnormal event type is acquired from the mapping table according to a response code matching result, and an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier is output.
The above embodiments are preferred examples of the present invention, and are not intended to limit the scope of the present invention.
For example, in the above embodiment, the abnormal event detection system is provided on a vehicle served by the UDS. However, in the present invention, the abnormal event detection system may also be deployed at the vehicle end and the cloud end in communication connection with the vehicle end, in which case the mapping table establishing module, the message analyzing module, the response matching determining module, and the abnormal event type acquiring module are disposed in motion, and the message collecting module and the abnormal event report outputting module are disposed at the vehicle end.
Claims (8)
1. An abnormal event detection method for a UDS vehicle diagnosis service scene is characterized by comprising the following steps:
step S1, establishing a mapping table for recording a mapping relation from a response code set of a UDS message to an abnormal event type set of an abnormal event;
s2, acquiring a diagnosis communication message containing a service identifier and a corresponding response code from the vehicle-mounted bus;
s3, analyzing the diagnosis communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code;
s4, judging whether the current response code is matched with the response codes in the response code set;
s5, acquiring a corresponding abnormal event type from the mapping table according to a response code matching result;
and S6, outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
2. The UDS vehicle diagnostic service scenario-oriented exception event detection method according to claim 1, wherein:
in the step S1, the UDS message includes a unified diagnostic service message specified by international standard ISO14229 and applied to an automotive electronic control unit environment, and a user-defined custom diagnostic service message conforming to a format specified by international standard ISO 14229.
3. The UDS vehicle diagnostic service scenario oriented exceptional event detection method according to claim 1, wherein:
in the step S1, the abnormal event type of the abnormal event includes UDS denial of service, UDS detection, illegal UDS request, illegal acquisition right, and data security threat.
4. The UDS vehicle diagnostic service scenario oriented exceptional event detection method according to claim 1, wherein:
in step S2, the diagnostic communication packet is acquired in a real-time acquisition mode or a diagnostic packet log acquisition mode.
5. The UDS vehicle diagnostic service scenario-oriented exception event detection method according to claim 1, wherein:
wherein, in the step S2, the diagnosis communication message comprises a request message and a response message of diagnosis service,
the response message is a positive response message or a negative response message.
6. The UDS vehicle diagnostic service scenario-oriented exception event detection method according to claim 1, wherein:
in step S3, the current service identifier and the response code are both obtained by parsing the diagnostic communication packet according to a packet format specified in international standard ISO 14229.
7. The UDS vehicle diagnostic service scenario-oriented exception event detection method according to claim 1, wherein:
wherein, in the step S6, the abnormal event report is formed by a command line terminal, a visual interface or a log file.
8. An abnormal event detection system oriented to a UDS vehicle diagnosis service scenario, comprising:
the mapping table establishing module is used for establishing a mapping table for recording the mapping relation from the response code set of the UDS message to the abnormal type set of the abnormal event;
the message acquisition module is used for acquiring a diagnosis communication message containing the service identifier and the corresponding response code from the vehicle-mounted bus;
the message analysis module is used for analyzing the diagnostic communication message to obtain a service identifier serving as a current service identifier and a corresponding response code serving as a current response code;
the response matching judgment module is used for judging whether the current response code is matched with the response codes in the response code set;
the abnormal event type acquisition module is used for acquiring a corresponding abnormal event type from the mapping table according to the response code matching result; and
and the abnormal event report output module is used for outputting an abnormal event report containing the acquired abnormal event type, the current response code and the current service identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271505.2A CN115951647A (en) | 2022-10-18 | 2022-10-18 | Abnormal event detection method and system for UDS vehicle diagnosis service scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271505.2A CN115951647A (en) | 2022-10-18 | 2022-10-18 | Abnormal event detection method and system for UDS vehicle diagnosis service scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115951647A true CN115951647A (en) | 2023-04-11 |
Family
ID=87295941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211271505.2A Pending CN115951647A (en) | 2022-10-18 | 2022-10-18 | Abnormal event detection method and system for UDS vehicle diagnosis service scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115951647A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117250943A (en) * | 2023-11-20 | 2023-12-19 | 常州星宇车灯股份有限公司 | Vehicle UDS service message anomaly detection method and detection system |
-
2022
- 2022-10-18 CN CN202211271505.2A patent/CN115951647A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117250943A (en) * | 2023-11-20 | 2023-12-19 | 常州星宇车灯股份有限公司 | Vehicle UDS service message anomaly detection method and detection system |
| CN117250943B (en) * | 2023-11-20 | 2024-02-06 | 常州星宇车灯股份有限公司 | Vehicle UDS service message anomaly detection method and detection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200328910A1 (en) | Obd interface bus type detection method and apparatus | |
| CN110162008B (en) | CAN bus analysis method for new energy vehicle | |
| EP3133774B1 (en) | Vehicle-mounted network system, abnormality detection electronic control unit and abnormality detection method | |
| Kulandaivel et al. | {CANvas}: Fast and inexpensive automotive network mapping | |
| US7668643B2 (en) | Method and system for automatically inspecting and registering automotive exhaust emission data | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| CN112367233B (en) | Vehicle-mounted network ECU communication method and device based on service-oriented architecture | |
| CN111061250A (en) | Automobile CAN bus information safety testing method | |
| CN110958271A (en) | Vehicle-mounted external network intrusion detection system | |
| KR101060681B1 (en) | Vehicle information transmission method, vehicle information receiving method and system performing the same | |
| CN115951647A (en) | Abnormal event detection method and system for UDS vehicle diagnosis service scene | |
| CN110825073A (en) | Engine remote calibration system and method | |
| WO2021145144A1 (en) | Intrusion-path analyzing device and intrusion-path analyzing method | |
| CN108228379A (en) | Log statistic method collects server, distributed server and summarizes server | |
| CN113645083A (en) | CAN network anomaly detection method, gateway module, vehicle and readable storage medium | |
| CN105635241A (en) | Method, system and computer-readable recording medium for managing abnormal state of vehicle | |
| WO2017057991A1 (en) | Vehicle management method of message server and vehicle management method of vehicle terminal | |
| CN114503518B (en) | Detection device, vehicle, detection method, and detection program | |
| WO2019055277A1 (en) | Data collection from auxiliary controller area network devices | |
| CN114884849A (en) | CAN bus abnormity detection method and system based on Adaboost | |
| CN115664737B (en) | Intrusion detection system and method | |
| US10515039B2 (en) | Vehicle USB hub system | |
| CN113434411A (en) | TIAS function test method and system | |
| KR101920833B1 (en) | Development of idps appliance module for intelligent car security and driving method thereof | |
| CN114915484B (en) | Safety detection system and detection method for vehicle-mounted gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |