CN117478435B - Whole vehicle information security attack path generation method and system - Google Patents
Whole vehicle information security attack path generation method and system Download PDFInfo
- Publication number
- CN117478435B CN117478435B CN202311823444.0A CN202311823444A CN117478435B CN 117478435 B CN117478435 B CN 117478435B CN 202311823444 A CN202311823444 A CN 202311823444A CN 117478435 B CN117478435 B CN 117478435B
- Authority
- CN
- China
- Prior art keywords
- attack
- attack path
- path
- parts
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000008054 signal transmission Effects 0.000 claims abstract description 31
- 238000010586 diagram Methods 0.000 claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 20
- 230000004927 fusion Effects 0.000 claims description 13
- 230000011218 segmentation Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 238000007781 pre-processing Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 2
- 238000007635 classification algorithm Methods 0.000 claims description 2
- 238000013136 deep learning model Methods 0.000 claims description 2
- 238000000605 extraction Methods 0.000 claims description 2
- 238000009432 framing Methods 0.000 claims description 2
- 238000012805 post-processing Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 claims description 2
- 238000005457 optimization Methods 0.000 abstract description 3
- 238000007689 inspection Methods 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013145 classification model Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/50—Context or environment of the image
- G06V20/52—Surveillance or monitoring of activities, e.g. for recognising suspicious objects
- G06V20/54—Surveillance or monitoring of activities, e.g. for recognising suspicious objects of traffic, e.g. cars on the road, trains or boats
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V30/00—Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
- G06V30/10—Character recognition
- G06V30/18—Extraction of features or characteristics of the image
- G06V30/1801—Detecting partial patterns, e.g. edges or contours, or configurations, e.g. loops, corners, strokes or intersections
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V30/00—Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
- G06V30/10—Character recognition
- G06V30/19—Recognition using electronic means
- G06V30/191—Design or setup of recognition systems or techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06V30/1918—Fusion techniques, i.e. combining data from various sources, e.g. sensor fusion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/10—Internal combustion engine [ICE] based vehicles
- Y02T10/40—Engine management systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Traffic Control Systems (AREA)
Abstract
The application discloses a method and a system for generating a whole vehicle information security attack path, wherein all entities and entity positions of a whole vehicle are identified by importing a whole vehicle electronic and electric appliance structure diagram, and parts are connected to an internal-external interface and a signal transmission channel; obtaining the connection relation between the external interface of the whole vehicle and the internal parts according to the corrected recognition result, and taking a path which is initiated by the external interface and finally reaches an attack target through the access to the internal parts and the channels as an attack path; and generating an optimal attack path according to the total attack paths. According to the image recognition algorithm, the user can be helped to reduce the omission of the attack path on the image as much as possible, the prior knowledge of the user is fused in a mode of user inspection after recognition, and the generation of the total of the subsequent attack paths is ensured; meanwhile, the multi-factor optimization weight is adopted, so that the accuracy of generating the full attack path is improved.
Description
Technical Field
The application belongs to the field of intelligent network-connected automobile information security, and particularly relates to a method and a system for generating a complete automobile information security attack path.
Background
In the field of automobile information safety, a vehicle type needs to identify, analyze and evaluate information safety risks of a system and a function related to the safety of a whole vehicle network through threat analysis and risk evaluation (TARA) activities in a conceptual stage, so that a safety target is provided for subsequent development, and further, corresponding risk relieving measures are obtained. The feasibility of the attack threat needs to be scored in the analysis process, and the precondition of the scoring is that the corresponding attack path needs to be found and specialized evaluation is carried out.
At present, the existing implementation method is to search an attack path by manually inquiring the structure diagram of the whole vehicle electronic and electric appliance, and has the problems of insufficient attack path searching, redundant searching process, low searching efficiency and the like.
How to improve the generation efficiency of the total attack path becomes a technical problem to be solved.
Disclosure of Invention
Aiming at the problems, the method and the system for generating the whole vehicle information security attack path are provided, the high efficiency of the establishment of the whole attack path element is improved by adopting a text and image recognition fusion mode, and meanwhile, the accuracy of the whole attack path generation is improved by adopting multi-factor optimization weights.
In a first aspect, the present application provides a method for generating a complete vehicle information security attack path, including:
s1, importing a whole vehicle electronic and electric appliance structure diagram, wherein the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
s2, identifying outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image identification algorithm, identifying text information through a text identification algorithm, and fusing the outline information and the text information to output fused vector data in a preset format;
s3, obtaining the association relation between the entities according to the fusion vector data;
s4, generating a total attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel;
s5, generating an optimal attack path according to the total attack path and the attack path model, and storing the optimal attack path into an attack path library in the system;
s6, displaying the optimal attack path by selecting an attack entrance and calling an attack target point.
In a second aspect, the present application provides a system for generating a path of a whole vehicle information security attack, including:
the system comprises an importing module, a storage module and a display module, wherein the importing module is used for importing a whole vehicle electronic and electric appliance structure diagram, and the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
the recognition module is used for recognizing outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image recognition algorithm, recognizing text information through a text recognition algorithm, and fusing the outline information and the text information to output fused vector data in a preset format;
the association module is used for obtaining association relations among the entities according to the fusion vector data;
the path generation module is used for generating a full attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel;
the optimizing module is used for generating an optimal attack path according to the total attack path and the attack path model and storing the optimal attack path into an attack path library in the system;
and the display module is used for displaying the optimal attack path by selecting an attack entrance and an attack target point call.
The beneficial effects of this application are as follows:
1) The image recognition algorithm can help the user to reduce the omission of the attack path on the image as much as possible, and ensure that the follow-up attack path generates the whole quantity.
2) The recognition of the image and the generation of the attack path are both more accurate.
3) The traditional attack path generation mode is greatly improved, and the generated data can be utilized for further deep use;
4) And optimizing the attack path to obtain an optimal attack path.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification, and in order to make the above description and other objects, features and advantages of the present application more understandable, the following detailed description of the preferred embodiments is given.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures.
Fig. 1 is a frame diagram of a whole vehicle information security attack path generating system provided in an embodiment of the present application.
Fig. 2 is a schematic diagram of a full-scale attack path provided in an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In the description of the present application, unless explicitly stated and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, connected, detachably connected, or integrated; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communicated with the inside of two elements or the interaction relationship of the two elements. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art as the case may be.
Example 1
The embodiment provides a method for generating a complete vehicle information security attack path, which comprises the following steps:
s1, importing a whole vehicle electronic and electric appliance structure diagram, wherein the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
s2, identifying outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image identification algorithm, identifying text information through a text identification algorithm, and fusing the outline information and the text information to output fused vector data in a preset format.
Further, checking and modifying the recognized result; if the identification result is wrong, modifying and confirming to obtain a modified identification result.
And S3, obtaining the association relation between the entities according to the fusion vector data.
Optionally, the association relationship includes a whole vehicle entity list, a communication protocol list, an internal-external interface list of each part pair, and a list of all transmission channels. And obtaining the association relation between the external interface of the whole vehicle and the internal parts through the corrected identification result.
S4, generating a total attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel; specifically, based on the established association relationship, the known vulnerability information and the attack technology are combined to deduce a possible total attack path. This may be achieved by combining attack steps, exploit conditions, etc. on the connection path.
S5, generating an optimal attack path according to the total attack path and the attack path model, and storing the optimal attack path into an attack path library in the system; at the same time, other attack path lists are generated.
S6, displaying the optimal attack path by selecting an attack entrance and calling an attack target point. And obtaining an optimal attack path according to the final adjustment model, analyzing attack threat of the path, and making protective measures.
The attack path model is as follows:
,/>,/>representing weight, wherein the value range is 0-1, < >>Is an internal part; />For signal transmission channels>For the internal-external interface, i is the number, < > and->、/>And->The range of the value of (2) may be 0-100. Note that the operation between characters in the above formula is multiplication, and the symbol is omitted.
Exemplary, e.g., attacks are part attack types; attack path A 1 C 1 -B 1 -A 2 C 2 Representing component A 1 Interface C of (2) 1 Through transmission channel B 1 To component A 2 C of (2) 2 The interface initiates attack, part A 1 Is of higher importance, thus setting alpha 1 =0.7,A 1 =80, interface C 1 The degree of importance is generally, therefore, gamma is set 1 =0.5,C 1 Transmission channel B =30 1 Importance level oneTypically, therefore set as 1 0.1, B 1 =25; the score of the attack path is known as multiplication of all parameters: 2100. the weights herein are determined based on the importance of the components and signal transmission channels.
Such as attack path A 1 C 1 -B 1 -A 2 C 2 -B 2 -A 3 C 3 Then divide the path into A 1 C 1 -B 1 -A 2 C 2 ,A 2 C 2 -B 2 -A 3 C 3 Then the scores of the partial paths are respectively obtained and summed.
Exemplary, e.g., the attack is of the transmission channel attack type, attack path A 1 C 1 -B 1 Or attack path a 1 C 1 -B 1 -A 2 C 2 -B 2 Then divide the path into A 1 C 1 -B 1 ,B 1 -A 2 C 2 -B 2 The method comprises the steps of carrying out a first treatment on the surface of the And respectively calculating the scores of the partial paths, and then summing.
The following details S5, namely, adjusting weights of the components and the signal transmission channels:
s51, adjusting the weight of the parts according to the use frequency, the number of interfaces, the working time and the latest attack path of the parts.
Wherein f i Is the current use frequency of the parts, f min Is the historical minimum use frequency of the parts, f max The historical maximum use frequency of the parts is set; t is t i Is the current working time of the parts, t min The historical minimum working time of the parts is; t is t max Is the historical maximum working time length of the parts, n i Number of interfaces for parts, n max Is the most of all partsLarge number of interfaces;
the adjusted path model is as follows:
s52, optimizing weights of the parts and the signal transmission path according to path deviation values of the current attack path and the historical attack path; the path deviation value is obtained according to the score value difference value of the attack path model and the interface total number difference value.
Wherein DeltaS is the path deviation value,representing the difference between the score of the current i+1th attack path and the score of the historical i attack path,/and->Representing the difference between the total number of interfaces of the current i+1th attack path and the total number of interfaces of the historical i attack path. The two are multiplied to obtain a path deviation value. If the path deviation value exceeds the threshold value, adjusting the score or weight of the internal part, the signal transmission channel and the internal-external interface on the attack path until the difference value is smaller than the threshold value; the current settings are described as conforming to the attack development variations.
And S53, optimizing the weights of the parts and the signal transmission channels according to the change trend of the attack time interval.
The attack time interval is the time interval of 2 adjacent identical attack paths.
Wherein the method comprises the steps ofRepresenting the most recent attackTime interval of time and last same attack path, +.>For the time interval between the last attack path and the last same attack path, if +.>More->The smaller the indication of the faster the occurrence interval, the greater the weight, indicating that the attack is also severe.
The adjusted path model is as follows:
s54, calculating the score of each attack path according to the success rate of the attack and the influence range of the attack, and setting the path with the highest score L as the optimal attack path. The step is to L i Is further optimized.
The success rate of the attack and the influence range of the attack can be obtained empirically.
Wherein the method comprises the steps ofExpress external interface C i The success rate of the attack is 0-100%,>for the external interface C i The influence range coefficient of (2) is 0.1-1, and numerical values can be set in a grading manner through the ratio of the number of connecting channels of the parts to the number of total channels; for example A i There are 4 external interfaces, the total channel number is 10, wherein C i 2 are connected, C is then i The range of influence of (a) is 0.25 x 0.2=0.05<A threshold value of 0.1; the influence range is small, and the influence range coefficient is 0.1The method comprises the steps of carrying out a first treatment on the surface of the If the total channel number is 10, C i Connect 8, then C i The range of influence of (a) is 0.25 x 0.8=0.2>The threshold value is 0.1, and the influence range coefficient is 0.9.
Example two
This embodiment is further optimized on the basis of the above-described embodiments.
The step S2 of identifying the outline information of the entity in the whole vehicle electronic and electric appliance structure diagram through the image identification algorithm comprises the following steps:
s211, image preprocessing: preprocessing the whole vehicle electronic and electric appliance structure graph; such as image denoising, enhancement, resizing.
S212, object detection and segmentation: processing the whole vehicle electronic and electric appliance structure diagram by using a YOLO detection method, and positioning and framing to select a region and a text region of the whole vehicle parts;
s213, feature extraction: extracting features from the image of each part using the color histogram and texture features;
s214, classification: and classifying the parts and extracting the contours according to the extracted features. The classification model for classifying the parts is, for example, a random forest or a convolutional neural network. In the training stage of the classification model, image data with labels are used for training, so that the characteristics and the types of different parts can be learned.
Identifying text information by a text identification algorithm in S2 includes:
s221, character segmentation: performing character segmentation on the character area, and independently separating each character;
s222, extracting features: extracting shape, texture, and color features for each character;
s223, character recognition: matching the extracted features with known character categories by using a deep learning model of a classification algorithm to identify the content of each character;
s224, post-processing: and correcting the wrong word and checking the semantics of the recognized text.
The fusing vector data for fusing and outputting the contour information and the text information into a predetermined format in S2 includes:
s231, learning semantic association between the profile information and the text by using an image-text alignment model; by mapping profile information and text to a shared embedded space and minimizing distance; the distance is the distance between the outline information and the text.
S232, generating fusion vector data embedded in the space based on one part.
Wherein the image and text embedded in the space can be modified;
s3 comprises the following steps:
s241, node creation: creating a node for the fusion vector data of each part and associating the related information of the part; the related information comprises names, characteristics, position information, interface names and interface quantity of parts;
s242, association relation determination: according to the dependency relationship between the parts and the signal transmission channel, creating edges between the parts, and associating the two parts connected by the edges;
s243, building a correlation diagram: constructing a correlation diagram of the whole vehicle parts by using the parts and the edges; the association diagram is a directed diagram and represents the relationship and connection between interfaces of the parts.
Referring to fig. 2, a-01-ECUs are ECU nodes, a P-01-diagnostic device logical controller is 1 node, a P-01-gateway logical controller is 1 node, and association relations between the nodes are bidirectional.
Assume that the P-01-diagnostic device logic controller in FIG. 2 has an external interface wifi, and that the P-01-gateway logic controller has an external interface OBD. The result of the first step of image recognition should identify three entities: a P-01-diagnostic equipment logic controller, a P-01-gateway logic controller and an ECU; two channels: the channel of the P-01-diagnosis device logic controller and the P-01-gateway logic controller, and the channel of the P-01-gateway logic controller and the ECU. Because the two external interfaces are not marked on the figure, the user can define the two external interfaces himself: wifi, OBD. The recognition result of the total attack path is as follows: 1. the method comprises the steps of entering a P-01-diagnostic equipment logic controller through wifi and entering the P-01-gateway logic controller through flow 1; 2. the method comprises the steps of entering a P-01-diagnostic equipment logic controller through wifi, entering the P-01-gateway logic controller through flow1, and entering an ECU through flow 3; 3, entering a P-01-gateway logic controller through OBD, and entering a P-01-diagnostic equipment logic controller through flow 2; entering a P-01-gateway logic controller through OBD and entering an ECU through flow 4; 5. the method comprises the steps of entering a P-01-diagnostic equipment logic controller through wifi; 6. the P-01-gateway logic controller is accessed through OBD. Because the graph is simpler and does not require optimization. The attack paths are stored in a database, and if the attack paths of the P-01-gateway logic controller are searched, two attack paths of wifi/OBD can be obtained and used for subsequent attack feasibility analysis.
Example III
The embodiment provides a system for generating a complete vehicle information security attack path, referring to fig. 1, including:
the system comprises an importing module, a storage module and a display module, wherein the importing module is used for importing a whole vehicle electronic and electric appliance structure diagram, and the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
the recognition module is used for recognizing outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image recognition algorithm, recognizing text information through a text recognition algorithm, and fusing the outline information and the text information to output fused vector data in a preset format;
the association module is used for obtaining association relations among the entities according to the fusion vector data;
the path generation module is used for generating a full attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel;
the optimizing module is used for generating an optimal attack path according to the total attack path and the attack path model and storing the optimal attack path into an attack path library in the system;
and the display module is used for displaying the optimal attack path by selecting an attack entrance and an attack target point call.
The beneficial effects of this application are as follows:
1) The image recognition algorithm can help the user to reduce the omission of the attack path on the image as much as possible, and the prior knowledge of the user is fused in a manner of user inspection after recognition, so that the generation of the total of the subsequent attack paths is ensured. The attack path obtained based on the generation algorithm is theoretically full under the condition that the image identification content is ensured to be checked manually and then is free from errors.
2) The identification of the image and the generation of the attack path are more accurate, and the manual checking step is fused, so that the accuracy is further improved.
3) The traditional attack path generation mode is greatly improved, and the generated data can be utilized for further deep use.
The foregoing is merely a preferred embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (6)
1. The method for generating the complete vehicle information security attack path is characterized by comprising the following steps of:
s1, importing a whole vehicle electronic and electric appliance structure diagram, wherein the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
s2, identifying outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image identification algorithm, identifying text information through a text identification algorithm, and fusing the outline information and the text information to output fused vector data in a preset format;
the fusing of the contour information and the text information to output fused vector data in a predetermined format includes:
s231, learning semantic association between the profile information and the text by using an image-text alignment model; by mapping profile information and text to a shared embedded space and minimizing distance;
s232, generating fusion vector data embedded in a space based on a part;
s3, obtaining the association relation between the entities according to the fusion vector data;
the step S3 comprises the following steps:
s241, node creation: creating a node for the fusion vector data of each part and associating the related information of the part; the related information comprises names, characteristics, position information, interface names and interface quantity of parts;
s242, association relation determination: according to the dependency relationship between the parts and the signal transmission channel, creating edges between the parts, and associating the two parts connected by the edges;
s243, building a correlation diagram: constructing a correlation diagram of the whole vehicle parts by using the parts and the edges; the association graph is a directed graph and represents the relationship and connection between interfaces of parts;
s4, generating a total attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel;
s5, generating an optimal attack path according to the total attack path and the attack path model, and storing the optimal attack path into an attack path library in the system;
s6, displaying the optimal attack path by selecting an attack entrance and calling an attack target point.
2. The method for generating a complete vehicle information security attack path according to claim 1, wherein the attack path model is as follows:
wherein,,/>,/>representing weight, wherein the value range is 0-1, < >>Is an internal part; />For signal transmission channels>For the internal-external interface, i is the number.
3. The method for generating a complete vehicle information security attack path according to claim 2, wherein the step S5 includes:
s51, adjusting the weight of the parts according to the use frequency, the number of interfaces, the working time length and the latest attack path of the parts;
s52, optimizing weights of the parts and the signal transmission path according to path deviation values of the current attack path and the historical attack path; the path deviation value is obtained according to the score value difference value of the attack path model and the total interface number difference value;
s53, optimizing the weights of the parts and the signal transmission channels according to the change trend of the attack time interval;
s54, calculating the score of each attack path according to the success rate of the attack, the influence range of the attack and the concealment of the attack, and setting the path with the highest score as the optimal attack path.
4. The method for generating the complete vehicle information security attack path according to claim 1, wherein the identifying the outline information of the entity in the complete vehicle electronic and electric architecture diagram through the image identification algorithm in S2 includes:
s211, image preprocessing: preprocessing the whole vehicle electronic and electric appliance structure graph;
s212, object detection and segmentation: processing the whole vehicle electronic and electric appliance structure diagram by using a YOLO detection method, and positioning and framing to select a region and a text region of the whole vehicle parts;
s213, feature extraction: extracting features from the image of each part using the color histogram and texture features;
s214, classification: and classifying the parts and extracting the contours according to the extracted features.
5. The method for generating a complete vehicle information security attack path according to claim 4, wherein the identifying text information by a text identification algorithm in S2 includes:
s221, character segmentation: performing character segmentation on the character area, and independently separating each character;
s222, extracting features: extracting shape, texture, and color features for each character;
s223, character recognition: matching the extracted features with known character categories by using a deep learning model of a classification algorithm to identify the content of each character;
s224, post-processing: and correcting the wrong word and checking the semantics of the recognized text.
6. The system for generating the complete vehicle information security attack path is characterized by comprising the following components:
the system comprises an importing module, a storage module and a display module, wherein the importing module is used for importing a whole vehicle electronic and electric appliance structure diagram, and the whole vehicle electronic and electric appliance structure diagram comprises an entity and an entity position; the entity comprises an internal part, a part pair internal-external interface, a signal transmission channel and external equipment;
the recognition module is used for recognizing outline information of an entity in the whole vehicle electronic and electric appliance structure graph through an image recognition algorithm, recognizing text information through a text recognition algorithm, and fusing the outline information and the text information to output fused vector data in a preset format;
the fusing of the contour information and the text information to output fused vector data in a predetermined format includes:
s231, learning semantic association between the profile information and the text by using an image-text alignment model; by mapping profile information and text to a shared embedded space and minimizing distance;
s232, generating fusion vector data embedded in a space based on a part;
the association module is used for obtaining the association relation between the entities according to the fusion vector data and is used for executing the following steps:
s241, node creation: creating a node for the fusion vector data of each part and associating the related information of the part; the related information comprises names, characteristics, position information, interface names and interface quantity of parts;
s242, association relation determination: according to the dependency relationship between the parts and the signal transmission channel, creating edges between the parts, and associating the two parts connected by the edges;
s243, building a correlation diagram: constructing a correlation diagram of the whole vehicle parts by using the parts and the edges; the association graph is a directed graph and represents the relationship and connection between interfaces of parts;
the path generation module is used for generating a full attack path initiated by an external interface of the part according to the association relation, and finally reaching an attack target point through the access to the part and the signal transmission channel; the target point comprises a part and a signal transmission channel;
the optimizing module is used for generating an optimal attack path according to the total attack path and the attack path model and storing the optimal attack path into an attack path library in the system;
and the display module is used for displaying the optimal attack path by selecting an attack entrance and an attack target point call.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311823444.0A CN117478435B (en) | 2023-12-28 | 2023-12-28 | Whole vehicle information security attack path generation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311823444.0A CN117478435B (en) | 2023-12-28 | 2023-12-28 | Whole vehicle information security attack path generation method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117478435A CN117478435A (en) | 2024-01-30 |
| CN117478435B true CN117478435B (en) | 2024-04-09 |
Family
ID=89635141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311823444.0A Active CN117478435B (en) | 2023-12-28 | 2023-12-28 | Whole vehicle information security attack path generation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117478435B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3490223A1 (en) * | 2017-11-24 | 2019-05-29 | Bayerische Motoren Werke Aktiengesellschaft | System and method for simulating and foiling attacks on a vehicle on-board network |
| CN111753099A (en) * | 2020-06-28 | 2020-10-09 | 中国农业科学院农业信息研究所 | Method and system for enhancing file entity association degree based on knowledge graph |
| CN114998702A (en) * | 2022-04-29 | 2022-09-02 | 海南大学 | Entity recognition and knowledge graph generation method and system based on BlendMask |
| CN115099409A (en) * | 2022-06-22 | 2022-09-23 | 南京航空航天大学 | Text-image enhanced multi-mode knowledge map embedding method |
| CN115987641A (en) * | 2022-12-23 | 2023-04-18 | 安天科技集团股份有限公司 | Attack testing method and device, electronic equipment and storage medium |
| CN116049434A (en) * | 2022-12-28 | 2023-05-02 | 国网北京市电力公司 | Construction method and device of power construction safety knowledge graph and electronic equipment |
| CN116232708A (en) * | 2023-02-02 | 2023-06-06 | 中国科学院软件研究所 | Attack chain construction and attack tracing method and system based on text threat information |
| CN116668105A (en) * | 2023-05-19 | 2023-08-29 | 哈尔滨工业大学(威海) | Attack path reasoning system combined with industrial control safety knowledge graph |
| CN116760599A (en) * | 2023-06-19 | 2023-09-15 | 江苏理工学院 | Network attack detection method of power grid information system based on feature fusion |
| CN116796288A (en) * | 2023-06-25 | 2023-09-22 | 上海工程技术大学 | Industrial document-oriented multi-mode information extraction method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220060507A1 (en) * | 2015-10-28 | 2022-02-24 | Qomplx, Inc. | Privilege assurance of enterprise computer network environments using attack path detection and prediction |
| CN114422224B (en) * | 2021-08-16 | 2023-08-29 | 中国人民解放军战略支援部队信息工程大学 | Threat information intelligent analysis method and system for attack tracing |
| CN117197811A (en) * | 2022-05-30 | 2023-12-08 | 华为技术有限公司 | Text recognition method and electronic equipment |
| CN115296924B (en) * | 2022-09-22 | 2023-01-31 | 中国电子科技集团公司第三十研究所 | Network attack prediction method and device based on knowledge graph |
-
2023
- 2023-12-28 CN CN202311823444.0A patent/CN117478435B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3490223A1 (en) * | 2017-11-24 | 2019-05-29 | Bayerische Motoren Werke Aktiengesellschaft | System and method for simulating and foiling attacks on a vehicle on-board network |
| CN111753099A (en) * | 2020-06-28 | 2020-10-09 | 中国农业科学院农业信息研究所 | Method and system for enhancing file entity association degree based on knowledge graph |
| CN114998702A (en) * | 2022-04-29 | 2022-09-02 | 海南大学 | Entity recognition and knowledge graph generation method and system based on BlendMask |
| CN115099409A (en) * | 2022-06-22 | 2022-09-23 | 南京航空航天大学 | Text-image enhanced multi-mode knowledge map embedding method |
| CN115987641A (en) * | 2022-12-23 | 2023-04-18 | 安天科技集团股份有限公司 | Attack testing method and device, electronic equipment and storage medium |
| CN116049434A (en) * | 2022-12-28 | 2023-05-02 | 国网北京市电力公司 | Construction method and device of power construction safety knowledge graph and electronic equipment |
| CN116232708A (en) * | 2023-02-02 | 2023-06-06 | 中国科学院软件研究所 | Attack chain construction and attack tracing method and system based on text threat information |
| CN116668105A (en) * | 2023-05-19 | 2023-08-29 | 哈尔滨工业大学(威海) | Attack path reasoning system combined with industrial control safety knowledge graph |
| CN116760599A (en) * | 2023-06-19 | 2023-09-15 | 江苏理工学院 | Network attack detection method of power grid information system based on feature fusion |
| CN116796288A (en) * | 2023-06-25 | 2023-09-22 | 上海工程技术大学 | Industrial document-oriented multi-mode information extraction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117478435A (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108053318B (en) | Method and device for identifying abnormal transactions | |
| CN113239907B (en) | Face recognition detection method and device, electronic equipment and storage medium | |
| CN112435137B (en) | Cheating information detection method and system based on community mining | |
| CN109034066A (en) | Building identification method based on multi-feature fusion | |
| CN110990498A (en) | Data fusion method based on FCM algorithm | |
| CN111275694B (en) | Attention mechanism guided progressive human body division analysis system and method | |
| CN114220097A (en) | Anti-attack-based image semantic information sensitive pixel domain screening method and application method and system | |
| CN112364197A (en) | Pedestrian image retrieval method based on text description | |
| CN115622806A (en) | Network intrusion detection method based on BERT-CGAN | |
| CN113343123B (en) | Training method and detection method for generating confrontation multiple relation graph network | |
| CN117478435B (en) | Whole vehicle information security attack path generation method and system | |
| CN115620083B (en) | Model training method, face image quality evaluation method, equipment and medium | |
| CN112966730A (en) | Vehicle damage identification method, device, equipment and storage medium | |
| CN114998003B (en) | Method and device for identifying money laundering based on graph depth convolution neural network algorithm | |
| CN111611774A (en) | Operation and maintenance operation instruction security analysis method, system and storage medium | |
| CN111915312A (en) | Risk identification method and device and electronic equipment | |
| CN111832525A (en) | Living body detection method for face alignment | |
| CN115966006A (en) | Cross-age face recognition system based on deep learning model | |
| CN111507850A (en) | Authority guaranteeing method and related device and equipment | |
| CN110889467A (en) | Company name matching method and device, terminal equipment and storage medium | |
| CN113378620B (en) | Cross-camera pedestrian re-identification method in surveillance video noise environment | |
| CN111652102B (en) | Power transmission channel target identification method and system | |
| CN111666957B (en) | Image authenticity identification method and device | |
| CN111353538B (en) | Similar image matching method based on deep learning | |
| Chauhan et al. | Bertops: Studying bert representations under a topological lens |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |