CN117118663A - Vehicle safety detection method and device, electronic equipment and storage medium - Google Patents
Vehicle safety detection method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117118663A CN117118663A CN202310880038.1A CN202310880038A CN117118663A CN 117118663 A CN117118663 A CN 117118663A CN 202310880038 A CN202310880038 A CN 202310880038A CN 117118663 A CN117118663 A CN 117118663A
- Authority
- CN
- China
- Prior art keywords
- detection
- event
- detection mode
- factor
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 689
- 238000000034 method Methods 0.000 claims abstract description 36
- 238000012545 processing Methods 0.000 claims abstract description 31
- 230000008439 repair process Effects 0.000 claims description 21
- 230000000153 supplemental effect Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 8
- 238000013523 data management Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 238000011269 treatment regimen Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000004140 cleaning Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000011282 treatment Methods 0.000 description 2
- 101000822695 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C1 Proteins 0.000 description 1
- 101000655262 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C2 Proteins 0.000 description 1
- 101000655256 Paraclostridium bifermentans Small, acid-soluble spore protein alpha Proteins 0.000 description 1
- 101000655264 Paraclostridium bifermentans Small, acid-soluble spore protein beta Proteins 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 239000011449 brick Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000013064 process characterization Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
- B60R16/023—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
- B60R16/0231—Circuits relating to the driving or the functioning of the vehicle
- B60R16/0232—Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Automation & Control Theory (AREA)
- Mechanical Engineering (AREA)
- Traffic Control Systems (AREA)
Abstract
The disclosure provides a vehicle safety detection method, a device, electronic equipment and a storage medium, relates to the technical field of computers, and particularly relates to the technical fields of data processing, internet of vehicles, automatic driving, vehicle safety and the like. The specific implementation scheme is as follows: acquiring safety detection data for a target vehicle; determining a current vehicle risk corresponding to the target detection mode under the condition that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched; and generating alarm information corresponding to the current vehicle risk. By adopting the method and the device, the resource consumption of the vehicle end can be reduced, and meanwhile, the safety performance of the target vehicle is improved by improving the reliability of vehicle safety detection.
Description
Technical Field
The disclosure relates to the technical field of computers, in particular to the technical fields of data processing, internet of vehicles, automatic driving, vehicle safety and the like, and specifically relates to a vehicle safety detection method, device, electronic equipment and storage medium.
Background
With the rapid development of the internet of vehicles and automatic driving, not only is the composition of an automobile electronic system increasingly complicated, but also the software control function of the automobile electronic system is continuously optimized and perfected. This not only increases the resource consumption of the vehicle end, but also increases the number and severity of risks faced by the automotive electronic system, and reduces the safety performance of the target vehicle.
Disclosure of Invention
The disclosure provides a vehicle safety detection method, a vehicle safety detection device, electronic equipment and a storage medium.
According to an aspect of the present disclosure, there is provided a vehicle safety detection method including:
acquiring safety detection data for a target vehicle;
determining a current vehicle risk corresponding to the target detection mode under the condition that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
and generating alarm information corresponding to the current vehicle risk.
According to another aspect of the present disclosure, there is provided a vehicle safety detection apparatus including:
a data acquisition unit configured to acquire safety detection data for a target vehicle;
A risk determination unit configured to determine a current vehicle risk corresponding to a target detection pattern in a case where it is determined that the target detection pattern that is successfully matched exists in the detection pattern set based on the security detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
and the information generation unit is used for generating alarm information corresponding to the current vehicle risk.
According to another aspect of the present disclosure, there is provided an electronic device including:
at least one processor;
a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform a method according to any one of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements a method according to any of the embodiments of the present disclosure.
By adopting the method and the device, the resource consumption of the vehicle end can be reduced, and meanwhile, the safety performance of the target vehicle is improved by improving the reliability of vehicle safety detection.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic flow chart of a vehicle safety detection method according to an embodiment of the disclosure;
FIGS. 2-6 are schematic diagrams illustrating a detection mode according to embodiments of the present disclosure;
FIG. 7 is a schematic diagram of a reference pattern provided by an embodiment of the present disclosure;
FIGS. 8 and 9 are schematic diagrams of a supplemental detection mode provided by embodiments of the present disclosure;
fig. 10 is a flowchart auxiliary explanatory diagram of a vehicle safety detection method provided in an embodiment of the present disclosure;
fig. 11 is a schematic view of a scenario of a vehicle safety detection method according to an embodiment of the disclosure;
FIG. 12 is a schematic block diagram of a vehicle safety detection device provided in an embodiment of the present disclosure;
Fig. 13 is a schematic block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The disclosed embodiments provide a vehicle security detection method that may be applied to a vehicle security operations center (Vehicle Security Operation Center, VSOC) deployed on an electronic device, where the electronic device may be a server. Hereinafter, a method for detecting vehicle safety according to an embodiment of the present disclosure will be described with reference to a flowchart shown in fig. 1. It should be noted that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in other orders.
Step S101, acquiring safety detection data for a target vehicle;
Step S102, determining the current vehicle risk corresponding to the target detection mode under the condition that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
step S103, generating alarm information corresponding to the current vehicle risk.
The target vehicle may be any vehicle capable of accessing a network, including a small car, a heavy car, a truck, etc., which is not particularly limited in the embodiments of the present disclosure.
The safety detection data can be acquired and processed by a vehicle intrusion detection and prevention system (Intrusion Detection & Prevention System, IDPS) installed on each safety detection part of the target vehicle, and sent to an electronic device applying the vehicle-mounted safety detection method. In a specific example, the security detection data may include relevant detection data of each security detection component, for example, may include central processing unit (Central Processing Unit, CPU) usage, memory occupancy, disk occupancy, etc., process characterization data when component system upgrades are implemented based on Over-The-Air technology (OTA), etc.
In an embodiment of the present disclosure, the set of detection patterns includes at least one detection pattern, and each detection pattern is used to characterize at least one set of detection events that need to be matched. The detection event set may include at least one rule event, for example, may include one of a CPU overload event, a vehicle unlocking event, and a vehicle locking event of a certain security detection component, or may also include an OTA request success event, an OTA download event, an OTA upgrade start event, an OTA upgrade end event, and the like for a certain component system, which may specifically be a vehicle risk configuration that may be detected as needed, and embodiments of the present disclosure are not limited thereto specifically.
In the embodiment of the disclosure, each detection mode is used for detecting one vehicle risk, and based on the detection modes, when the detection mode set is determined to have the successfully matched target detection mode based on the safety detection data, the current vehicle risk corresponding to the target detection mode can be further determined, and the warning information corresponding to the current vehicle risk can be regenerated.
By adopting the vehicle safety detection method provided by the embodiment of the disclosure, the safety detection data aiming at the target vehicle can be obtained; determining a current vehicle risk corresponding to the target detection mode under the condition that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data; and generating alarm information corresponding to the current vehicle risk. On the one hand, compared with the traditional scheme, the vehicle safety detection method provided by the embodiment of the disclosure is not applied to the target vehicle, so that the resource consumption of a vehicle end can be reduced; on the other hand, since the detection mode set includes at least one detection mode and the detection mode is used for representing at least one detection event set to be matched, that is, each detection mode is not only used for representing a single event, accurate discrimination of vehicle risk can be realized through relatively comprehensive detection mode configuration, so that reliability of vehicle safety detection is improved, and safety performance of a target vehicle is improved.
In the embodiment of the disclosure, the security detection component of the target vehicle may include at least one of a vehicle-mounted device, a vehicle-mounted Telematics BOX (T-BOX), a gateway controller, and a domain controller, that is, the security detection data may include relevant detection data of at least one of the vehicle-mounted device, the T-BOX, the gateway controller, and the domain controller of the target vehicle.
The domain controller can comprise a controller of multiple areas such as a power domain, a body domain, a chassis domain, a cabin domain and an automatic driving domain of a vehicle.
Through the arrangement, in the embodiment of the disclosure, relatively comprehensive safety detection data can be obtained, so that the coverage of a vehicle risk detection method is improved, the reliability of vehicle safety detection is improved, and the safety performance of a target vehicle is improved.
Furthermore, referring to fig. 2-6, in the embodiment of the disclosure, the detection pattern set includes at least one detection pattern (for example, may include the detection pattern I, the detection pattern II, the detection pattern III, the detection pattern IV, and the detection pattern V of fig. 2-6), and the detection pattern is used to characterize at least one detection event set that needs to be matched. That is, in embodiments of the present disclosure, at least one detection mode of the detection mode set may include at least one single factor detection mode and/or at least one multiple factor detection mode. Wherein the single-factor detection mode is used for representing one detection event set to be matched (as shown in fig. 3 and 4), the multi-factor detection mode is used for representing a plurality of detection event sets to be matched, and the plurality of detection event sets can be connected in series, that is, the matching of the plurality of detection event sets can be sequentially performed according to the serial connection sequence (as shown in fig. 2, 5 and 6). In addition, in the embodiment of the present disclosure, each detection mode further has a corresponding detection mode. The detection mode may include at least one of a detection period and a detection period, for example, the detection period may be once every 5 minutes (min), and the detection period may be 00:00:00 to 23:59:59.
The configuration of the detection mode will be further described below.
(1) Setting of at least one set of detection events characterized by a detection pattern
Each detected event set may include at least one rule event, and when the detected event set includes a plurality of rule events, an event association relationship between the plurality of rule events may be or a relationship. That is, for a certain detected event set, when the detected event set includes a plurality of rule events, any rule event of the plurality of rule events is hit, the detected event set may be considered to be successfully matched.
In addition, in the embodiment of the present disclosure, for each detected event set, the hit frequency of the rule event in the detected event set may also be set. For example, if the hit frequency of the rule event in the detection event set is set to > =3 times, the detection event set is considered to be successfully matched when the hit frequency of the rule event in the detection event set is 3 times or more.
(2) For a multi-factor detection mode, the multi-factor detection mode comprises a set association relation setting between two adjacent detection event sets in a plurality of detection event sets
String: strictly continuous, i.e. during the intermediate period when the first set of detection events is successfully matched with the second set of detection events, the occurrence of a situation in which the other sets of events are successfully matched is not allowed (in the detection mode, the second set of detection events is located after the first set of detection events);
Skip_till_next: loosely consecutive, i.e. during the intermediate period when the first and second sets of detection events are successfully matched, allowing the occurrence of a situation in which the other sets of events are successfully matched (in the detection mode, the second set of detection events is located after the first set of detection events);
not_next: the rule event immediately after hit does not belong to the next detection event set, i.e. after the first detection event set is successfully matched, the rule event immediately after hit does not belong to the second detection event set (in detection mode, the second detection event set is located after the first detection event set);
not_follow: a specific event specified does not subsequently occur, i.e. after the first set of detected events is successfully matched, the regular events (specific event specified) in the second set of detected events are no longer hit (in the detection mode, the second set of detected events is located after the first set of detected events).
Through the arrangement, in the embodiment of the disclosure, after the risk of the vehicle to be detected is determined, the risk of the vehicle is accurately judged through the relatively comprehensive detection mode configuration, so that the reliability of vehicle safety detection is improved, and the safety performance of the target vehicle is improved.
Referring to fig. 5, assuming that the risk of the vehicle to be detected is an overload of the resource consumption of the vehicle, a detection mode IV may be configured to characterize that at least one detection event set to be matched includes a first detection event and a second detection event, and a set association relationship between the first detection event and the second detection time is a stream, where the first detection event may include a vehicle application start event, and the second detection event set may include three rule events, which are respectively a vehicle CPU overload event, a vehicle memory overload event, and a vehicle disk overload event. Therefore, after the first detection event is successfully matched, if the second detection event is also successfully matched on the premise that the aggregate association relationship between the first detection event and the second detection time accords with the string, the detection mode IV can be considered to be successfully matched, that is, the risk of the vehicle with overload of the vehicle-to-machine resource consumption occurs. Compared with the scheme that each detection mode is only used for representing a single event in the prior art, the method can realize accurate judgment of vehicle risks through relatively comprehensive detection mode configuration so as to improve the reliability of vehicle safety detection and further improve the safety performance of a target vehicle.
Furthermore, in the embodiments of the present disclosure, the rule event may be a specific event or an open event, the open event including a plurality of specific events having the same characteristics, and the open event having a corresponding event semantic.
The specific event may be a specific vehicle reporting event determined based on the safety detection data, including a state detection event, an abnormal event, and the like. The state detection event may include a CPU overload event, a memory overload event, a disk overload event, and the like, and the abnormal event may include a controller area network (Controller Area Network, CAN) message length abnormal event, a CAN signal value abnormal event, a CAN signal period abnormal event, and the like.
Wherein an open event is based on comprising a plurality of specific events having the same characteristics, and the same characteristics may be the same event object, e.g. the event object may be a CAN of a certain security detection component, i.e. the open event may comprise a plurality of specific events related to the CAN of the security detection component; as another example, the event object may be an OTA for a component system, i.e., the open event may include an OTA request success event, an OTA download event, an OTA upgrade start event, an OTA upgrade end event, etc. for the component system. Furthermore, in the disclosed embodiments, event semantics are used to define hit rules for open events.
In a specific example, the open event may include:
ANY particular event (ANY);
the predefined plurality of specific events, the event semantics of which may include: IN, not_in;
the event semantics of a plurality of specific events customized based on VSOC may include: IN, not_in.
For example, there is an open event including four specific events, an OTA request success event, an OTA download event, an OTA upgrade start event, and an OTA upgrade end event, then IN (OTA request success event or OTA download event or OTA upgrade start event or OTA upgrade end event) is used to characterize that the current event can be any event IN this set; NOT_IN (OTA request success event or OTA download event or OTA upgrade start event or OTA upgrade end event) is used to characterize that the current event cannot be any event IN this set.
Through the steps, in the embodiment of the disclosure, after the risk of the vehicle to be detected is determined, the risk of the vehicle is accurately determined through the relatively comprehensive detection mode configuration, particularly through the combination of the specific event and the open event, so that the reliability of the safety detection of the vehicle is improved, and the safety performance of the target vehicle is improved.
As shown in fig. 6, assuming that the risk of the vehicle to be detected is an OTA upgrade for a component system, a detection pattern V may be configured to characterize that at least one detection event set to be matched includes a first detection event set and a second detection event set, and a set association relationship between the first detection event set and the second detection event set is not_next, where the first detection event set may include a specific event, an OTA upgrade start event, and the second detection event set may include an open event, ANY specific event (ANY). Therefore, after the first detection event set is successfully matched, if the second detection event set is detected to be successfully matched on the premise that the set association relationship between the first detection event and the second detection event accords with not_next, the detection mode V can be considered to be successfully matched, that is, the risk of the vehicle for the OTA upgrading the brick of a certain component system occurs. Compared with the scheme that each detection mode is only used for representing a single event in the prior art, the method can realize accurate judgment of vehicle risks through relatively comprehensive detection mode configuration, particularly through combination of specific events and open events, so that reliability of vehicle safety detection is improved, and safety performance of a target vehicle is improved.
In addition, in the embodiment of the present disclosure, for a specific specified event, content matching of an event feature field may be set, including threshold matching, numerical range matching, array containing matching, and the like, so as to enrich hit judgment criteria of the event. For example, the vehicle-mounted CPU overload event is determined by the vehicle-mounted CPU utilization rate, and it may be set here that, for the vehicle-mounted CPU overload event, the vehicle-mounted CPU utilization rate > =90% is required to determine that the vehicle-mounted CPU overload event is hit; for another example, the vehicle memory overload event is determined by using the vehicle memory utilization rate, where it may be set that, for the vehicle memory overload event, the vehicle memory utilization rate > =90% is required to determine that the vehicle memory overload event is hit; for another example, the on-board disk overload event is determined by the on-board disk usage rate, where it may be set that, for the on-board disk overload event, the on-board disk usage rate > =90% is required to determine that the on-board disk overload event is hit.
Based on the above configuration of detection patterns, in some alternative embodiments "determining that there is a successfully matched target detection pattern in the detection pattern set based on the security detection data" may include the steps of:
For each single-factor detection mode, determining the single-factor detection mode as a target detection mode under the condition that the detection event set represented by the single-factor detection mode is successfully matched based on the safety detection data, so as to determine that the target detection mode successfully matched exists in the detection mode set;
for each multi-factor detection mode, when the fact that a plurality of detection event sets represented by the multi-factor detection mode are successfully matched is determined based on the safety detection data and the preset matching time length corresponding to the multi-factor detection mode, the multi-factor detection mode is determined to be a target detection mode, and the target detection mode which is successfully matched exists in the detection mode set.
In a specific example, the detection mode set includes five detection modes, that is, a first single-factor detection mode, a second single-factor detection mode, a first double-factor detection mode, a second double-factor detection mode, and a third double-factor detection mode, respectively, and then, in a case where any single-factor detection mode is successfully matched, the single-factor detection mode may be determined as a target detection mode to determine that a successfully matched target detection mode exists in the detection mode set, and in a case where any multi-factor detection mode is successfully matched, the multi-factor detection mode may also be determined as a target detection mode to determine that a successfully matched target detection mode exists in the detection mode set.
In addition, in the embodiment of the present disclosure, each multi-factor detection mode has a corresponding preset matching duration, for example, 5min. That is, for a certain multi-factor detection mode, if the multiple detection event sets represented by the multi-factor detection mode are not successfully matched within 5min, the secondary round of matching is stopped, and a process of waiting for the next round of matching is carried out.
Through the steps, in the embodiment of the disclosure, for each single-factor detection mode, when the detection event set represented by the single-factor detection mode is determined to be successfully matched based on the security detection data, the single-factor detection mode is determined to be the target detection mode, so that the matching process of the single-factor detection mode is simplified, and the matching time consumption is reduced.
It should be noted that, in the embodiment of the present disclosure, in order to further reduce the matching time consumption and improve the matching accuracy, before executing the step of determining that the detection pattern set has the successfully matched target detection pattern based on the security detection data, the security detection data may be cleaned to delete the non-normalized data. The non-normalized data may be format error data, scrambled data, etc.
It should also be noted that, in the embodiment of the present disclosure, "determining that the target detection pattern that is successfully matched exists in the detection pattern set based on the security detection data", and cleaning the security detection data may be implemented by a link distributed computing policy. Based on this, in some optional embodiments, "based on the security detection data and the preset matching duration corresponding to the multi-factor detection mode, determining that the plurality of detection event sets characterized by the multi-factor detection mode are successfully matched" may include the steps of:
under the condition that the head event sets in a plurality of detection event sets characterized by the multi-factor detection mode are successfully matched based on the safety detection data, starting to calculate the mode matching duration;
Acquiring a preset matching time length corresponding to the multi-factor detection mode;
before the pattern matching time length reaches the preset matching time length, if each non-head event set except the head event set in the multiple detection event sets represented by the multiple factor detection pattern is successfully matched based on the safety detection data, the multiple detection event sets represented by the multiple factor detection pattern are successfully matched.
Wherein the head event set is the first detected event set in the plurality of detected event sets.
Taking the detection mode IV shown in fig. 5 as an example, when it is determined based on the security detection data that the head event sets in the two detection event sets represented by the detection mode IV, that is, the first detection event set, are successfully matched, calculating a mode matching duration is started, a preset matching duration corresponding to the detection mode IV is obtained, and before the mode matching duration reaches the preset matching duration, if it is determined based on the security detection data that the second detection event set in the two detection event sets represented by the detection mode IV except the first detection event set is successfully matched, it is determined that the two detection event sets represented by the detection mode IV are successfully matched.
Through the steps, in the embodiment of the disclosure, when it is determined based on the security detection data that the head event sets in the plurality of detection event sets represented by the multi-factor detection mode are successfully matched, calculating the mode matching duration may be started, and when it is determined based on the security detection data that each non-head event set in the plurality of detection event sets represented by the multi-factor detection mode except the head event set is successfully matched before the mode matching duration reaches the preset matching duration corresponding to the multi-factor detection mode, determining that the plurality of detection event sets represented by the multi-factor detection mode are successfully matched, thereby avoiding long waiting of the matching process. On the one hand, the time consumption of matching can be reduced, on the other hand, the context relevance among a plurality of detection event sets represented by the multi-factor detection mode can be enhanced through the setting of preset matching time length, the matching accuracy is improved, and finally, the reliability of vehicle safety detection is improved.
In the embodiment of the disclosure, for the multi-factor detection mode, a corresponding set association relationship is further set between two adjacent detection event sets in a plurality of detection event sets included in the multi-factor detection mode. Based on this, in some optional embodiments, "determining that each non-head event set of the plurality of detection event sets characterized by the multi-factor detection mode, except the head event set, is successfully matched" may include the steps of:
for each non-head event set of the plurality of detection event sets characterized by the multi-factor detection mode except for the head event set, determining a set association relationship between the non-head event set and a last event set of the non-head event set;
and under the condition that the event occurrence condition of the non-head event set is determined to accord with the set association relation based on the safety detection data, the non-head event set is determined to be successfully matched.
As previously described, in the embodiment of the present disclosure, the set association relationship may be one of stream, skip_till_next, not_next, and not_follow.
Taking the detection mode IV shown in fig. 5 as an example, the at least one detection event set characterized by it includes a first detection event set as a head event set and a second detection event set as a non-head event set, i.e., the first detection event set is the last event set of the second detection event set. The set association relationship between the second detection event set and the first detection event set is a string, so that if the event occurrence condition of the second detection event set is determined to be in line with the string based on the security detection data, the second detection event set is determined to be successfully matched. That is, after the first detection event set is successfully matched, the second detection event set is also successfully matched, and during an intermediate period of time when the first detection event set and the second detection event set are successfully matched, no other event sets appear to be successfully matched, then it is determined that detection pattern IV is successfully matched.
Taking the detection mode V shown in fig. 6 as an example, the at least one detection event set characterized by the detection mode V includes a first detection event set as a head event set and a second detection event set as a non-head event set, that is, the first detection event set is a last event set of the second detection event set. The set association relationship between the second detection event set and the first detection event set is not_next, and therefore, in the case that it is determined that the event occurrence condition of the second detection event set meets not_next based on the security detection data, it is determined that the second detection event set is successfully matched. That is, after the first detection event set is successfully matched, the next hit rule event does not belong to the second detection event set, and then it is determined that the detection pattern V is successfully matched. Since the rule events included in the second set of detection events are open events, and in particular ANY particular event (ANY), the understanding here that the next hit rule event does not belong to the second set of detection events may be that ANY particular event is missed.
Through the steps, in the embodiment of the disclosure, for each non-head event set except the head event set in the plurality of detection event sets represented by the multi-factor detection mode, the set association relationship between the non-head event set and the last event set of the non-head event set can be determined, and then under the condition that the event occurrence condition of the non-head event set is determined to be in accordance with the set association relationship based on the safety detection data, the non-head event set is successfully matched, so that hit judgment standards of the non-head event set are enriched, accurate judgment of vehicle risks is realized, reliability of vehicle safety detection is improved, and safety performance of a target vehicle is improved.
In the embodiment of the disclosure, each detection mode has a corresponding detection mode. Based on this, in some alternative embodiments, "determining that there is a successfully matched target detection pattern in the detection pattern set based on the security detection data" may include the steps of:
for each detection mode, acquiring a detection mode corresponding to the detection mode; wherein the detection mode comprises at least one of a detection period and a detection time period;
according to the detection mode, based on the safety detection data, the target detection mode which is successfully matched exists in the detection mode set.
The detection mode can be configured by a Web front end based on VSOC by a security operator and is sent to a data management system (for example, mysql) for storage through a Web back end. The detection mode may include at least one of a detection period and a detection time period, for example, the detection period may be once every 5min, and the detection time period may be 00:00:00-23:59:59.
Through the steps, for each detection mode, a detection mode corresponding to the detection mode can be acquired, and then the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data according to the detection mode. Wherein the detection mode comprises at least one of a detection period and a detection time period. Therefore, the effective control of the detection frequency can be realized, and the number of times of invalid detection is reduced, so that the resource consumption of the electronic equipment is reduced.
In addition, in the embodiment of the present disclosure, at least one detection mode included in the detection mode set may include an original detection mode configured manually, and may also include a supplementary detection mode configured automatically. The original detection mode can be configured by a Web front end based on VSOC by a security operator and is sent to a data management system for storage through a Web back end. While for the supplemental detection mode, in some alternative embodiments, the vehicle safety detection method may further comprise the steps of configuring the supplemental detection mode and creating a set of detection modes therefrom:
acquiring automatic configuration logic;
configuring a supplemental detection mode according to the automatic configuration logic;
with the supplemental detection mode, a detection mode set is created.
Wherein the automatic configuration logic may be preset and stored in the data management system.
In the embodiment of the disclosure, before the vehicle safety detection method is applied to the electronic equipment, automatic configuration logic is acquired, a supplementary detection mode is configured according to the automatic configuration logic, and a detection mode set is created by using the supplementary detection mode; the automatic configuration logic can be acquired in the application process of the vehicle safety detection method, then the supplementary detection mode is configured according to the automatic configuration logic, and the detection mode set is created by utilizing the supplementary detection mode, wherein the creation of the detection mode set can be understood as updating the detection mode set.
Through the steps, in the embodiment of the disclosure, the automatic configuration logic can be obtained, the supplementary detection mode is configured according to the automatic configuration logic, and the detection mode set is created by utilizing the supplementary detection mode, so that the semi-automatic creation of the detection mode set is realized, the development difficulty of the vehicle safety detection method is reduced, and the development efficiency of the vehicle safety detection method is improved.
In addition, in the embodiment of the present disclosure, after the detection mode set including the original detection mode and the supplementary detection mode is stored in the data management system, the security operator may also modify, close, delete, upgrade, etc. the original detection mode and the supplementary detection mode in the detection mode set based on the Web front end of the VSOC, and may also add other detection modes.
In some alternative embodiments, "configuring the supplemental detection mode in accordance with the auto-configuration logic" may include the steps of:
acquiring a preset safety specification; the preset safety specification comprises a plurality of safety detection items;
determining at least one detection event set to be matched for each security detection item;
the supplemental detection pattern is configured based on at least one set of detection events that need to be matched.
The preset security specification may be a car networking standard R155.
After the preset security specification is obtained, at least one detection event set to be matched can be determined for each detection item in the preset security specification, and then the supplementary detection mode is configured based on the at least one detection event set to be matched.
For example, a first detection item exists in a preset security specification, specifically: and (5) detecting the integrity of the upgrade file. Thus, it may be determined that at least one set of detection events that need to be matched includes a rule event (specifically a specified specific event) that upgrades the file integrity detection event. The upgrade file integrity detection event may determine whether it is hit by upgrade file integrity detection check data extracted from the security detection data.
For another example, a second detection item exists in the preset security specification, specifically: and (5) upgrading the service connection audit. Thus, it may be determined that at least one detected event set that needs to be matched includes a rule event (specifically a specified specific event) that is an upgrade service connection audit event. The upgrade service connection audit event may determine whether it is hit by upgrade service connection information extracted from the security detection data.
Through the steps, in the embodiment of the present disclosure, a preset security specification may be obtained, and then, for each security detection item in the preset security specification, at least one detection event set that needs to be matched is determined, and based on the at least one detection event set that needs to be matched, a supplementary detection mode is configured. Therefore, the relative coverage of the detection mode set to the preset safety detection standard can be realized, and the missing detection of part of safety detection items in the preset safety standard is avoided, so that the reliability of the safety detection of the vehicle is improved, and the safety performance of the target vehicle is improved.
In some alternative embodiments, "configuring the supplemental detection mode in accordance with the auto-configuration logic" may include the steps of:
acquiring a reference mode; the reference mode is used for representing a result event set to be matched and a candidate factor event set related to the result event set, wherein the candidate factor event set comprises a plurality of candidate factor events;
based on the security detection data, performing multiple matches on the reference pattern to determine at least one factor event that triggers the result event set from the plurality of candidate factor events;
constructing a factor event set by using at least one factor event;
Based on the factor event set and the result event set, a supplemental detection mode is configured.
The reference mode can be configured by a Web front end based on VSOC by a security operator and is sent to a data management system for storage through a Web back end. Wherein the result event set may include at least one rule event, and the rule event is specifically a specific event specified. For example, the result event set may include three rule events, namely a vehicle-to-vehicle CPU overload event, a vehicle-to-vehicle memory overload event, and a vehicle-to-vehicle disk overload event; the candidate factor event set may include a plurality of candidate factor events, where the plurality of candidate factor events may be a plurality of rule events, or may be an open event, such as ANY particular event (ANY) characterization. In connection with this example, a reference pattern vi as shown in fig. 7 can be obtained.
Thereafter, the reference pattern may be matched multiple times based on the security detection data to determine at least one factor event that triggers the result event set from the plurality of candidate factor events. Specifically, for each successful matching experience of the reference pattern, a primary selection event can be determined from a plurality of candidate factor events to form a primary selection event set, finally, a specified number of primary selection events with the largest number proportion are selected from the primary selection event set to serve as factor events, at least one factor event is determined, and the factor event set is constructed by utilizing the at least one factor event.
In a specific example, of 100 successful matching experiences for the reference pattern, 80 times are the initial event A1 determined from the plurality of candidate factor events, 15 times are the initial event A2 determined from the plurality of candidate factor events, and 5 times are the initial event A3 determined from the plurality of candidate factor events. Then, when the designated number is 1, the primary selected event A1 with the largest number proportion can be selected as a factor event, a factor event set is constructed, and finally, based on the factor event set and the result event set, a supplementary detection mode vii as shown in fig. 8 can be configured; when the designated number is 2, the primary selection event A1 and the primary selection event A2 with the largest number proportion can be selected as factor events, a factor event set is constructed, and finally, based on the factor event set and the result event set, a complementary detection mode VIII shown in fig. 9 can be configured.
Through the steps, in the embodiment of the disclosure, the reference pattern may be acquired, and then the reference pattern may be matched multiple times based on the security detection data, so as to determine at least one factor event that triggers the result event set from the multiple candidate factor events, construct the factor event set by using the at least one factor event, and configure the supplementary detection pattern based on the factor event set and the result event set. The reference mode is used for representing a result event set to be matched and a candidate factor event set related to the result event set, wherein the candidate factor event set comprises a plurality of candidate factor events, so that intelligent configuration of the supplementary detection mode is realized, the reliability of the supplementary detection mode can be ensured, the reliability of vehicle safety detection is improved, and the safety performance of a target vehicle is improved.
In some alternative embodiments, the vehicle safety detection method may further include the steps of:
determining a risk type of a current vehicle risk;
under the condition that the risk type represents that the current vehicle risk belongs to repairable risk, acquiring a repair processing strategy corresponding to the alarm information;
and sending the repair treatment strategy to the target vehicle so that the target vehicle carries out risk treatment according to the repair treatment strategy.
The risk type can be a type needing to be repaired or a reminding type. For example, in the detection mode II shown in fig. 3, the risk of the vehicle is required to be repaired (for example, the load-reducing process of the CPU of the vehicle may be performed), so the risk type of the risk of the vehicle is the type required to be repaired; as another example, the detection mode III shown in fig. 4 targets a risk of the vehicle without repair, and thus, the risk type of the risk of the vehicle is a reminder type.
Under the condition that the risk type represents that the current vehicle risk belongs to repairable risks, a repair processing strategy corresponding to the alarm information can be obtained, the repair processing strategy can be preset, and the data management system is stored after the corresponding relation with the corresponding vehicle risk is established.
Through the steps, in the embodiment of the disclosure, the risk type of the current vehicle risk can be determined, and then, under the condition that the risk type represents that the current vehicle risk belongs to repairable risks, a repair processing strategy corresponding to the alarm information is acquired and sent to the target vehicle, so that the target vehicle carries out risk processing according to the repair processing strategy, automatic repair processing of the vehicle risk is realized, and the usability of the vehicle safety detection method is improved.
Hereinafter, an integrity flow of a vehicle safety detection method provided in an embodiment of the present disclosure will be described with reference to fig. 10.
Firstly, the safety detection data can be acquired and processed through IDPS installed on each safety detection component of the target vehicle, and sent to the electronic equipment applying the vehicle-mounted safety detection method, and the safety detection data can be received through a vehicle-end application programming interface (Application Programming Interface, API) arranged on the electronic equipment. Wherein the electronic device may be a server.
Thereafter, the vehicle-side API sends the security detection data to the pattern matching module encapsulated with the flank distributed computing policy via a preset communication protocol (e.g., kafka protocol) to clean the security detection data, and at the same time, generates a data cleaning log, and stores the data cleaning log in a first database (e.g., an elastic search data server) via the preset communication protocol (e.g., kafka protocol).
For the cleaned safety detection data, the latest detection data set can be acquired from the data management system, so that under the condition that the successfully matched target detection mode exists in the detection mode set based on the safety detection data in a dynamic matching mode, the current vehicle risk corresponding to the target detection mode is determined, and the warning information corresponding to the current vehicle risk is generated, so that real-time warning is realized, and the warning information can be sent to the designated terminal equipment in a short message, mail and other modes. Meanwhile, the alert information may be stored in a second database (e.g., a clickHouse database) so that the alert information is transmitted to the Web front end through the Web back end of the VSOC for the security operator to view the alert information through the Web front end.
The Web back end and the Web front end are used for docking safety operators so as to realize the following functions:
(1) Asset management: support the management of the vehicle model, vehicle management, part management, etc.;
(2) Event center: supporting information viewing such as an alarm list (including a vulnerability list);
(3) Detection mode: configuration of supporting detection mode (including configuration of single factor detection mode and multi-factor detection mode), deletion, modification, inquiry, shutdown;
(4) Emergency response: work order management, work order arrangement and the like are supported;
(5) User management: user management and role management are supported, platform access rights and interface access rights of users are limited, and read and write rights authentication of specific API levels is supported.
Fig. 11 is a schematic view of a scenario of a vehicle safety detection method according to an embodiment of the disclosure.
As described above, the vehicle safety detection method provided by the embodiment of the disclosure is applied to an electronic device. Electronic devices are intended to represent various forms of digital computers, such as servers, blade servers, mainframes, or other suitable computers.
The electronic device may be configured to:
acquiring safety detection data for a target vehicle;
determining a current vehicle risk corresponding to the target detection mode under the condition that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
and generating alarm information corresponding to the current vehicle risk.
The safety detection data can be acquired and processed through IDPS installed on each safety detection part of the target vehicle and sent to the electronic equipment applying the vehicle-mounted safety detection method.
In addition, in the embodiment of the present disclosure, after the alarm information corresponding to the current vehicle risk is generated, the risk type of the current vehicle risk may also be determined; under the condition that the risk type represents that the current vehicle risk belongs to repairable risk, acquiring a repair processing strategy corresponding to the alarm information; and sending the repair treatment strategy to the target vehicle so that the target vehicle carries out risk treatment according to the repair treatment strategy.
It should be noted that, in the embodiment of the present disclosure, the schematic view of the scenario shown in fig. 11 is merely illustrative and not restrictive, and those skilled in the art may make various obvious changes and/or substitutions based on the example of fig. 11, and the obtained technical solution still falls within the scope of the embodiment of the present disclosure.
In order to better implement the vehicle safety detection method, the embodiment of the disclosure also provides a vehicle safety detection device, which can be integrated in an electronic device. Hereinafter, a vehicle safety detection apparatus 1200 provided in the disclosed embodiment will be described with reference to a schematic structural diagram shown in fig. 12.
A data acquisition unit 1201 for acquiring security detection data for a target vehicle;
a risk determination unit 1202 for determining a current vehicle risk corresponding to a target detection pattern in a case where it is determined that there is a target detection pattern in the detection pattern set that is successfully matched based on the security detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
An information generating unit 1203 is configured to generate alert information corresponding to the current risk of the vehicle.
In some alternative embodiments, the set of detection patterns includes at least one single factor detection pattern for characterizing a set of detection events that need to be matched and/or at least one multiple factor detection pattern for characterizing a plurality of sets of detection events that need to be matched; the risk determination unit 1202 is configured to:
for each single-factor detection mode, determining the single-factor detection mode as a target detection mode under the condition that the detection event set represented by the single-factor detection mode is successfully matched based on the safety detection data, so as to determine that the target detection mode successfully matched exists in the detection mode set;
for each multi-factor detection mode, when the fact that a plurality of detection event sets represented by the multi-factor detection mode are successfully matched is determined based on the safety detection data and the preset matching time length corresponding to the multi-factor detection mode, the multi-factor detection mode is determined to be a target detection mode, and the target detection mode which is successfully matched exists in the detection mode set.
In some alternative embodiments, risk determination unit 1202 is configured to:
Under the condition that the head event sets in a plurality of detection event sets characterized by the multi-factor detection mode are successfully matched based on the safety detection data, starting to calculate the mode matching duration;
acquiring a preset matching time length corresponding to the multi-factor detection mode;
before the pattern matching time length reaches the preset matching time length, if each non-head event set except the head event set in the multiple detection event sets represented by the multiple factor detection pattern is successfully matched based on the safety detection data, the multiple detection event sets represented by the multiple factor detection pattern are successfully matched.
In some alternative embodiments, risk determination unit 1202 is configured to:
for each non-head event set of the plurality of detection event sets characterized by the multi-factor detection mode except for the head event set, determining a set association relationship between the non-head event set and a last event set of the non-head event set;
and under the condition that the event occurrence condition of the non-head event set is determined to accord with the set association relation based on the safety detection data, the non-head event set is determined to be successfully matched.
In some alternative embodiments, when the detected event set includes at least one rule event and the detected event set includes a plurality of rule events, an event association relationship between the plurality of rule events is or relationship.
In some alternative embodiments, the rule event is a specific event or an open event; wherein the open event includes a plurality of specific events having the same characteristics, and the open event has a corresponding event semantic.
In some alternative embodiments, risk determination unit 1202 is configured to:
for each detection mode, acquiring a detection mode corresponding to the detection mode; wherein the detection mode comprises at least one of a detection period and a detection time period;
according to the detection mode, based on the safety detection data, the target detection mode which is successfully matched exists in the detection mode set.
In some alternative embodiments, the vehicle safety detection device 1200 further includes:
a logic acquisition unit for acquiring an automatic configuration logic;
a mode configuration unit for configuring a supplementary detection mode according to the automatic configuration logic;
and the mode set creating unit is used for creating a detection mode set by using the supplementary detection mode.
In some alternative embodiments, the mode configuration unit is configured to:
acquiring a preset safety specification; the preset safety specification comprises at least one safety detection item;
determining at least one detection event set to be matched for each security detection item;
The supplemental detection pattern is configured based on at least one set of detection events that need to be matched.
In some alternative embodiments, the mode configuration unit is configured to:
acquiring a reference mode; the reference mode is used for representing a result event set to be matched and a candidate factor event set related to the result event set, wherein the candidate factor event set comprises a plurality of candidate factor events;
based on the security detection data, performing multiple matches on the reference pattern to determine at least one factor event that triggers the result event set from the plurality of candidate factor events;
constructing a factor event set by using at least one factor event;
based on the factor event set and the result event set, a supplemental detection mode is configured.
In some alternative embodiments, the security detection data includes relevant detection data for at least one of a vehicle-mounted, on-board telematics, gateway controller, and domain controller of the target vehicle.
In some alternative embodiments, the vehicle safety detection device 1200 further includes:
a risk type determining unit for determining a risk type of a current vehicle risk;
the strategy acquisition unit is used for acquiring a repair processing strategy corresponding to the alarm information under the condition that the risk type represents that the current vehicle risk belongs to the repairable risk;
And the strategy sending unit is used for sending the repair processing strategy to the target vehicle so that the target vehicle carries out risk processing according to the repair processing strategy.
Descriptions of specific functions and examples of each unit of the apparatus in the embodiments of the present disclosure may refer to related descriptions of corresponding steps in the foregoing method embodiments, which are not repeated herein.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 13 illustrates a schematic block diagram of an example electronic device 1300 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile apparatuses, such as personal digital assistants, cellular telephones, smartphones, wearable devices, and other similar computing apparatuses. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 13, the apparatus 1300 includes a computing unit 1301 that can perform various appropriate actions and processes according to a computer program stored in a Read-Only Memory (ROM) 1302 or a computer program loaded from a storage unit 1308 into a random access Memory (Random Access Memory, RAM) 1303. In the RAM 1303, various programs and data required for the operation of the device 1300 can also be stored. The computing unit 1301, the ROM 1302, and the RAM 1303 are connected to each other through a bus 1304. An Input/Output (I/O) interface 1305 is also connected to bus 1304.
Various components in device 1300 are connected to I/O interface 1305, including: an input unit 1306 such as a keyboard, a mouse, or the like; an output unit 1307 such as various types of displays, speakers, and the like; storage unit 1308, such as a magnetic disk, optical disk, etc.; and a communication unit 1309 such as a network card, a modem, a wireless communication transceiver, or the like. The communication unit 1309 allows the device 1300 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 1301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 1301 include, but are not limited to, a central processing unit (Central Processing Unit, CPU), a graphics processing unit (Graphics Processing Unit, GPU), various dedicated artificial intelligence (Artificial Intelligence, AI) computing chips, various computing units running machine learning model algorithms, digital signal processors (Digital Signal Process, DSP), and any suitable processors, controllers, microcontrollers, etc. The computing unit 1301 executes the respective methods and processes described above, for example, a vehicle security detection method. For example, in some embodiments, the vehicle security detection method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 1308. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 1300 via the ROM 1302 and/or the communication unit 1309. When the computer program is loaded into the RAM 1303 and executed by the computing unit 1301, one or more steps of the vehicle security detection method described above may be performed. Alternatively, in other embodiments, computing unit 1301 may be configured to perform the vehicle security detection method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above can be implemented in digital electronic circuitry, integrated circuit systems, field programmable gate arrays (Field Programmable Gate Array, FPGAs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), application specific standard products (Application Specific Standard Product, ASSPs), systems On Chip (SOC), load programmable logic devices (Complex Programmable Logic Device, CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an erasable programmable read-Only Memory (EPROM) or flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a Cathode Ray Tube (CRT) display or a liquid crystal display (Liquid Crystal Display, LCD)) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local area network (Local Area Network, LAN), wide area network (Wide Area Network, WAN) and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform a vehicle safety detection method.
The disclosed embodiments also provide a computer program product comprising a computer program which, when executed by a processor, implements a vehicle safety detection method.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein. Moreover, in this disclosure, relational terms such as "first," "second," and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. In addition, "a plurality of" in the present disclosure may be understood as at least two, and "any" in the present disclosure may be understood as any one.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions, improvements, etc. that are within the principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (27)
1. A vehicle safety detection method, comprising:
acquiring safety detection data for a target vehicle;
determining a current vehicle risk corresponding to a target detection mode under the condition that the target detection mode which is successfully matched exists in a detection mode set based on the safety detection data; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
and generating alarm information corresponding to the current vehicle risk.
2. The method according to claim 1, wherein the set of detection patterns comprises at least one single factor detection pattern for characterizing one set of detection events that need to be matched and/or at least one multi-factor detection pattern for characterizing a plurality of sets of detection events that need to be matched; the determining that the target detection mode successfully matched exists in the detection mode set based on the safety detection data comprises the following steps:
For each single factor detection mode, determining the single factor detection mode as a target detection mode in the case that the detection event set characterized by the single factor detection mode is successfully matched based on the safety detection data, so as to determine that the target detection mode successfully matched exists in the detection mode set;
and determining the multi-factor detection mode as a target detection mode when a plurality of detection event sets represented by the multi-factor detection mode are successfully matched based on the safety detection data and preset matching time periods corresponding to the multi-factor detection mode, so as to determine that the target detection mode successfully matched exists in the detection mode sets.
3. The method of claim 2, wherein the determining that the plurality of detection event sets characterized by the multi-factor detection mode are successfully matched based on the security detection data and a preset matching duration corresponding to the multi-factor detection mode comprises:
starting to calculate a pattern matching duration in case it is determined, based on the security detection data, that a head event set among a plurality of detection event sets characterized by the multi-factor detection pattern is successfully matched;
Acquiring a preset matching time length corresponding to the multi-factor detection mode;
and before the pattern matching time length reaches the preset matching time length, if each non-head event set except the head event set in the multiple detection event sets represented by the multiple factor detection pattern is successfully matched based on the safety detection data, determining that the multiple detection event sets represented by the multiple factor detection pattern are successfully matched.
4. The method of claim 3, wherein the determining, based on the security detection data, that each non-head event set of the plurality of detection event sets characterized by the multi-factor detection mode other than the head event set was successfully matched comprises:
determining, for each non-head event set of a plurality of detection event sets characterized by the multi-factor detection mode other than the head event set, a set association relationship between the non-head event set and a last event set of the non-head event set;
and under the condition that the event occurrence condition of the non-head event set accords with the set association relation based on the safety detection data, the non-head event set is determined to be successfully matched.
5. The method of claim 1, wherein when the detected event set includes at least one rule event and the detected event set includes a plurality of rule events, an event association relationship between the plurality of rule events is or relationship.
6. The method of claim 5, wherein the rule event is a specific event or an open event; wherein the open event includes a plurality of specific events having the same characteristics, and the open event has a corresponding event semantic.
7. The method of claim 1, wherein the determining that there is a successfully matched target detection pattern in a detection pattern set based on the security detection data comprises:
for each detection mode, acquiring a detection mode corresponding to the detection mode; wherein the detection mode comprises at least one of a detection period and a detection time period;
and according to the detection mode, determining that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data.
8. The method of any one of claims 1-7, further comprising:
acquiring automatic configuration logic;
configuring a supplemental detection mode according to the auto-configuration logic;
Using the supplemental detection pattern, the set of detection patterns is created.
9. The method of claim 8, wherein said configuring a supplemental detection mode in accordance with said auto-configuration logic comprises:
acquiring a preset safety specification; wherein the preset security specification comprises at least one security detection item;
determining at least one detection event set to be matched for each security detection item;
the supplemental detection mode is configured based on the at least one set of detection events that need to be matched.
10. The method of claim 8, wherein said configuring a supplemental detection mode in accordance with said auto-configuration logic comprises:
acquiring a reference mode; the reference mode is used for representing a result event set to be matched and a candidate factor event set related to the result event set, wherein the candidate factor event set comprises a plurality of candidate factor events;
matching the reference pattern a plurality of times based on the security detection data to determine at least one factor event from the plurality of candidate factor events that triggers the result event set;
constructing a factor event set by using the at least one factor event;
The supplemental detection mode is configured based on the set of factor events and the set of result events.
11. The method of claim 1, wherein the security detection data comprises relevant detection data of at least one of a vehicle-mounted, an on-board telematics processor, a gateway controller, and a domain controller of the target vehicle.
12. The method of claim 1, further comprising:
determining a risk type of the current vehicle risk;
acquiring a repair processing strategy corresponding to the alarm information under the condition that the risk type characterizes that the current vehicle risk belongs to repairable risks;
and sending the repair processing strategy to the target vehicle so that the target vehicle carries out risk processing according to the repair processing strategy.
13. A vehicle safety detection device comprising:
a data acquisition unit configured to acquire safety detection data for a target vehicle;
a risk determination unit configured to determine, in a case where it is determined that a target detection pattern that is successfully matched exists in a detection pattern set based on the security detection data, a current vehicle risk corresponding to the target detection pattern; wherein the set of detection patterns comprises at least one detection pattern, and the detection pattern is used to characterize at least one set of detection events that need to be matched;
And the information generation unit is used for generating alarm information corresponding to the current vehicle risk.
14. The apparatus of claim 13, wherein the set of detection patterns comprises at least one single-factor detection pattern for characterizing one set of detection events that need to be matched and/or at least one multi-factor detection pattern for characterizing multiple sets of detection events that need to be matched; the risk determination unit is used for:
for each single factor detection mode, determining the single factor detection mode as a target detection mode in the case that the detection event set characterized by the single factor detection mode is successfully matched based on the safety detection data, so as to determine that the target detection mode successfully matched exists in the detection mode set;
and determining the multi-factor detection mode as a target detection mode when a plurality of detection event sets represented by the multi-factor detection mode are successfully matched based on the safety detection data and preset matching time periods corresponding to the multi-factor detection mode, so as to determine that the target detection mode successfully matched exists in the detection mode sets.
15. The apparatus of claim 14, wherein the risk determination unit is to:
starting to calculate a pattern matching duration in case it is determined, based on the security detection data, that a head event set among a plurality of detection event sets characterized by the multi-factor detection pattern is successfully matched;
acquiring a preset matching time length corresponding to the multi-factor detection mode;
and before the pattern matching time length reaches the preset matching time length, if each non-head event set except the head event set in the multiple detection event sets represented by the multiple factor detection pattern is successfully matched based on the safety detection data, determining that the multiple detection event sets represented by the multiple factor detection pattern are successfully matched.
16. The apparatus of claim 15, wherein the risk determination unit is to:
determining, for each non-head event set of a plurality of detection event sets characterized by the multi-factor detection mode other than the head event set, a set association relationship between the non-head event set and a last event set of the non-head event set;
and under the condition that the event occurrence condition of the non-head event set accords with the set association relation based on the safety detection data, the non-head event set is determined to be successfully matched.
17. The apparatus of claim 13, wherein when the detected event set includes at least one rule event and the detected event set includes a plurality of rule events, an event association relationship between the plurality of rule events is or relationship.
18. The apparatus of claim 17, wherein the rule event is a specific event or an open event; wherein the open event includes a plurality of specific events having the same characteristics, and the open event has a corresponding event semantic.
19. The apparatus of claim 13, wherein the risk determination unit is to:
for each detection mode, acquiring a detection mode corresponding to the detection mode; wherein the detection mode comprises at least one of a detection period and a detection time period;
and according to the detection mode, determining that the target detection mode which is successfully matched exists in the detection mode set based on the safety detection data.
20. The apparatus of any one of claims 13-19, further comprising:
a logic acquisition unit for acquiring an automatic configuration logic;
a mode configuration unit for configuring a supplementary detection mode according to the automatic configuration logic;
And the mode set creation unit is used for creating the detection mode set by utilizing the supplementary detection mode.
21. The apparatus of claim 20, wherein the mode configuration unit is configured to:
acquiring a preset safety specification; wherein the preset security specification comprises at least one security detection item;
determining at least one detection event set to be matched for each security detection item;
the supplemental detection mode is configured based on the at least one set of detection events that need to be matched.
22. The apparatus of claim 20, wherein the mode configuration unit is configured to:
acquiring a reference mode; the reference mode is used for representing a result event set to be matched and a candidate factor event set related to the result event set, wherein the candidate factor event set comprises a plurality of candidate factor events;
matching the reference pattern a plurality of times based on the security detection data to determine at least one factor event from the plurality of candidate factor events that triggers the result event set;
constructing a factor event set by using the at least one factor event;
the supplemental detection mode is configured based on the set of factor events and the set of result events.
23. The apparatus of claim 13, wherein the security detection data comprises relevant detection data for at least one of a vehicle-mounted, an on-board telematics processor, a gateway controller, and a domain controller of the target vehicle.
24. The apparatus of claim 13, further comprising:
a risk type determining unit, configured to determine a risk type of the current vehicle risk;
the strategy acquisition unit is used for acquiring a repair processing strategy corresponding to the alarm information under the condition that the risk type represents that the current vehicle risk belongs to repairable risks;
and the strategy sending unit is used for sending the repair processing strategy to the target vehicle so that the target vehicle carries out risk processing according to the repair processing strategy.
25. An electronic device, comprising:
at least one processor;
a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 12.
26. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-12.
27. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310880038.1A CN117118663A (en) | 2023-07-18 | 2023-07-18 | Vehicle safety detection method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310880038.1A CN117118663A (en) | 2023-07-18 | 2023-07-18 | Vehicle safety detection method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117118663A true CN117118663A (en) | 2023-11-24 |
Family
ID=88799197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310880038.1A Pending CN117118663A (en) | 2023-07-18 | 2023-07-18 | Vehicle safety detection method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117118663A (en) |
-
2023
- 2023-07-18 CN CN202310880038.1A patent/CN117118663A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105474678A (en) | Centralized selective application approval for mobile devices | |
| CN107800783B (en) | Method and device for remotely monitoring server | |
| CN101636000A (en) | Treating method and treatment device of alarm storms | |
| CN110717661A (en) | Method and device for updating wind control rule | |
| CN107040950A (en) | A kind of management method of WIFI equipment and a kind of WIFI equipment | |
| CN110516836A (en) | Intelligent early-warning method, apparatus, equipment and storage medium based on big data | |
| CN114328132A (en) | Method, device, equipment and medium for monitoring state of external data source | |
| CN113807228A (en) | Parking event prompting method and device, electronic equipment and storage medium | |
| CN111310242B (en) | Method and device for generating device fingerprint, storage medium and electronic device | |
| CN111198902A (en) | Metadata management method and device, storage medium and electronic equipment | |
| CN113050960B (en) | OTA upgrading method and device, vehicle-mounted terminal and storage medium | |
| CN112286559A (en) | Upgrading method and device for vehicle-mounted intelligent terminal | |
| CN117118663A (en) | Vehicle safety detection method and device, electronic equipment and storage medium | |
| CN116305167A (en) | Method and device for processing security vulnerabilities of open source component | |
| CN115617823A (en) | Map updating data downloading method, device, equipment and readable medium | |
| CN115719167A (en) | Vehicle information safety monitoring method and device | |
| CN111970317B (en) | Remote control method, storage medium and remote control system | |
| CN113014675A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN107957942B (en) | SQL script fault repairing method and terminal thereof | |
| CN113256256A (en) | Work order early warning method, device, equipment and storage medium | |
| CN116279286B (en) | Unlocking method, device, equipment and medium of engine | |
| CN117421068B (en) | Application cold start method, system, device, computer equipment and storage medium | |
| CN114615144B (en) | Network optimization method and system | |
| CN113055472B (en) | Internet of things data control method and device based on security authentication | |
| CN110837453B (en) | Method and related device for monitoring document exchange platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |