CN117155719A - Vehicle data security detection method, system, electronic equipment and storage medium - Google Patents

Vehicle data security detection method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN117155719A
CN117155719A CN202311439721.8A CN202311439721A CN117155719A CN 117155719 A CN117155719 A CN 117155719A CN 202311439721 A CN202311439721 A CN 202311439721A CN 117155719 A CN117155719 A CN 117155719A
Authority
CN
China
Prior art keywords
message
data
preset
security level
vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311439721.8A
Other languages
Chinese (zh)
Inventor
尹位太
刘博�
袁海滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Aoxing Technology Co ltd
Original Assignee
Beijing Aoxing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Aoxing Technology Co ltd filed Critical Beijing Aoxing Technology Co ltd
Priority to CN202311439721.8A priority Critical patent/CN117155719A/en
Publication of CN117155719A publication Critical patent/CN117155719A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Traffic Control Systems (AREA)

Abstract

The application provides a vehicle data security detection method, a system, an electronic device and a storage medium, which are applied to a vehicle data security detection system, wherein the method comprises the following steps: acquiring a message transmitted by the ECU outwards; analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event; and if the safety level is smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards. The application monitors the data transmitted outwards to prevent sensitive data leakage.

Description

Vehicle data security detection method, system, electronic equipment and storage medium
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a vehicle data security detection method, system, electronic device, and storage medium.
Background
The vehicle collects vehicle data in real time in the running process of the vehicle and transmits the vehicle data to the cloud platform of each vehicle enterprise; the data transmission is not safely regulated, so that the problem of data leakage exists in the data transmission process.
Disclosure of Invention
In view of the above, embodiments of the present application provide a vehicle data security detection method, system, electronic device and storage medium, so as to solve the problem of data leakage in the data transmission process in the prior art.
In order to achieve the above object, the embodiment of the present application provides the following technical solutions:
a first aspect of an embodiment of the present application shows a vehicle data security detection method applied to a vehicle data security detection system, the vehicle data security detection system being connected to a vehicle processor ECU, the method comprising:
optionally, acquiring a message transmitted by the vehicle processor ECU outwards;
analyzing the message according to different dimensions to obtain message data of different dimensions;
if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission;
determining whether the destination address is secure;
if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events;
and if the safety level is determined to be smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards.
Optionally, if the decomposition information further includes a message format and a data packet format;
determining whether the message format is a preset standard format;
if yes, determining whether the data packet format is a target format, wherein the target format is determined based on a standard format and a preset application format;
if so, a step of determining whether the destination address is secure is performed.
Optionally, the determining whether the destination address is secure includes:
determining an identification code in the destination address;
if the identification code does not indicate an overseas address, judging whether the destination address is a preset supervision address;
if yes, determining that the destination address is safe.
Optionally, the process of constructing the preset processing model based on the historical event includes:
acquiring a historical event, a data type and a security level, and taking the historical event, the data type and the security level as sample data;
and training the sample data by using a universal neural network model to obtain a preset processing model.
Optionally, determining that the security level is less than a preset security level includes:
comparing the security level with a preset security level;
and if the security level is on the right side of the preset security level, determining that the security level is smaller than the preset security level.
Optionally, the method further comprises:
judging whether the message data corresponding to the system dimension is abnormal or not;
judging whether the message data corresponding to the flow dimension is abnormal or not.
Optionally, the method further comprises:
determining a treatment operation corresponding to the security level;
and executing a treatment operation corresponding to the security level to generate alarm information corresponding to the message.
A second aspect of an embodiment of the present application shows a vehicle data security detection system connected to a vehicle processor ECU, the vehicle data security detection system including:
the acquisition unit is used for acquiring the message transmitted outwards by the vehicle processor ECU;
the analysis unit is used for analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission;
a processing unit, configured to determine whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is greater than or equal to a preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards.
A third aspect of the embodiment of the present application shows an electronic device, where the electronic device is configured to execute a program, where the program executes the vehicle data security detection method according to the first aspect of the embodiment of the present application.
A fourth aspect of the embodiment of the present application shows a storage medium, where the storage medium includes a storage program, where when the program runs, the device where the storage medium is controlled to execute the vehicle data security detection method according to the first aspect of the embodiment of the present application.
The vehicle data security detection method, system, electronic device and storage medium provided by the embodiment of the application are applied to a vehicle data security detection system, wherein the vehicle data security detection system is connected with a vehicle processor ECU, and the method comprises the following steps: acquiring a message transmitted by the ECU outwards; analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission; determining whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is determined to be smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards. The application monitors the data transmitted outwards to prevent sensitive data leakage.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram illustrating interaction of a vehicle processor ECU with a vehicle data security detection system in accordance with an embodiment of the present application;
FIG. 2 is a schematic diagram of interactions of a vehicle processor ECU, a vehicle data security detection system, and a public safety monitoring platform, as shown in an embodiment of the present application;
FIG. 3 is a block diagram of a vehicle data security detection system according to an embodiment of the present application;
FIG. 4 is a block diagram of a vehicle data security detection system according to an embodiment of the present application;
FIG. 5 is a flow chart of a method for detecting vehicle data security according to an embodiment of the present application;
FIG. 6 is a flow chart of a method for detecting vehicle data security according to an embodiment of the present application;
fig. 7 is a schematic diagram of a vehicle data detection process according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the description of "first", "second", etc. in this disclosure is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implying an indication of the number of technical features being indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.
In the present disclosure, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Referring to fig. 1, a schematic diagram of interaction between a vehicle processor ECU and a vehicle data security detection system according to an embodiment of the present application is shown;
the vehicle data security detection system 10 is connected with a vehicle processor ECU 20;
the vehicle data security detection system 10 is disposed at a communication link outlet of the vehicle external interaction device and is in communication connection with the vehicle processor ECU 20.
The communication link exit is the exit of the vehicle equipment such as the vehicle-mounted remote information processor T-BOX and the vehicle-mounted fusion gateway for sending the message.
Referring to fig. 2, the vehicle data security detection system 10 is also coupled to a public safety monitoring platform 30.
Wherein the public safety monitoring platform 30 is a data safety overall monitoring platform for all vehicles used by the relevant functional departments or authorities.
Based on the architecture shown in fig. 1 and 2, the specific structure diagram of the vehicle data security detection system may be as shown in fig. 3, where the vehicle data security detection system includes:
an acquiring unit 301, configured to acquire a message transmitted by the vehicle processor ECU to the outside;
in a specific implementation, the acquiring unit 301 of the vehicle data security detection system 10 detects, that is, continuously monitors, the message that the vehicle processor ECU needs to transmit to the outside, and acquires the message that the vehicle processor ECU transmits to the outside.
The parsing unit 302 is configured to parse the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission;
it should be noted that the different dimension indications include a system dimension, a traffic dimension and a feature dimension, that is, the message data of the different dimensions at least includes the message data of the system dimension, and the message data of the traffic dimension corresponds to the message data of the feature dimension.
In a specific implementation, the parsing unit 302 parses the message to obtain parsed message data, and determines message data corresponding to a system dimension in the parsed message data; then, determining the message data corresponding to the flow dimension in the decomposed message data, and determining the message data corresponding to the characteristic dimension in the decomposed message data.
It should be noted that, the message data corresponding to the system dimension includes data such as CPU utilization, memory usage, file system, and hard disk space.
The message data corresponding to the flow dimension comprises data such as flow size, flow statistics, flow period, flow sending purpose and the like.
The message data corresponding to the feature dimension includes message features, such as data of destination address and output event.
Optionally, if the decomposition information further includes a message format and a data packet format; the parsing unit 302 is further configured to:
determining whether the message format is a preset standard format; if yes, determining whether the data packet format is a target format, wherein the target format is determined based on a standard format and a preset application format; if yes, executing to determine whether the destination address is safe.
A processing unit 303, configured to determine whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is greater than or equal to a preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards.
Based on the architecture shown in fig. 3, the embodiment of the application also correspondingly discloses a more specific architecture diagram of the vehicle data security detection system, as shown in fig. 4.
The log alarming module is responsible for assembling logs and alarming information in a standardized format and sending the logs and alarming information to the public supervision platform outwards, so that information linkage with the remote cloud platform is realized, and a supervision mechanism is helped to effectively realize management and control of vehicle outgoing data.
The public communication module is responsible for internal and external communication functions, including communication among different modules in the interior, communication between the system and a cloud public safety monitoring platform and communication between the system and a vehicle.
The data types, namely the vehicle data reporting types, comprise a terminal management type, a position and alarm type, an information type, a telephone type, a vehicle control type, a vehicle management type, an information acquisition type, a multimedia type, a general data transmission type, an encryption type and the like.
In the embodiment of the application, the message transmitted by the ECU of the vehicle processor outwards is acquired; analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission; determining whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is determined to be smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards. The application monitors the data transmitted outwards to prevent sensitive data leakage.
Optionally, the processing unit 303 configured to determine whether the destination address is secure is specifically configured to:
determining an identification code in the destination address; if the identification code does not indicate an overseas address, judging whether the destination address is a preset supervision address; if yes, determining that the destination address is safe.
In a specific implementation, the destination address is resolved, and an identification code for identifying the address where the destination device is located is determined; and determining whether the identification code is consistent with the identification code of the address of the target equipment in the overseas address, if not, judging whether the target address is a preset supervision address or not, and if so, determining that the target address is safe.
It should be noted that the identification code is used to identify the address where the destination device is located.
The preset supervision address refers to that the enterprise of the relevant receiver has completed address security authentication by the supervision institution.
Optionally, the processing unit 303 of the process of constructing the preset processing model based on the historical event is specifically configured to:
acquiring a historical event, a data type and a security level, and taking the historical event, the data type and the security level as sample data;
and training the sample data by using a universal neural network model to obtain a preset processing model.
Optionally, the processing unit 303 configured to determine that the security level is less than a preset security level includes:
comparing the security level with a preset security level;
and if the security level is on the right side of the preset security level, determining that the security level is smaller than the preset security level.
In a specific implementation, comparing the security level with a preset security level, if the security level is equal to the preset security level or the security level is on the left of the preset security level, determining that the security level is greater than or equal to the preset security level, and determining the message that the vehicle processor ECU can transmit outwards; and if the safety level is on the right side of the preset safety level, determining that the safety level is smaller than the preset safety level, and executing the operation of preventing the ECU from transmitting the message outwards.
Optionally, the processing unit 303 is further configured to:
judging whether the message data corresponding to the system dimension is abnormal or not;
judging whether the message data corresponding to the flow dimension is abnormal or not.
In a specific implementation, the condition of the external communication operating system is monitored through the message data corresponding to the system dimension, specifically including detecting whether the CPU utilization rate, the memory use and the like are within a preset threshold range, if both are within the corresponding threshold range, determining that no abnormality exists, and if any one is not within the corresponding threshold range, determining that the abnormality exists; macroscopic monitoring of the external transmission data flow through the message data corresponding to the flow dimension specifically comprises detecting whether flow size, flow statistics, flow period and flow transmission destination parameters are in preset values, if so, determining that no abnormality exists, determining that the message which can be transmitted by the vehicle processor ECU outwards, and if any one of the messages is not in, determining that abnormality exists.
Optionally, the processing unit 303 is further configured to:
a treatment operation corresponding to the security level is determined.
And executing a treatment operation corresponding to the security level to generate alarm information corresponding to the message.
The correspondence between the security level and the handling operation is constructed in advance.
In a specific implementation, searching a pre-built corresponding relation between the security level and the treatment operation, and determining the treatment operation corresponding to the security level.
For example, the treatment operation may be to use only in the vehicle, prohibit uploading, and report corresponding alert information to the vehicle and cloud-supervision cloud platform.
Referring to fig. 5, a method for detecting vehicle data security according to an embodiment of the present application includes:
step S501: and acquiring the message transmitted by the vehicle processor ECU outwards.
In the specific implementation process of step S501, the vehicle data security detection system detects, that is, continuously monitors, the message that the vehicle processor ECU needs to transmit outwards, and obtains the message that the vehicle processor ECU transmits outwards.
Step S502: and decomposing the message according to different dimensions to obtain message data of different dimensions.
It should be noted that the different dimension indications include a system dimension, a traffic dimension and a feature dimension, that is, the message data of the different dimensions at least includes the message data of the system dimension, and the message data of the traffic dimension corresponds to the message data of the feature dimension.
In the specific implementation step S502, decomposing the message to obtain decomposed message data, and determining message data corresponding to the system dimension in the decomposed message data; then, determining the message data corresponding to the flow dimension in the decomposed message data, and determining the message data corresponding to the characteristic dimension in the decomposed message data.
It should be noted that, the message data corresponding to the system dimension includes data such as CPU utilization, memory usage, file system, and hard disk space.
The message data corresponding to the flow dimension comprises data such as flow size, flow statistics, flow period, flow sending purpose and the like.
The message data corresponding to the feature dimension includes message features, such as data of destination address and output event.
Step S503: determining whether the dimension corresponding to the message data is a feature dimension, and executing step S504 if the dimension corresponding to the message data is the feature dimension;
if not, determining whether the dimension corresponding to the message data is a system dimension or a flow dimension, if so, executing step S508, and if so, executing step S509.
Step S504: and decomposing the message data under the characteristic dimension to obtain decomposition information.
In step S504, the decomposition information includes a destination address and an output event of the message transmission.
In the specific implementation step S504, the message data in the dimension is decomposed to obtain decomposition information including the destination address and the output event of the message transmission.
Step S505: determining whether the destination address is safe, if so, executing step S506, and if not, executing step S510.
It should be noted that there are various embodiments of the process of embodying step S505.
A first embodiment comprises the steps of:
step S11: determining an identification code in the destination address;
it should be noted that the identification code is used to identify the address where the destination device is located.
In the specific implementation process of step S11, the destination address is parsed, and an identification code for identifying the address where the destination device is located is determined.
Step S12: whether the identification code indicates an overseas address is determined, if not, step S13 is executed, and if yes, step S510 is executed.
In the specific implementation process of step S12, determining whether the identification code is consistent with the identification code identifying the address of the destination device in the overseas address, if not, indicating that the destination address is not the overseas address, and executing step S13; if so, it is determined that the destination address is an overseas address, and step S510 is performed.
Step S13: and judging whether the destination address is a preset supervision address, if so, executing the step S14, and if not, executing the step S510.
It should be noted that, the preset supervision address refers to that the enterprise of the relevant receiver has completed address security authentication by the supervision institution.
Step S14: and determining the security of the destination address.
A second embodiment comprises the steps of:
step S21: and judging whether the destination address is in the white list, if so, executing step S22, and if not, executing step S510.
It should be noted that, the white list refers to a compliance destination address that allows data to be sent, for example, a vehicle enterprise applies for a prepared compliance cloud platform to a regulatory agency, or a public cloud platform provided by the regulatory agency, etc.;
the blacklist refers to an offending destination address, such as an overseas address, some known offending address, etc., that prohibits the transmission of data.
In the specific implementation process of step S21, it is determined whether the target address matches the white list or the black list, if yes, step S22 is executed, and if no white list is matched or neither white list nor black list is matched, step S510 is executed.
Step S22: and determining the security of the destination address.
Step S506: and inputting the output event into a preset processing model, processing based on the preset processing model, and outputting the security level corresponding to the output event.
It should be noted that, the process of constructing the preset processing model based on the historical event includes:
step S31: acquiring a historical event, a data type and a security level, and taking the historical event, the data type and the security level as sample data;
it should be noted that the history event is any data that occurs in the vehicle, such as position data, driver identity data, and the like.
Corresponding data types are set in advance according to different historical events, and the processing model determines the corresponding relation between the events and the data types through training and learning.
Further, the data types include a terminal management class, a location and alarm class, an information class, a telephone class, a vehicle control class, a vehicle management class, an information acquisition class, a multimedia class, a general data transmission class, an encryption class, and the like.
And presetting a security level corresponding to each data type, and similarly, determining the corresponding relation between the data type and the security level by the processing model through training and learning.
The security level is decreased from left to right according to the level including S, A, B, C, D, F, etc.
Step S32: and training the sample data by using a universal neural network model to obtain a preset processing model.
In the specific implementation process of step S32, the sample data set is trained by using the general neural network model to determine the relationship among the history event, the data type, and the security level, so as to obtain a trained processing model.
In the specific implementation process of step S506, the preset processing model searches for a correspondence between an event and a data type, determines the data type corresponding to the event, further searches for a correspondence between the data type and a security level, and determines the security level corresponding to the event.
Alternatively, in addition to the specific implementation procedure of step S506, the security level corresponding to the output event may be determined in other manners.
In one embodiment, searching a corresponding relation between a preset event and a data type, and determining the data type corresponding to the output event; and then, inquiring the corresponding relation between the preset data type and the safety level, and determining the safety level corresponding to the data type of the output event to obtain the safety level corresponding to the output event.
It should be noted that, a technician sets corresponding relations between different events and data types in advance according to experiments; the technician sets the corresponding relation between different data types and the security level in advance according to the test.
Wherein one event corresponds to one data type, and one data type may correspond to a plurality of events; one data type corresponds to one security level.
Step S507: and judging whether the security level is greater than or equal to a preset security level, if so, executing step S508, and if not, executing step S510.
In the specific implementation step S507, comparing the security level with a preset security level, if the security level is equal to the preset security level or the security level is on the left of the preset security level, determining that the security level is greater than or equal to the preset security level, determining the message that the vehicle processor ECU can transmit outwards, and executing step S508; if the security level is right to the preset security level, determining that the security level is smaller than the preset security level, and executing step S510.
Step S508: judging whether the message data corresponding to the system dimension has an abnormality, if not, executing step S509, and if so, executing step S510.
In the specific implementation step S508, the external communication operating system condition is monitored by the message data corresponding to the system dimension, which specifically includes detecting whether the CPU utilization rate, the memory usage, and the like are within a preset threshold range, if they are within the corresponding threshold ranges, determining that no abnormality exists, and executing step S509, if any one is not within the corresponding threshold range, determining that abnormality exists, and executing step S510.
Alternatively, the file system and the disk space may also be detected in real time by detecting that the system is considered to be illegally operated, i.e., abnormal, when there is an illegitimate access or file creation, deletion, update status, and step S510 is performed.
Step S509: judging whether the message data corresponding to the flow dimension is abnormal, if not, determining the message which can be transmitted outwards by the vehicle processor ECU, and if so, executing step S510.
In the specific implementation step S509, macroscopic monitoring of the external data traffic by using the message data corresponding to the traffic dimension specifically includes detecting whether the traffic size, traffic statistics, traffic period, and traffic transmission destination parameters are in preset values, if they are all in the preset values, determining that there is no abnormality, determining that there is an abnormality in the message that the vehicle processor ECU can transmit to the outside, and if any one is not in the preset value, executing step S510.
For example, abnormal flow fluctuation, unknown flow direction and the like, the hidden danger of data flow transmission is discovered in time, a safety alarm is reported, and the data leakage risk possibly caused by abnormal flow is blocked in time.
It should be noted that, the specific implementation processes of step S504 to step S507, step S508, and/or step S509 may be performed synchronously, or the steps S508 and/or step S509 may be performed in the above order, which is not limited to this embodiment of the present application.
Step S510: and executing the operation of preventing the vehicle processor ECU from transmitting the message outwards.
In a specific implementation step S510, it is determined that the message carries data that affects data security, and the vehicle processor ECU is prevented from transmitting the message to the outside.
In the embodiment of the application, the message transmitted by the ECU of the vehicle processor outwards is acquired; analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission; determining whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards. The application monitors the data transmitted outwards to prevent sensitive data leakage.
Based on the method shown in the embodiment of the present application, referring to fig. 5 in combination, referring to fig. 6, a flow chart of a method for detecting vehicle data security shown in the embodiment of the present application is shown, where the method includes:
step S601: and acquiring the message transmitted by the vehicle processor ECU outwards.
Step S602: and decomposing the message according to different dimensions to obtain message data of different dimensions.
Step S603: determining whether the dimension corresponding to the message data is a feature dimension, if the dimension corresponding to the message data is a feature dimension, executing step S604, if the dimension corresponding to the message data is a system dimension, executing step S610, and if the dimension corresponding to the message data is a flow dimension, executing step S611.
Step S604: and decomposing the message data under the characteristic dimension to obtain decomposition information.
In step S604, the decomposition information includes a destination address and an output event of the message transmission.
It should be noted that the specific implementation procedures of step S601 to step S604 are the same as the specific implementation procedure of step S503 described above, and can be seen from each other.
Optionally, the decomposition information includes a message format and a data packet format;
step S605: determining whether the message format is a preset standard format; if yes, go to step S606; if not, step S612 is performed.
It should be noted that, the preset standard format is set by a technician in advance according to the standard ethernet protocol format.
In the specific implementation process of step S605, firstly, checking whether the data assembly format of the message, i.e. the message format is consistent with the preset standard format, and if so, executing step S606; if not, step S612 is performed.
Step S606: determining whether the data packet format is the target format, if so, executing step S607, otherwise, executing step S612.
In step S606, the target format is determined based on the standard format and the preset application format, specifically, a standard protocol commonly used in the industry at present, such as GB-JT808, GB-32960, etc., is obtained, and the target format is determined based on the standard protocol commonly used in the industry at present and/or the preset application format.
It should be noted that, the pre-application format applied by the vehicle enterprise is received, and the pre-application format is checked for security, if the pre-application format is determined to be capable of being transmitted safely and accords with the transmission standard, the security check is determined to pass, and the pre-application format is incorporated into the management and then can be used.
Optionally, if it is determined that the data packet format is not the target format, determining that the message carries data affecting data security, sending a message format non-compliance alarm to a cloud public supervision cloud platform, and feeding back the non-compliance alarm to the vehicle.
Step S607: determining whether the destination address is secure, if so, executing step S608, and if not, executing step S612.
Optionally, after determining that the target address is safe, first, it is determined whether the output event is a preset event, if yes, step S608 is executed, if not, it is determined that the output event is an unknown event, and step S612 is executed.
It should be noted that the events include unknown events, protocol events and vendor custom events.
The preset event may be a protocol event or a vendor custom event, where the vendor custom event refers to an event preset by a vendor.
Step S608: and inputting the output event into a preset processing model, processing based on the preset processing model, and outputting the security level corresponding to the output event.
Step S609: and judging whether the security level is greater than or equal to the preset security level, if so, executing step S610, and if not, executing step S612.
Step S610: judging whether the message data corresponding to the system dimension has an abnormality, if not, executing step S611, and if so, executing step S612.
Step S611: judging whether the message data corresponding to the flow dimension is abnormal, if not, determining the message which can be transmitted outwards by the vehicle processor ECU, and if so, executing step S612.
It should be noted that the specific implementation procedures of step S607 to step S611 are the same as the specific implementation procedures of step S505 to step S509 described above, and can be seen from each other.
Step S612: a treatment operation corresponding to the security level is determined.
Step S613: and executing a treatment operation corresponding to the security level to generate alarm information corresponding to the message.
The correspondence between the security level and the handling operation is constructed in advance.
In the process of concretely implementing step S612 and step S613, a correspondence between the security level and the treatment operation constructed in advance is found, and the treatment operation corresponding to the security level is determined.
For example, the treatment operation may be to use only in the vehicle, prohibit uploading, and report corresponding alert information to the vehicle and cloud-supervision cloud platform.
For example, the event a is security sensitivity, i.e. data of security level S, and under normal conditions, such data should only be used in a vehicle, collection and reporting are prohibited, so that the treatment action is to prevent the sending out, send information collection alarm to the vehicle feedback rule violation, and report fingerprint information alarm information to the cloud supervision platform.
The specific implementation process based on the above steps S601 to S613 may also be embodied by the architecture shown in fig. 7.
As shown in fig. 7, this step may be performed after determining whether the destination address is safe to execute or after event matching, i.e., determining whether the destination address is a preset supervision address.
In the embodiment of the application, the message transmitted by the ECU of the vehicle processor outwards is acquired; analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission; determining whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards. The application monitors the data transmitted outwards to prevent sensitive data leakage.
It should be noted that, the specific content of the vehicle data security detection system is the same as the specific content of the vehicle data security monitoring method, and can be referred to each other.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A vehicle data security detection method, characterized by being applied to a vehicle data security detection system, the vehicle data security detection system being connected to a vehicle processor ECU, the method comprising:
acquiring a message transmitted by the ECU outwards;
analyzing the message according to different dimensions to obtain message data of different dimensions;
if the dimension corresponding to the message data is a characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event sent by the message;
determining whether the destination address is secure;
if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events;
and if the safety level is determined to be smaller than the preset safety level, executing the operation of preventing the vehicle processor ECU from transmitting the message outwards.
2. The method of claim 1, wherein the disaggregation information further comprises a message format and a data packet format;
determining whether the message format is a preset standard format;
if yes, determining whether the data packet format is a target format, wherein the target format is determined based on a standard format and a preset application format;
if so, a step of determining whether the destination address is secure is performed.
3. The method of claim 1, wherein said determining whether said destination address is secure comprises:
determining an identification code in the destination address;
if the identification code does not indicate an overseas address, judging whether the destination address is a preset supervision address;
if yes, determining that the destination address is safe.
4. The method of claim 1, wherein constructing the pre-set process model based on the historical events comprises:
acquiring a historical event, a data type and a security level, and taking the historical event, the data type and the security level as sample data;
and training the sample data by using a universal neural network model to obtain a preset processing model.
5. The method of claim 1, wherein determining that the security level is less than a preset security level comprises:
comparing the security level with a preset security level;
and if the security level is on the right side of the preset security level, determining that the security level is smaller than the preset security level.
6. The method as recited in claim 1, further comprising:
judging whether the message data corresponding to the system dimension is abnormal or not;
judging whether the message data corresponding to the flow dimension is abnormal or not.
7. The method as recited in claim 1, further comprising:
determining a treatment operation corresponding to the security level;
and executing a treatment operation corresponding to the security level to generate alarm information corresponding to the message.
8. A vehicle data security detection system, wherein the vehicle data security detection system is connected to a vehicle processor ECU, the vehicle data security detection system comprising:
the acquisition unit is used for acquiring the message transmitted outwards by the vehicle processor ECU;
the analysis unit is used for analyzing the message according to different dimensions to obtain message data of different dimensions; if the dimension corresponding to the message data is the characteristic dimension, decomposing the message data in the characteristic dimension to obtain decomposition information, wherein the decomposition information comprises a destination address and an output event of message transmission;
a processing unit, configured to determine whether the destination address is secure; if the destination address is determined to be safe, inputting the output event into a preset processing model, processing the output event based on the preset processing model, and outputting a security level corresponding to the output event, wherein the preset processing model is constructed based on historical events; and if the safety level is smaller than a preset safety level, executing the operation of preventing the ECU from transmitting the message outwards.
9. An electronic device for running a program, wherein the program, when run, performs the vehicle data security detection method according to any one of claims 1 to 7.
10. A storage medium comprising a stored program, wherein the program, when run, controls a device in which the storage medium is located to perform the vehicle data security detection method according to any one of claims 1 to 7.
CN202311439721.8A 2023-11-01 2023-11-01 Vehicle data security detection method, system, electronic equipment and storage medium Pending CN117155719A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311439721.8A CN117155719A (en) 2023-11-01 2023-11-01 Vehicle data security detection method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311439721.8A CN117155719A (en) 2023-11-01 2023-11-01 Vehicle data security detection method, system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117155719A true CN117155719A (en) 2023-12-01

Family

ID=88903250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311439721.8A Pending CN117155719A (en) 2023-11-01 2023-11-01 Vehicle data security detection method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117155719A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120490A (en) * 2018-10-31 2019-01-01 百度在线网络技术(北京)有限公司 Vehicle network communication means and device
CN110326260A (en) * 2017-02-28 2019-10-11 三菱电机株式会社 Vehicle communication monitoring arrangement, vehicle communication monitoring method and vehicle communication monitoring program
CN113344453A (en) * 2021-07-05 2021-09-03 湖南快乐阳光互动娱乐传媒有限公司 Risk monitoring method, device, system, storage medium and equipment
CN114710356A (en) * 2022-04-12 2022-07-05 北京经纬恒润科技股份有限公司 Data processing method and device of vehicle-mounted firewall and vehicle-mounted firewall equipment
US20220284092A1 (en) * 2019-12-05 2022-09-08 Panasonic Intellectual Property Management Co., Ltd. Information processing device, control method, and recording medium
CN115766267A (en) * 2022-11-28 2023-03-07 北京京深深向科技有限公司 Controller Area Network (CAN) bus identity authentication method and device and electronic equipment
US20230125983A1 (en) * 2021-10-26 2023-04-27 Capital One Services, Llc Systems and methods for detecting and managing sensitive information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110326260A (en) * 2017-02-28 2019-10-11 三菱电机株式会社 Vehicle communication monitoring arrangement, vehicle communication monitoring method and vehicle communication monitoring program
CN109120490A (en) * 2018-10-31 2019-01-01 百度在线网络技术(北京)有限公司 Vehicle network communication means and device
US20220284092A1 (en) * 2019-12-05 2022-09-08 Panasonic Intellectual Property Management Co., Ltd. Information processing device, control method, and recording medium
CN113344453A (en) * 2021-07-05 2021-09-03 湖南快乐阳光互动娱乐传媒有限公司 Risk monitoring method, device, system, storage medium and equipment
US20230125983A1 (en) * 2021-10-26 2023-04-27 Capital One Services, Llc Systems and methods for detecting and managing sensitive information
CN114710356A (en) * 2022-04-12 2022-07-05 北京经纬恒润科技股份有限公司 Data processing method and device of vehicle-mounted firewall and vehicle-mounted firewall equipment
CN115766267A (en) * 2022-11-28 2023-03-07 北京京深深向科技有限公司 Controller Area Network (CAN) bus identity authentication method and device and electronic equipment

Similar Documents

Publication Publication Date Title
CN111630825B (en) Intrusion anomaly monitoring in a vehicle environment
KR102642875B1 (en) Systems and methods for providing security to in-vehicle networks
CN110636075A (en) Operation and maintenance management and control and operation and maintenance analysis method and device
CN107005572B (en) Method and device for the reaction-free detection of data
CN113098846A (en) Industrial control flow monitoring method, equipment, storage medium and device
KR101880162B1 (en) Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System
CN108415398A (en) Automobile information safety automation tests system and test method
CN111680068A (en) Verification method, device, equipment and storage medium
WO2021162473A1 (en) System and method for detecting intrusion into in-vehicle network
CN110365709B (en) Device for sensing unknown network attack behavior based on upstream probe
CN112514351A (en) Abnormality detection method and apparatus
CN113163369A (en) Vehicle intrusion prevention processing method and device and automobile
CN110855703A (en) Intelligent risk identification system and method and electronic equipment
KR102400956B1 (en) A Bidirectional Control System for Power Facility
WO2017162395A1 (en) Method for monitoring the security of communication connections of a vehicle
CN112671801B (en) Network security detection method and system
CN114124450A (en) Network security system and method for remote storage battery capacity checking
CN117155719A (en) Vehicle data security detection method, system, electronic equipment and storage medium
CN112104608A (en) Vehicle information safety protection method, system and storage medium
CN114301796B (en) Verification method, device and system for prediction situation awareness
US10701088B2 (en) Method for transmitting data
EP4106278A1 (en) System and method for detecting intrusion into in-vehicle network
JP2004030287A (en) Bi-directional network intrusion detection system and bi-directional intrusion detection program
CN111615064B (en) Terminal guarantee method and system based on Internet of vehicles, vehicle and storage medium
CN115577369B (en) Source code leakage behavior detection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination