CN116112252A - Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period - Google Patents
Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period Download PDFInfo
- Publication number
- CN116112252A CN116112252A CN202310089976.XA CN202310089976A CN116112252A CN 116112252 A CN116112252 A CN 116112252A CN 202310089976 A CN202310089976 A CN 202310089976A CN 116112252 A CN116112252 A CN 116112252A
- Authority
- CN
- China
- Prior art keywords
- message
- bus
- illegal
- intrusion detection
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 64
- 230000007123 defense Effects 0.000 title claims abstract description 13
- 230000002159 abnormal effect Effects 0.000 claims abstract description 32
- 238000000034 method Methods 0.000 claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 10
- 230000000903 blocking effect Effects 0.000 claims description 21
- 230000002265 prevention Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000008859 change Effects 0.000 abstract description 8
- 238000004891 communication Methods 0.000 abstract description 4
- 230000000737 periodic effect Effects 0.000 abstract description 4
- 238000012423 maintenance Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a vehicle-mounted CAN bus intrusion detection and defense system based on a message clock period, which CAN realize a safety protection function only by bypass access without changing the original vehicle structure. In the protection process, the CAN bus communication load in the vehicle is not increased, the CAN message periodic characteristic change caused by the change of ECU equipment in the vehicle along with the environment and the running time CAN be responded in time, the false detection and missing detection problems generated after the equipment runs for a long time are reduced, the ECU module which is possibly abnormal in positioning CAN be identified, and the fault removal maintenance of a user is facilitated. Meanwhile, part of illegal messages can be blocked in real time, and the risk of damage caused by the illegal messages is reduced.
Description
Technical Field
The invention relates to the field of mobile communication, in particular to a vehicle-mounted CAN bus intrusion detection and defense system based on a message clock period.
Disclosure of Invention
The invention aims to provide a vehicle-mounted CAN bus intrusion detection and defense system based on a message clock period, which CAN realize a safety protection function only by bypass access without changing the original vehicle structure. In the protection process, the CAN bus communication load in the vehicle is not increased, the CAN message periodic characteristic change caused by the change of ECU equipment in the vehicle along with the environment and the running time CAN be responded in time, the false detection and missing detection problems generated after the equipment runs for a long time are reduced, the ECU module which is possibly abnormal in positioning CAN be identified, and the fault removal maintenance of a user is facilitated. Meanwhile, part of illegal messages can be blocked in real time, and the risk of damage caused by the illegal messages is reduced.
The vehicle-mounted CAN bus intrusion detection and defense system based on the message clock period comprises a CAN transceiver module, an intrusion detection module, an abnormal ECU node positioning module and an illegal message blocking module, wherein the abnormal ECU node positioning module is connected with the intrusion detection module, and the CAN transceiver module, the intrusion detection module and the illegal message blocking module are connected in pairs;
the CAN transceiver module is used for converting an in-vehicle CAN bus electric signal into a data message, sending the data message to the intrusion detection module, receiving the CAN data message provided by the illegal message blocking module, converting the CAN data message into an electric signal, and sending the electric signal out through the in-vehicle CAN bus;
the intrusion detection module is used for detecting the validity of the data message on the CAN bus in real time and dynamically updating the characteristic parameters of the CAN message period of each ECU module;
the abnormal ECU node positioning module is used for further analyzing the illegal message detected by the intrusion detection module and positioning an ECU module which is possibly abnormal so that an operator can find a fault source in time;
the illegal message blocking module has certain capacity of blocking illegal message data transmission on the CAN bus, and reduces the harm of illegal messages to vehicles and passengers;
the working method of the vehicle-mounted CAN bus intrusion detection and defense system comprises the following steps:
step one: the initialization of the detection parameters is performed and,
for each ID number, N groups of message arrival time are continuously recorded, and the average period mu of CAN nodes corresponding to each ID number is estimated by using a recursive least square method ID And standard deviation sigma ID And storing;
step two: monitoring a target CAN bus until a new message is monitored, and entering a step three;
step three: calculating the arrival time of the message and the interval time t of the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And with each of the values ofSystem custom threshold v for ID ID Comparing if each is greater than the threshold v of each ID ID Judging the message to be an illegal message, and synchronously carrying out the step five and the step six; otherwise, entering a fourth step;
step four: analyzing the ID number of the new message, if the ID number does not appear in the step one, judging that the message is an illegal message, entering the step five, and if the ID number has a record, entering the step seven;
step five: comparing |t corresponding to each ID ID -μ ID |/σ ID And (3) recording the ID number corresponding to the minimum value, locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node, re-entering the step (II),
step six: aiming at illegal messages in the transmitting process, continuously transmitting dominant bit 0 in the ID bit of the subsequent arbitration section to acquire the high priority of the CAN bus, thereby winning the use right of the CAN bus, and then transmitting a data frame message with empty data section content;
step seven: breaking the message into legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID And (5) re-entering the second step.
Preferably, after the intrusion detection module deploys the vehicle-mounted CAN bus intrusion detection and defense system on the target CAN bus for the first time, the intrusion detection module needs to perform statistical modeling on the message clock cycles of all CAN node devices on the CAN bus.
The method for statistical modeling of the message clock period comprises the following steps: for each ID number, N groups of message arrival time are continuously recorded, and the average period mu of CAN nodes corresponding to each ID number is estimated by using a recursive least square method ID And standard deviation sigma ID And storing.
After the statistical modeling of the message clock period is completed, the intrusion detection module starts to perform real-time intrusion detection on the message on the CAN bus, and the method specifically comprises the following steps:
(1) when a new message appears on the CAN bus is detected, recording the arrival time of the message;
(2) calculating the interval time t between the message and the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And is customized to the system of IDs by a threshold v ID Comparing if each is greater than the threshold v of each ID ID Judging the message as illegal message, after finishing the detection of the message, waiting for the next message to appear; otherwise, performing the step (3);
(3) analyzing the ID number of the new message, if the ID number does not appear in the statistical modeling stage of the message clock period, judging the message as an illegal message, and waiting for the next message to appear after the message is detected; if the ID number has a record, performing the step (4);
(4) judging the message as legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID After the message is detected, waiting for the next message.
Preferably, the specific method for implementing the abnormal ECU node positioning by the abnormal ECU node positioning module is as follows:
(1) acquiring interval time t between illegal message and message on each ID ID And |t ID -μ ID |/σ ID Is a value of (2);
(2) comparing |t corresponding to each ID ID -μ ID |/σ/ ID And (3) a value, namely recording an ID number corresponding to the minimum value, and locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node.
Preferably, the illegal message blocking module can block the illegal message detected by the intrusion detection module in the third step, and the specific method is as follows:
(1) the illegal message blocking module continuously transmits dominant bit 0 in the ID bit of the subsequent arbitration section aiming at the illegal message in the transmitting process to acquire the high priority of the CAN bus, thereby winning the use right of the CAN bus;
(2) and after winning the CAN bus use right, sending a data frame message with empty data segment content.
The invention has the advantages that: 1. the safety protection function CAN be realized without changing the CAN bus structure, the CAN message format and each ECU module of the original vehicle and by-pass access.
2. In the protection process, the communication load of the CAN bus in the vehicle is not increased.
3. The method CAN timely respond to the periodic characteristic change of the CAN message caused by the change of the ECU equipment in the vehicle along with the environment and the running time, and reduce the false detection and missing detection problem generated after the equipment runs for a long time.
4. The ECU module which is possibly abnormal in positioning can be identified, so that the user can conveniently remove the obstacle and maintain.
5. The method can block part of illegal messages in real time, and reduce the risk of damage caused by the illegal messages.
Drawings
FIG. 1 is a schematic diagram of the system architecture of the present invention;
FIG. 2 is a typical workflow diagram of the in-vehicle CAN bus intrusion detection and prevention system of the invention;
FIG. 3 is a system block diagram of an exemplary embodiment of an in-vehicle CAN bus intrusion detection and prevention system of the invention;
Detailed Description
The invention is further described in connection with the following detailed description, in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the invention easy to understand.
As shown in fig. 1 to 3, the vehicle-mounted CAN bus intrusion detection and defense system based on a message clock period described in the present invention mainly comprises the following four parts: 1) A CAN transceiver module; 2) An intrusion detection module; 3) A dot positioning module; 4) And an illegal message blocking module.
Primary functions of each part
CAN transceiver module
The CAN transceiver module is used for converting the in-vehicle CAN bus power-on signal into a data message and transmitting the data message to the intrusion detection module; and meanwhile, receiving the CAN data message provided by the illegal message blocking module, converting the CAN data message into an electric signal, and transmitting the electric signal through an in-vehicle CAN bus.
Intrusion detection module
The intrusion detection module is mainly used for detecting the validity of the data message on the CAN bus in real time and dynamically updating the characteristic parameters of the CAN message period of each ECU module.
After the vehicle-mounted CAN bus intrusion detection and defense system is deployed on the target CAN bus for the first time, the intrusion detection module needs to carry out statistical modeling on the message clock cycles of all CAN node devices on the CAN bus.
The method for statistical modeling of the message clock period comprises the following steps: for each ID number, N groups of message arrival time are continuously recorded, and the average period mu ID and standard deviation sigma of CAN nodes corresponding to each ID number are estimated by using a recursive least square method ID And storing.
After the statistical modeling of the message clock period is completed, the intrusion detection module starts to perform real-time intrusion detection on the message on the CAN bus, and the method specifically comprises the following steps:
(1) when a new message appears on the CAN bus is detected, recording the arrival time of the message;
(2) calculating the interval time t between the message and the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And is customized to the system of IDs by a threshold v ID Comparing if each is greater than the threshold v of each ID ID Judging the message as illegal message, after finishing the detection of the message, waiting for the next message to appear; otherwise, performing the step (3);
(3) analyzing the ID number of the new message, if the ID number does not appear in the statistical modeling stage of the message clock period, judging the message as an illegal message, and waiting for the next message to appear after the message is detected; if the ID number has a record, performing the step (4);
(4) judging the message as legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID After the message is detected, waiting for the next message.
Abnormal ECU node positioning module
The abnormal ECU node positioning module is used for further analyzing the illegal message detected by the intrusion detection module and positioning the ECU module which is possibly abnormal so that an operator can find a fault source in time.
The specific method for realizing abnormal ECU node positioning is as follows:
(1) acquiring interval time t between illegal message and message on each ID ID And |t ID -μ ID |/σ ID Is a value of (2);
(2) comparing |t corresponding to each ID ID -μ ID |/σ ID And (3) a value, namely recording an ID number corresponding to the minimum value, and locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node.
Illegal message blocking module
The illegal message blocking module has certain capacity of blocking illegal message data transmission on the CAN bus, and reduces the harm of illegal messages to vehicles and passengers.
The illegal message blocking module can block the illegal message detected in the step (2) by the intrusion detection module, and the specific method is as follows:
(1) the illegal message blocking module continuously transmits dominant bit 0 in the ID bit of the subsequent arbitration section aiming at the illegal message in the transmitting process to acquire the high priority of the CAN bus, thereby winning the use right of the CAN bus;
(2) and after winning the CAN bus use right, sending a data frame message with empty data segment content.
Specific embodiments and principles:
after the system is deployed on the CAN bus in the vehicle, the specific flow of illegal message detection and defense work is as follows:
stage 1: initializing detection parameters
For each ID number, N groups of message arrival time are continuously recorded, and the average period mu of CAN nodes corresponding to each ID number is estimated by using a recursive least square method ID And standard deviation sigma ID And storing.
Stage 2: cycle detection CAN bus message
Step (1): monitoring a target CAN bus until a new message is monitored, and entering the step (2).
Step (2): calculating the arrival time of the message and the interval time t of the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And is customized to the system of IDs by a threshold v ID Comparing if each is greater than the threshold v of each ID ID Judging the message to be an illegal message, and synchronously carrying out the steps (4) and (5); otherwise, the step (3) is entered.
Step (3): analyzing the ID number of the new message, if the ID number does not appear in the stage 1, judging the message to be an illegal message, and entering the step (4); if there is a record for the ID number, step (6) is entered.
Step (4): comparing |t corresponding to each ID ID -μ ID |/σ ID And (3) a value, recording an ID number corresponding to the minimum value, locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node, and re-entering the step (1).
Step (5): aiming at illegal messages in the transmitting process, a dominant bit 0 is continuously transmitted in the ID bit of the subsequent arbitration section, and the high priority of the CAN bus is obtained, so that the use right of the CAN bus is obtained, and then a data frame message with empty data section content is transmitted.
Step (6): judging the message as legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID Step (1) is re-entered.
Based on the above, the invention can realize the safety protection function only by bypass access without changing the original vehicle structure. In the protection process, the CAN bus communication load in the vehicle is not increased, the CAN message periodic characteristic change caused by the change of ECU equipment in the vehicle along with the environment and the running time CAN be responded in time, the false detection and missing detection problems generated after the equipment runs for a long time are reduced, the ECU module which is possibly abnormal in positioning CAN be identified, and the fault removal maintenance of a user is facilitated. Meanwhile, part of illegal messages can be blocked in real time, and the risk of damage caused by the illegal messages is reduced.
It will be appreciated by those skilled in the art that the present invention can be carried out in other embodiments without departing from the spirit or essential characteristics thereof. Accordingly, the above disclosed embodiments are illustrative in all respects, and not exclusive. All changes that come within the scope of the invention or equivalents thereto are intended to be embraced therein.
Claims (4)
1. The vehicle-mounted CAN bus intrusion detection and defense system based on the message clock period is characterized by comprising a CAN transceiver module, an intrusion detection module, an abnormal ECU node positioning module and an illegal message blocking module, wherein the abnormal ECU node positioning module is connected with the intrusion detection module, and the CAN transceiver module, the intrusion detection module and the illegal message blocking module are connected in pairs;
the CAN transceiver module is used for converting an in-vehicle CAN bus electric signal into a data message, sending the data message to the intrusion detection module, receiving the CAN data message provided by the illegal message blocking module, converting the CAN data message into an electric signal, and sending the electric signal out through the in-vehicle CAN bus;
the intrusion detection module is used for detecting the validity of the data message on the CAN bus in real time and dynamically updating the characteristic parameters of the CAN message period of each ECU module;
the abnormal ECU node positioning module is used for further analyzing the illegal message detected by the intrusion detection module and positioning an ECU module which is possibly abnormal so that an operator can find a fault source in time;
the illegal message blocking module has certain capacity of blocking illegal message data transmission on the CAN bus, and reduces the harm of illegal messages to vehicles and passengers;
the working method of the vehicle-mounted CAN bus intrusion detection and defense system comprises the following steps:
step one: the initialization of the detection parameters is performed and,
for each ID number, N groups of message arrival time are continuously recorded, and the average period mu of CAN nodes corresponding to each ID number is estimated by using a recursive least square method ID And standard deviation sigma ID And storing;
step two: monitoring a target CAN bus until a new message is monitored, and entering a step three;
step three: calculating the arrival time of the message and the interval time t of the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And is customized to the system of IDs by a threshold v ID Comparing if each is greater than the threshold v of each ID ID Judging the message to be an illegal message, and synchronously carrying out the step five and the step six; otherwise, entering a fourth step;
step four: analyzing the ID number of the new message, if the ID number does not appear in the step one, judging that the message is an illegal message, entering the step five, and if the ID number has a record, entering the step seven;
step five: comparing |t corresponding to each ID ID -μ ID |/σ ID And (3) recording the ID number corresponding to the minimum value, locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node, re-entering the step (II),
step six: aiming at illegal messages in the transmitting process, continuously transmitting dominant bit 0 in the ID bit of the subsequent arbitration section to acquire the high priority of the CAN bus, thereby winning the use right of the CAN bus, and then transmitting a data frame message with empty data section content;
step seven: breaking the message into legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID And (5) re-entering the second step.
2. The vehicle-mounted CAN bus intrusion detection and prevention system based on a message clock cycle of claim 1, wherein: after the intrusion detection module is deployed on the target CAN bus for the first time, the intrusion detection module needs to perform statistical modeling on the message clock cycles of all CAN node devices on the CAN bus.
When in messageThe specific method for the clock cycle statistical modeling comprises the following steps: for each ID number, N groups of message arrival time are continuously recorded, and the average period mu of CAN nodes corresponding to each ID number is estimated by using a recursive least square method ID And standard deviation sigma ID And storing.
After the statistical modeling of the message clock period is completed, the intrusion detection module starts to perform real-time intrusion detection on the message on the CAN bus, and the method specifically comprises the following steps:
(1) when a new message appears on the CAN bus is detected, recording the arrival time of the message;
(2) calculating the interval time t between the message and the message on each ID one by one ID And calculate |t ID -μ ID |/σ ID And is customized to the system of IDs by a threshold v ID Comparing if each is greater than the threshold v of each ID ID Judging the message as illegal message, after finishing the detection of the message, waiting for the next message to appear; otherwise, performing the step (3);
(3) analyzing the ID number of the new message, if the ID number does not appear in the statistical modeling stage of the message clock period, judging the message as an illegal message, and waiting for the next message to appear after the message is detected; if the ID number has a record, performing the step (4);
(4) judging the message as legal message, discarding the earliest one of the N groups of message period data of the ID number, increasing the period information of the message, and updating the average period mu corresponding to the ID ID And standard deviation sigma ID After the message is detected, waiting for the next message.
3. The vehicle-mounted CAN bus intrusion detection and prevention system based on a message clock cycle of claim 1, wherein: the specific method for realizing the abnormal ECU node positioning by the abnormal ECU node positioning module is as follows:
(1) acquiring interval time t between illegal message and message on each ID ID And |t ID -μ ID |σ ID Is a value of (2);
(2) comparing |t corresponding to each ID ID -μ ID |/ ID And (3) a value, namely recording an ID number corresponding to the minimum value, and locating the ID number node as a possible abnormal CAN node, namely an abnormal ECU node.
4. The vehicle-mounted CAN bus intrusion detection and prevention system based on a message clock cycle of claim 1, wherein: the illegal message blocking module can block illegal messages detected in the third step by the intrusion detection module, and the specific method is as follows:
(1) the illegal message blocking module continuously transmits dominant bit 0 in the ID bit of the subsequent arbitration section aiming at the illegal message in the transmitting process to acquire the high priority of the CAN bus, thereby winning the use right of the CAN bus;
(2) and after winning the CAN bus use right, sending a data frame message with empty data segment content.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310089976.XA CN116112252A (en) | 2023-02-09 | 2023-02-09 | Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310089976.XA CN116112252A (en) | 2023-02-09 | 2023-02-09 | Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116112252A true CN116112252A (en) | 2023-05-12 |
Family
ID=86261275
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310089976.XA Withdrawn CN116112252A (en) | 2023-02-09 | 2023-02-09 | Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116112252A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116915589A (en) * | 2023-09-12 | 2023-10-20 | 延锋伟世通电子科技(南京)有限公司 | Vehicle-mounted CAN bus network message anomaly detection method |
-
2023
- 2023-02-09 CN CN202310089976.XA patent/CN116112252A/en not_active Withdrawn
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116915589A (en) * | 2023-09-12 | 2023-10-20 | 延锋伟世通电子科技(南京)有限公司 | Vehicle-mounted CAN bus network message anomaly detection method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11411681B2 (en) | In-vehicle information processing for unauthorized data | |
US10992688B2 (en) | Unauthorized activity detection method, monitoring electronic control unit, and onboard network system | |
US11838314B2 (en) | Electronic control device, fraud detection server, in-vehicle network system, in-vehicle network monitoring system, and in-vehicle network monitoring method | |
US10951631B2 (en) | In-vehicle network system, fraud-detection electronic control unit, and fraud-detection method | |
US10277598B2 (en) | Method for detecting and dealing with unauthorized frames in vehicle network system | |
JP7030046B2 (en) | Fraudulent communication detection method, fraudulent communication detection system and program | |
WO2018168291A1 (en) | Information processing method, information processing system, and program | |
CN109005678B (en) | Illegal communication detection method, illegal communication detection system, and recording medium | |
WO2018186054A1 (en) | Method for determining reference for unauthorized communication detection, system for determining reference for unauthorized communication detection, and program | |
CN113691432A (en) | Automobile CAN network message monitoring method and device, computer equipment and storage medium | |
CN116112252A (en) | Vehicle-mounted CAN bus intrusion detection and defense system based on message clock period | |
US10223319B2 (en) | Communication load determining apparatus | |
JP2021005821A (en) | Abnormality detection device | |
JP2021140460A (en) | Security management apparatus | |
CN115102707A (en) | Vehicle CAN network IDS safety detection system and method | |
US20240259399A1 (en) | Abnormality detecting device, security system, and abnormality notification method | |
CN112866270A (en) | Intrusion detection defense method and system | |
CN112751822B (en) | Communication apparatus, operation method, abnormality determination apparatus, abnormality determination method, and storage medium | |
CN111447165B (en) | Vehicle safety protection method and device | |
US20230247037A1 (en) | Information processing device and method of controlling information processing device | |
US20240114044A1 (en) | Log determination device, log determination method, log determination program, and log determination system | |
JP2024051321A (en) | Log determination device, log determination method, log determination program, and log determination system | |
CN115664788A (en) | Communication data hijacking monitoring method and system, storage medium and electronic equipment | |
CN118175536A (en) | Safety state analysis method and system for vehicle | |
EP4237975A1 (en) | Intrusion filter for an intrusion detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230512 |