CN117610007A - Method and device for testing refused service - Google Patents

Method and device for testing refused service Download PDF

Info

Publication number
CN117610007A
CN117610007A CN202311490503.7A CN202311490503A CN117610007A CN 117610007 A CN117610007 A CN 117610007A CN 202311490503 A CN202311490503 A CN 202311490503A CN 117610007 A CN117610007 A CN 117610007A
Authority
CN
China
Prior art keywords
test
test case
vehicle
service
control unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311490503.7A
Other languages
Chinese (zh)
Inventor
孙岳
尉晓昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202311490503.7A priority Critical patent/CN117610007A/en
Publication of CN117610007A publication Critical patent/CN117610007A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application provides a method and a device for testing denial of service, comprising the following steps: receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result.

Description

Method and device for testing refused service
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a method and an apparatus for testing denial of service.
Background
With the development of intelligent and networking of automobiles, the problem of automobile information safety is increasingly serious, and national standards also gradually issue regulations for the information safety of vehicle-mounted ECUs (Electronic Control Unit, electronic control units, also called vehicle-mounted computers), which require that the vehicle-mounted ECUs such as gateways have detection functions and resistance to Ethernet DoS (Denial of Service ) attacks and CAN (Controller Area Network, controller area network) DoS attacks.
However, the current vehicle-mounted Ethernet test and other traditional vehicle-mounted ECU tests do not relate to the content of the DoS test, and seriously threatens the safety of the vehicle-mounted ECU. Therefore, there is a need for a DoS test method that can be performed on an ECU.
Disclosure of Invention
In view of this, the present application provides a method and apparatus for testing denial of service, as follows:
a method of denial of service testing, comprising:
receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service;
generating a test case based on the configuration parameters and a preset test case template;
and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result.
Optionally, in the above method, the performing a denial of service test on the vehicle-mounted control unit based on the test case, to obtain a test result includes:
generating a test message based on the test case, and sending the test message to a vehicle-mounted control unit;
monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information;
and obtaining a test result based on the monitoring information.
Optionally, in the above method, the receiving the configuration parameter includes:
obtaining a target denial of service test type;
obtaining a target test case in a denial of service test case set according to the target denial of service test type, wherein the denial of service test case set comprises at least two test cases, and one test case corresponds to one test type;
and receiving configuration parameters for configuring preset parameters in the target test case.
Optionally, in the above method, the generating a test packet based on the test case, and sending the test packet to a vehicle-mounted control unit includes:
invoking a target script matched with the test case;
controlling the target script to generate a test message based on the parameter information in the test case;
and sending the test message to a vehicle-mounted control unit.
Optionally, in the above method, the calling a target script matched with the test case includes:
calling a target script supporting the transmission protocol based on the transmission protocol corresponding to the test case, wherein one transmission protocol corresponds to at least one test type, and the transmission protocol comprises at least one of the following: ethernet transport protocol, in-vehicle ethernet protocol, and bus protocol.
Optionally, in the above method, after generating the test case based on the configuration parameter and the preset test case template, before generating the test message based on the test case and sending the test message to the vehicle-mounted control unit, the method further includes:
calling a relay based on the test case;
and controlling the relay to electrify the vehicle-mounted control unit, and recording an electrifying result.
Optionally, in the above method, the monitoring the operation condition of the on-board control unit includes at least one of:
monitoring whether a diagnostic trouble code is generated by the target processor;
monitoring whether an attacked log is generated by the target processor;
and monitoring whether the function of the target processor is abnormal.
Optionally, the method further comprises:
recording an execution result of each test step according to the test steps recorded in the test case;
and generating a test report based on the execution result and/or the test result.
A denial of service testing apparatus, comprising:
a vehicle-mounted control unit;
the testing module is used for receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case, and generating a test result.
Optionally, in the foregoing apparatus, the test module includes: the system comprises a management unit, a relay, a message sending unit, a monitoring unit and a report generating unit;
the management unit is used for receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template, and calling a relay, a message sending unit, a monitoring unit and a report generating unit;
the relay is used for triggering the power-on of the vehicle-mounted control unit based on the call of the management unit;
the message sending unit is used for calling a target script matched with the test case based on the test case of the test unit; controlling the target script to generate a test message based on the parameter information in the test case; the test message is sent to a vehicle-mounted control unit;
the monitoring unit is used for monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information and sending the monitoring information to the management unit;
and the report generating unit is used for generating a test result based on the monitoring information provided by the management unit.
In summary, the present embodiment provides a method and an apparatus for testing denial of service, including: receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result. In the embodiment, the test case template of denial of service is set, the parameters of the test case template are configured to generate the test case, and the vehicle-mounted control unit is subjected to denial of service test based on the test case to obtain a test result, so that the vehicle-mounted control unit is ensured to have a monitoring function and resistance to denial of service attack.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an embodiment 1 of a denial of service test method provided herein;
FIG. 2 is a flow chart of example 2 of a denial of service test method provided herein;
FIG. 3 is a flowchart of an embodiment 3 of a method for testing denial of service provided herein;
FIG. 4 is a flowchart of an embodiment 4 of a method for testing denial of service provided herein;
FIG. 5 is a flowchart of an embodiment 5 of a method for denial of service testing provided herein;
FIG. 6 is a flowchart of an embodiment 6 of a method for testing denial of service provided herein;
FIG. 7 is a schematic diagram of an embodiment of a denial of service testing apparatus provided herein;
fig. 8 is another schematic structural diagram of an embodiment of a denial of service testing apparatus provided in the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
As shown in fig. 1, a flowchart of an embodiment 1 of a method for testing denial of service provided in the present application is applied to an electronic device, and the method includes the following steps:
step S101: receiving configuration parameters;
the electronic equipment applying the denial of service testing method is a testing upper computer which can perform data transmission with the vehicle-mounted control unit.
The configuration parameters are used for configuring a preset test case template of the denial of service DoS.
A plurality of test case templates are preset in the system, and the test related information in each test case template can be configured.
Specifically, the test-related information includes: network protocols, test times, durations, sending rates, source destination ports, etc., are not limited thereto.
In specific implementation, different types of configuration parameters can be set according to different types of parameters in different test case templates.
In a specific implementation, a configuration interface for testing refusal service can be set in the electronic equipment, and a tester inputs configuration parameters through an input device.
Step S102: generating a test case based on the configuration parameters and a preset test case template;
and generating a test case by the received configuration parameters and the configured test case template.
Specifically, the configuration parameters are replaced with corresponding initial parameters in the preset test case template, and the test case is obtained.
Step S103: and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result.
And performing denial of service test on the vehicle-mounted control unit based on the test case so as to realize whether the vehicle-mounted control unit has the resistance to the DoS attack or not, and obtaining a test result.
The on-board control unit is a vehicle ECU, which may be a gateway, a TBOX (Telematics BOX), or other ECU supporting bus or ethernet.
In the following embodiments, a process of performing a denial of service test on the vehicle-mounted control unit based on the test case will be described in detail, which will not be described in detail in this embodiment.
In summary, the method for testing denial of service provided in this embodiment includes: receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result. In the embodiment, the test case template of denial of service is set, the parameters of the test case template are configured to generate the test case, and the vehicle-mounted control unit is subjected to denial of service test based on the test case to obtain a test result, so that the vehicle-mounted control unit is ensured to have a monitoring function and resistance to denial of service attack.
As shown in fig. 2, a flowchart of an embodiment 2 of a method for testing denial of service provided in the present application includes the following steps:
step S201: receiving configuration parameters;
step S202: generating a test case based on the configuration parameters and a preset test case template;
steps S201 to 202 are identical to the corresponding steps in embodiment 1, and are not described in detail in this embodiment.
Step S203: generating a test message based on the test case, and sending the test message to a vehicle-mounted control unit;
and generating a corresponding test message based on the configuration of the test in the test case.
Specifically, the test case includes various parameters of the test, and the configuration values are configured for the parameters based on the configuration parameters.
For example, the test case is a SYN (synchronous) flooding test case, wherein parameters such as a sending rate, a duration, a source destination port and the like are set, and correspondingly, based on setting information in the SYN flooding test case, a SYN data packet generated by simulating the source destination port is generated, the SYN data packet is sent to a vehicle-mounted control unit according to the set sending rate, and the set duration is continuously sent, so that the SYN flooding test is performed on the vehicle-mounted control unit.
Specifically, different test cases are generated for different types of tests, and corresponding test messages are generated according to the configuration in the test cases so as to realize different types of DoS tests for the vehicle-mounted control unit.
Step S204: monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information;
after receiving the test message, the vehicle-mounted control unit has different responses to the attack at the present time, for example, if the vehicle-mounted control unit can resist the DoS attack, no abnormal situation occurs, and if the vehicle-mounted control unit cannot resist the DoS attack, the abnormal situation may occur.
Specifically, in the application, doS attack is performed on the vehicle-mounted control unit, and the running condition of the vehicle-mounted control unit is monitored.
For example, after the vehicle-mounted control unit receives the test message attack, if the vehicle-mounted control unit cannot resist the DoS attack of this time, DTC (Diagnostic Trouble Code, diagnostic fault code) may be generated, or the function of the vehicle-mounted control unit is abnormal, where the function abnormality of the vehicle-mounted control unit may be abnormal caused by gateway routing delay, etc.; if the DoS attack can be resisted, an attack log is generated in the log to record the DoS attack.
The monitoring of the running condition of the vehicle-mounted control unit comprises at least one of the following steps:
monitoring whether a diagnostic trouble code is generated by the target processor;
monitoring whether an attacked log is generated by the target processor;
and monitoring whether the function of the target processor is abnormal.
Step S205: and obtaining a test result based on the monitoring information.
The monitoring information comprises the running condition of the vehicle-mounted controller in the test process, if the vehicle-mounted controller cannot resist the DoS attack corresponding to the test case, the conditions of generating diagnosis fault codes, abnormal functions and the like can occur, and if the vehicle-mounted controller can resist the DoS attack corresponding to the test case, an attack log is generated; if the attack log is not generated, the method indicates that the effective detection of the DoS attack to the vehicle-mounted control unit by adopting the test case cannot be realized.
Specifically, through the above monitoring, whether a diagnostic fault code is generated is monitored, whether an attacked log is generated is monitored, and whether the monitoring function is abnormal is monitored, so as to determine whether the vehicle-mounted control unit can resist the DoS attack corresponding to the test case.
In specific implementation, different test cases are required to be tested for different DoS attacks, and any type of attack test is similar to the test process described above, and is not explained one by one in the present application.
In summary, the method for testing denial of service provided in this embodiment includes: generating a test message based on the test case, and sending the test message to a vehicle-mounted control unit; monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information; and obtaining a test result based on the monitoring information. In this embodiment, a test packet is generated based on the configured test case, and the test packet is used to perform a denial of service test on the vehicle-mounted control unit, and detect the running condition of the vehicle-mounted control unit to obtain detection information, so as to obtain a test result based on the detection information, and the test process is described, thereby implementing the test of the denial of service attack capability of the vehicle-mounted control unit.
As shown in fig. 3, a flowchart of an embodiment 3 of a method for testing denial of service provided in the present application includes the following steps:
step S301: obtaining a target denial of service test type;
when the test cases are configured, the test cases corresponding to the test types are determined first, and then the test cases are configured.
In particular, there may be a variety of ways to obtain the target denial of service test type.
For example, a selection operation of selecting a test type is input based on the input interface, and one test type is selected as a target denial of service test type in the display area based on the operation.
For example, the test cases include ARP (Address Resolution Protocol ) flooding, tear Drop (Tear Drop) attack, ICMP (Internet Control Message Protocol, internet control information protocol) flooding, smurf attack, lan (Local Area Network Denial attack, local area network denial of service) attack, ping of death (Ping) attack, UDP (User Datagram Protocol ) flooding, SYN flooding, and vehicle-network-specific DoIP (Diagnostic communication over Internet Protocol, internet protocol-based diagnostic communication) illegal datagram Wen Hongfan, SOME/IP (scalabase service-Oriented MiddlewarE over IP protocol, scalabase service-oriented IP middleware protocol) multicast datagram Wen Hongfan, CAN (Controller Area Network ) datagram Wen Hongfan, LIN (Local Interconnect Network, local area Internet) datagram Wen Hongfan, and the like.
Step S302: obtaining a target test case from a denial of service test case set according to the target denial of service test type;
the denial of service test case set comprises at least two test cases, wherein one test case corresponds to one test type.
The method comprises the steps of presetting a denial-of-service test case set, wherein the denial-of-service test case set comprises a plurality of test cases, and each test case corresponds to one test type.
After the target denial of service test type is obtained, a target test case corresponding to the test type is obtained from a preset denial of service test case set.
One or more test types may correspond to a transmission protocol.
If the parameters to be configured of a certain test type are the same, different test types can be corresponding to the same test case.
It should be noted that, because of different transmission protocols, the message structure adopted when data transmission is performed is different, therefore, different test cases are set based on different test transmission protocols in the application, so as to realize subsequent generation of test messages corresponding to the transmission protocols.
Step S303: receiving configuration parameters for configuring preset parameters in the target test case;
the configurable preset parameters may be different for different test cases, and the tester configures the parameters for the preset parameters of the present test case.
Specifically, the configuration parameters include the rate, duration, source destination port, etc. of the transmission.
When it should be noted that the configuration parameters of different test cases may be different, and the specific type of the configuration parameters is not limited in this application.
In specific implementation, interfaces of different test cases can be set, a selection operation of selecting a refusal service test type based on the input of a tester is received by the interface, a target refusal test type is determined in response to the operation, then a target test case is determined based on the target refusal test type, then the interface of the target test case is output, the interface is specially displayed for configurable preset parameter items, and an input area is reserved, so that the tester can intuitively see the preset parameter items in the interface, and input configuration parameters are carried out through the input area.
Step S304: generating a test case based on the configuration parameters and a preset test case template;
step S305: and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result.
Steps S304-305 are identical to the corresponding steps in embodiment 1, and are not described in detail in this embodiment.
In summary, the method for testing denial of service provided in this embodiment includes: obtaining a target denial of service test type; obtaining a target test case in a denial of service test case set according to the target denial of service test type, wherein the denial of service test case set comprises at least two test cases, one test case corresponds to one test type, one transmission protocol corresponds to at least one test type, and the transmission protocol comprises at least one of the following: an Ethernet transmission protocol, a vehicle-mounted Ethernet protocol and a bus protocol; and receiving configuration parameters for configuring preset parameters in the target test case. In this embodiment, after the target denial of service test type determined based on the selection of the tester is obtained, a corresponding target test case is obtained according to the target denial of service test case, and the configuration parameters configured for the preset parameters in the target test case are received, so that the configuration parameters are configured for different attack tests to obtain the target test case corresponding to different attack tests, and a basis is provided for the subsequent attack test for the vehicle-mounted control unit.
As shown in fig. 4, a flowchart of an embodiment 4 of a method for testing denial of service provided in the present application includes the following steps:
step S401: receiving configuration parameters;
step S402: generating a test case based on the configuration parameters and a preset test case template;
steps S401 to 402 are identical to the corresponding steps in embodiment 2, and are not described in detail in this embodiment.
Step S403: invoking a target script matched with the test case;
the test message is generated based on the configuration information of the test case, and a corresponding script needs to be run.
Specifically, the script is used for generating a test message and converting the test message into a message meeting the transmission protocol corresponding to the test case.
Wherein, the matching refers to a script consistent with a transmission protocol corresponding to the test case.
The script capable of generating the test message is preset, and different scripts can be set for different transmission protocols, so that the test case for the transmission protocol can generate the test message.
And calling a target script matched with the test case based on the test case.
Specifically, the invoking the target script matched with the test case includes: and calling a target script supporting the transmission protocol based on the transmission protocol set by the test case.
Wherein one transport protocol corresponds to at least one test type, the transport protocol comprising at least one of: ethernet transport protocol, in-vehicle ethernet protocol, and bus protocol.
Wherein the Ethernet transmission protocol comprises TCP/IP (Transmission Control Protocol/Internet Protocol ); the vehicle-mounted Ethernet protocol comprises SOME/IP, doIP and the like; bus protocols include CAN, LIN, etc.
After the test case is generated, according to the transmission protocol set in the test case, calling a script supporting the transmission protocol in a plurality of preset scripts.
In particular, the script may be based on python compilation.
Step S404: controlling the target script to generate a test message based on the parameter information in the test case;
after the target script is called, a test message is generated based on parameter information configured in the test case.
Specifically, after the target script generates a test message, the test message is converted into a test message consistent with a transmission protocol.
Step S405: the test message is sent to a vehicle-mounted control unit;
and sending the generated test message to the vehicle-mounted control unit.
Specifically, the generated test message is sent to the vehicle-mounted control unit according to the duration, sending rate and other parameters in the configured parameter information so as to simulate the attack of rejecting the service test type.
Step S406: monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information;
step S407: and obtaining a test result based on the monitoring information.
Steps S406-407 are identical to the corresponding steps in embodiment 2, and are not described in detail in this embodiment.
In summary, the method for testing denial of service provided in this embodiment includes: invoking a target script matched with the test case; controlling the target script to generate a test message based on the parameter information in the test case; and sending the test message to a vehicle-mounted control unit. In this embodiment, the target script matched with the test case is invoked to control the target script to generate a test message and send the test message to the vehicle-mounted control unit, so as to realize the simulation of denial of service attack.
As shown in fig. 5, a flowchart of an embodiment 5 of a method for testing denial of service provided in the present application includes the following steps:
step S501: receiving configuration parameters;
step S502: generating a test case based on the configuration parameters and a preset test case template;
steps S501-502 are identical to the corresponding steps in embodiment 2, and are not described in detail in this embodiment.
Step S503: calling a relay based on the test case;
the configuration parameters can be set with the address of the target vehicle-mounted control unit of the test, and call information is generated based on the address so as to call the relay.
Specifically, because the relay is a CAN controller, the purpose of calling the relay CAN be achieved by sending a corresponding CAN message to the relay.
Step S504: controlling the relay to electrify the vehicle-mounted control unit, and recording an electrifying result;
the relay is correspondingly arranged with the vehicle-mounted control unit, and the relay is called to realize the control of the relay to electrify the vehicle-mounted control unit, so that a device foundation is provided for the follow-up attack test of the vehicle-mounted control unit.
In order to record the test process completely, the result of powering up the vehicle-mounted control unit through the relay is also recorded.
In specific implementation, based on the power-up result, the power-up is successful, and step S505 is executed, otherwise, the test flow is exited and an error is reported.
In the specific implementation, after the attack test process is finished, the vehicle-mounted control unit is controlled to be powered down through the relay to finish the test.
Step S505: generating a test message based on the test case, and sending the test message to a vehicle-mounted control unit;
step S506: monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information;
step S507: and obtaining a test result based on the monitoring information.
Steps S505-507 are identical to the corresponding steps in embodiment 2, and are not described in detail in this embodiment.
In summary, the method for testing denial of service provided in this embodiment includes: calling a relay based on the test case; and controlling the relay to electrify the vehicle-mounted control unit, and recording an electrifying result. In this embodiment, the relay is invoked based on the test case, so that the relay powers up the vehicle-mounted control unit, provides a device foundation for attack testing, and records the current powering-up result to record the specific implementation process of the current testing.
As shown in fig. 6, a flowchart of an embodiment 6 of a method for testing denial of service provided in the present application includes the following steps:
step S601: receiving configuration parameters;
step S602: generating a test case based on the configuration parameters and a preset test case template;
step S603: performing denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result;
steps S601-603 are identical to the corresponding steps in embodiment 1, and are not described in detail in this embodiment.
Step S604: recording an execution result of each test step according to the test steps recorded in the test case;
the test case is recorded with a plurality of test steps, such as generating the test case, calling a relay to power up the vehicle-mounted control unit, monitoring the running condition of the vehicle-mounted unit and the like.
Wherein, the execution result of the test step is recorded.
For example, whether the test case is successfully generated, whether the relay is successfully invoked, whether the on-vehicle control unit is powered on, whether monitoring information is obtained, and the like are recorded.
If the execution result of one of the test steps is no, the test flow is exited and an error is reported.
If the execution result of one of the test steps is successful, the next test step is continuously executed.
Step S605: and generating a test report based on the execution result and/or the test result.
If each test step can be successfully executed until a test result is obtained, generating a test report together with the execution result and the test result; if a certain test step can not be successfully executed, exiting the test flow, and generating a test report based on the execution result of the executed step.
In the implementation, in the process of testing the denial of service at one time, multiple types of denial of service attacks can be executed at the same time, and corresponding test results are obtained.
When a test report is generated, all the results related to the test cases of the test are counted to obtain result details.
Specifically, a test report template may be preset, and statistical results are performed in the test report template by using a histogram, a pie chart, and the like, and types passing through the test, types failing the test, and the like are counted in a list manner.
Specifically, based on the test report template, all the results related to the test cases of the test are counted to obtain result details.
In summary, the method for testing denial of service provided in this embodiment further includes: recording an execution result of each test step according to the test steps recorded in the test case; and generating a test report based on the execution result and/or the test result. In this embodiment, in the process of executing the test, the execution result of the test step recorded in the test case is recorded, and a test report is generated based on the execution result and/or the test result, so that the tester can know the test process and the test result.
Corresponding to the embodiment of the method for testing the refusal service provided by the application, the application also provides an embodiment of a device applying the method for testing the refusal service.
Fig. 7 is a schematic structural diagram of an embodiment of a service rejection testing apparatus provided in the present application, where the apparatus includes the following structures: a vehicle-mounted control unit 701 and a test module 702;
the test module 702 is configured to receive configuration parameters, where the configuration parameters are used to configure a preset test case template that rejects a service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case, and generating a test result.
Fig. 8 is a schematic diagram of another embodiment of a service rejection testing apparatus provided in the present application, where the apparatus includes the following structures: a vehicle-mounted control unit 801 and a test module 802;
wherein, the test module includes: a management unit 8021, a relay 8022, a message transmission unit 8023, a monitoring unit 8024, and a report generation unit 8025;
the management unit 8021 is configured to receive configuration parameters, where the configuration parameters are used to configure a preset test case template that rejects a service; generating a test case based on the configuration parameters and a preset test case template, and calling a relay, a message sending unit, a monitoring unit and a report generating unit;
the relay 8022 is used for powering on the vehicle-mounted control unit based on the calling trigger of the management unit;
the message sending unit 8023 is configured to call a target script matched with a test case based on the test case of the test unit; controlling the target script to generate a test message based on the parameter information in the test case; the test message is sent to a vehicle-mounted control unit;
the monitoring unit 8024 is configured to monitor the operation condition of the vehicle-mounted control unit to obtain monitoring information, and send the monitoring information to the management unit;
wherein the report generating unit 8025 is configured to generate a test result based on the monitoring information provided by the management unit.
It should be noted that, for explanation of the functions of each component structure of the testing device for rejecting service provided in this embodiment, please refer to the explanation in the foregoing method embodiment, and details are not described in this embodiment.
In summary, the device for testing denial of service provided in this embodiment includes: a vehicle-mounted control unit; the testing module is used for receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case, and generating a test result. In the embodiment, the test case template of denial of service is set, the parameters of the test case template are configured to generate the test case, and the vehicle-mounted control unit is subjected to denial of service test based on the test case to obtain a test result, so that the vehicle-mounted control unit is ensured to have a monitoring function and resistance to denial of service attack.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. The device provided in the embodiment corresponds to the method provided in the embodiment, so that the description is simpler, and the relevant points refer to the description of the method.
The previous description of the provided embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features provided herein.

Claims (10)

1. A method for testing denial of service comprising:
receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service;
generating a test case based on the configuration parameters and a preset test case template;
and carrying out denial of service test on the vehicle-mounted control unit based on the test case to obtain a test result.
2. The method of claim 1, wherein the performing a denial of service test on the in-vehicle control unit based on the test case to obtain a test result comprises:
generating a test message based on the test case, and sending the test message to a vehicle-mounted control unit;
monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information;
and obtaining a test result based on the monitoring information.
3. The method of claim 1, wherein the receiving configuration parameters comprises:
obtaining a target denial of service test type;
obtaining a target test case in a denial of service test case set according to the target denial of service test type, wherein the denial of service test case set comprises at least two test cases, and one test case corresponds to one test type;
and receiving configuration parameters for configuring preset parameters in the target test case.
4. The method of claim 2, wherein the generating a test message based on the test case and sending the test message to an in-vehicle control unit comprise:
invoking a target script matched with the test case;
controlling the target script to generate a test message based on the parameter information in the test case;
and sending the test message to a vehicle-mounted control unit.
5. The method of claim 4, wherein invoking the target script that matches the test case comprises:
calling a target script supporting the transmission protocol based on the transmission protocol corresponding to the test case, wherein one transmission protocol corresponds to at least one test case, and the transmission protocol comprises at least one of the following: ethernet transport protocol, in-vehicle ethernet protocol, and bus protocol.
6. The method of claim 2, wherein after generating the test case based on the configuration parameter and the preset test case template, generating a test message based on the test case, and before sending the test message to the vehicle-mounted control unit, the method further comprises:
calling a relay based on the test case;
and controlling the relay to electrify the vehicle-mounted control unit, and recording an electrifying result.
7. The method of claim 2, wherein the monitoring the operation of the on-board control unit comprises at least one of:
monitoring whether a diagnostic trouble code is generated by the target processor;
monitoring whether an attacked log is generated by the target processor;
and monitoring whether the function of the target processor is abnormal.
8. The method of any one of claims 1-7, further comprising:
recording an execution result of each test step according to the test steps recorded in the test case;
and generating a test report based on the execution result and/or the test result.
9. A denial of service testing apparatus, comprising:
a vehicle-mounted control unit;
the testing module is used for receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template; and carrying out denial of service test on the vehicle-mounted control unit based on the test case, and generating a test result.
10. The apparatus of claim 9, wherein the test module comprises: the system comprises a management unit, a relay, a message sending unit, a monitoring unit and a report generating unit;
the management unit is used for receiving configuration parameters, wherein the configuration parameters are used for configuring a preset test case template for rejecting service; generating a test case based on the configuration parameters and a preset test case template, and calling a relay, a message sending unit, a monitoring unit and a report generating unit;
the relay is used for triggering the power-on of the vehicle-mounted control unit based on the call of the management unit;
the message sending unit is used for calling a target script matched with the test case based on the test case of the test unit; controlling the target script to generate a test message based on the parameter information in the test case; the test message is sent to a vehicle-mounted control unit;
the monitoring unit is used for monitoring the running condition of the vehicle-mounted control unit to obtain monitoring information and sending the monitoring information to the management unit;
and the report generating unit is used for generating a test result based on the monitoring information provided by the management unit.
CN202311490503.7A 2023-11-09 2023-11-09 Method and device for testing refused service Pending CN117610007A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311490503.7A CN117610007A (en) 2023-11-09 2023-11-09 Method and device for testing refused service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311490503.7A CN117610007A (en) 2023-11-09 2023-11-09 Method and device for testing refused service

Publications (1)

Publication Number Publication Date
CN117610007A true CN117610007A (en) 2024-02-27

Family

ID=89945278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311490503.7A Pending CN117610007A (en) 2023-11-09 2023-11-09 Method and device for testing refused service

Country Status (1)

Country Link
CN (1) CN117610007A (en)

Similar Documents

Publication Publication Date Title
US10764134B2 (en) Configuring a firewall system in a vehicle network
CN110995547A (en) Vehicle-mounted high-speed network testing system and method
CN108353004B (en) Method, system, and computer readable medium for testing Network Function Virtualization (NFV)
CN105388893B (en) A kind of CAN communication data monitoring method and system based on OBD interfaces
CN111600781B (en) Firewall system stability testing method based on tester
US9473346B2 (en) System and method for network path validation
CN110830330B (en) Firewall testing method, device and system
EP2974146B1 (en) Methods, systems, and computer readable media for assisting with the debugging of conditions associated with the processing of test packets by a device under test
EP2200249A1 (en) Network analysis
CN112367223A (en) Ethernet test method, device, equipment and medium for gateway controller
CN104067599A (en) Network state monitoring system
CN109937563B (en) Method for a communication network, and electronic monitoring unit
CN104539483A (en) Network testing system
KR20180109642A (en) Apparatus for estimating and monitoring communication security of vehicle-network
Paul et al. Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO
CN112003747A (en) Fault positioning method of cloud virtual gateway
US20160248679A1 (en) Filtering a Data Packet by Means of a Network Filtering Device
CN117610007A (en) Method and device for testing refused service
CN108156052B (en) Method and system for testing equipment stability
CN115174245A (en) Test method and system based on DoIP protocol detection
CN115129021B (en) Method and device for testing vehicle-mounted Ethernet
US8687518B1 (en) Automatic address configuration in a network test system
CN112217785A (en) Apparatus and method for anomaly identification in a communication network
TWI711285B (en) Network failure detection method and network failure detection device
US20240129219A1 (en) Methods, systems, and computer readable media for using a programmable processing pipeline device to execute scalable connections per second (cps) generation test and an application replay sequence test

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination