CN117749529A - Method for searching full attack path - Google Patents
Method for searching full attack path Download PDFInfo
- Publication number
- CN117749529A CN117749529A CN202410182920.3A CN202410182920A CN117749529A CN 117749529 A CN117749529 A CN 117749529A CN 202410182920 A CN202410182920 A CN 202410182920A CN 117749529 A CN117749529 A CN 117749529A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- interface
- attack path
- attack
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000006243 chemical reaction Methods 0.000 claims abstract description 21
- 238000011156 evaluation Methods 0.000 claims description 24
- 238000012986 modification Methods 0.000 claims description 11
- 230000004048 modification Effects 0.000 claims description 11
- 230000002618 waking effect Effects 0.000 claims description 3
- 238000012502 risk assessment Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 3
- 238000013210 evaluation model Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000035515 penetration Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Abstract
The invention provides a method for searching a full attack path, which belongs to the technical field of data identification, and comprises the steps of firstly judging whether a vehicle and a key are in a set range, acquiring a vehicle control instruction code when the vehicle and the key are in the range, determining whether the vehicle control instruction code is modified, and positioning an external interface of attack equipment based on a vehicle protocol conversion module when the vehicle control instruction code is modified, so as to position an attack source.
Description
Technical Field
The invention belongs to the technical field of data identification, and particularly relates to a method for searching a full attack path.
Background
The current vehicle threat analysis and risk assessment work of the automobile network security is generally based on the experience of penetration test of analysts, the analysts finish attack path planning on the target controller according to the mastered attack method and fill out the result into a report, the method mainly relies on experience judgment, data is auxiliary, the intelligent degree is not high, the experience requirement of the analysts is high based on the experience attack path analysis, the attack path analysis submitted by the personnel with different technical levels is not uniform, the content description is not uniform, and the work connection is difficult. The problem directly causes non-uniform results of subsequent attack feasibility assessment work.
Therefore, a method for searching the total attack path is needed, which classifies the attack paths through all controllers in the vehicle, and the interfaces of each type of controller are clear so as to automatically form attack path information. The comprehensiveness of attack paths of all controllers is guaranteed in the maximum range.
Meanwhile, the method of describing the attack by the interface can not perfect the size of the attack on the security threat of the vehicle, but under the condition of tracking the path by the interface, the evaluation on the security risk is not accurate enough, so that a path searching method is needed to evaluate the security threat of the vehicle at the same time under the condition of clearly attacking the source interface.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides a method for searching a full attack path, which can accurately evaluate the security threat of the vehicle at the same time under the condition of definitely attacking the source interface.
A method for searching a full attack path is implemented by the following steps:
s1, judging whether the distance L between a vehicle and the key of the vehicle is larger than a first threshold value, if the distance L is not larger than the first threshold value, executing S2, otherwise, waking up the alarm device by the vehicle;
s2, establishing connection between a third party attack path evaluation device and the vehicle;
s3, the third party attack path evaluation device acquires a control instruction code stored in the vehicle central control system, and inquires the last modification time of the instruction code;
if the last modification time is the delivery date, judging that no attack exists;
if the last modification time is later than the delivery date, executing S4;
s4, the third party attack path evaluation device inquires a control instruction code version stored in the vehicle central control system, and downloads a control instruction code of a corresponding version from the cloud based on the version serial number;
s5, comparing the control instruction codes stored in the vehicle central control system with control instruction codes of corresponding versions downloaded from the cloud based on the version serial numbers, and obtaining difference instruction code details.
Further, in S2, the third party attack path evaluation device establishes a connection with the vehicle, including: a USB connection, an ODB connection, a local area network connection, or an Internet connection.
Further, if there is no difference instruction code, it is determined that there is no attack.
Further, if the difference instruction code exists, it is determined that an attack exists, and S6 is executed.
Further, S6, traversing the differential instruction code details, and classifying the differential instruction codes based on protocols supported by different interfaces provided by the vehicle.
Further, S61, the vehicle sets a protocol conversion module, after receiving messages sent by external equipment, different interfaces provided by the vehicle send the messages to the protocol conversion module, the protocol conversion module carries out protocol conversion on the messages and sends the messages to an ECU, and the ECU executes control instructions carried in the messages after the protocol conversion.
Further, s62, the classifying the differential instruction codes based on the protocols supported by different interfaces provided by the vehicle specifically includes:
inquiring log information of the protocol conversion module, obtaining a corresponding input protocol through the classified difference instruction codes, determining a protocol used for modifying the instruction codes, and positioning a connection interface of external equipment used for modifying the instruction codes.
Further, S7, scoring the safety risk sources based on the located interfaces F1.
Further, S71. If the located interface is a network interface, F1 is the lowest, f1=2;
if the located interface is a bluetooth interface, f1=3;
if the located interface is an infrared interface, f1=4;
if the located interface is a wired connection interface provided in the vehicle, f1=5;
if the located interface is other than the network interface, the bluetooth interface, the infrared interface, and the wired connection interface provided in the vehicle, f1=1.
Further, S72, if the located interfaces are at least two, F1 needs to be summed, and F1 of the summation is 2 based on different types of interfacesF1/>15+n, and the F1 is a natural number, and the N is the number of the other interfaces.
The invention has the advantages that:
1. the vehicle control instruction code checking method has the advantages that whether the vehicle is allowed to be checked through the vehicle owner is judged by identifying the distance between the vehicle and the key so as to improve the safety of the method, meanwhile, after the vehicle is connected through the third-party attack path evaluation device, whether the code is modified is automatically detected, after the control instruction code is modified, the modified instruction code can be automatically compared after the corresponding code is acquired from the cloud based on the version of the vehicle control instruction code, the interface connected with external equipment is determined by calling the vehicle-mounted protocol conversion module, the attack path is primarily judged, the work of manual code checking, manual registration input and the like can be avoided, and intelligent execution is realized.
2. And determining the safety risk level of the vehicle by screening the interface types, and grading to distinguish different safety risks faced by the vehicle under different conditions of different interfaces being broken. By setting N and comprehensively scoring under the condition of involving a plurality of interfaces, the possibility of attack sources can be comprehensively considered, and the searching process can be comprehensively and accurately covered.
3. By setting the control risk score, the vehicle function influenced by the code can be clarified, and the influence of the attack on the vehicle safety can be distinguished based on the condition that different functions are influenced. By setting M and comprehensively scoring under the condition of affecting a plurality of systems, the range of attack influence can be comprehensively considered, and the searching process can be comprehensively and accurately covered.
4. By setting the vehicle attack risk assessment model, the influence of an attack source on the vehicle safety and the influence of an attack specific system on the vehicle safety can be comprehensively considered, and the influence of the attack on the vehicle safety can be comprehensively and accurately considered by combining the real-time safety assessment based on the vehicle brand obtained by the user, so that the improvement of enterprises on the vehicle safety can be better guided.
5. By setting the second threshold to determine whether the security risk is huge, whether the security threat needs to trace the source and be responsible for, when the security threat to the vehicle is higher, the specific path is further traced, and the IP tracing to the network attack is mainly embodied.
Drawings
FIG. 1 is a flowchart of method steps for finding a full attack path.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, a method for searching a full attack path performs the following steps:
s1, judging whether the distance L between a vehicle and the key of the vehicle is larger than a first threshold value, if the distance L is not larger than the first threshold value, executing S2, otherwise, waking up the alarm device by the vehicle;
s2, establishing connection between a third party attack path evaluation device and the vehicle;
s3, the third party attack path evaluation device acquires a control instruction code stored in the vehicle central control system, and inquires the last modification time of the instruction code;
if the last modification time is the delivery date, judging that no attack exists;
if the last modification time is later than the delivery date, executing S4;
s4, the third party attack path evaluation device inquires a control instruction code version stored in the vehicle central control system, and downloads a control instruction code of a corresponding version from the cloud based on the version serial number;
s5, comparing the control instruction codes stored in the vehicle central control system with control instruction codes of corresponding versions downloaded from the cloud based on the version serial numbers, and obtaining difference instruction code details.
Further, in S2, the third party attack path evaluation device establishes a connection with the vehicle, including: a USB connection, an ODB connection, a local area network connection, or an Internet connection.
Further, if there is no difference instruction code, it is determined that there is no attack.
Further, if the difference instruction code exists, it is determined that an attack exists, and S6 is executed.
Further, S6, traversing the differential instruction code details, and classifying the differential instruction codes based on protocols supported by different interfaces provided by the vehicle.
Further, S61, the vehicle sets a protocol conversion module, after receiving messages sent by external equipment, different interfaces provided by the vehicle send the messages to the protocol conversion module, the protocol conversion module carries out protocol conversion on the messages and sends the messages to an ECU, and the ECU executes control instructions carried in the messages after the protocol conversion.
Further, s62, the classifying the differential instruction codes based on the protocols supported by different interfaces provided by the vehicle specifically includes:
inquiring log information of the protocol conversion module, obtaining a corresponding input protocol through the classified difference instruction codes, determining a protocol used for modifying the instruction codes, and positioning a connection interface of external equipment used for modifying the instruction codes.
Further, S7, scoring the safety risk sources based on the located interfaces F1.
Further, S71. If the located interface is a network interface, F1 is the lowest, f1=2;
if the located interface is a bluetooth interface, f1=3;
if the located interface is an infrared interface, f1=4;
if the located interface is a wired connection interface provided in the vehicle, f1=5;
if the located interface is other than the network interface, the bluetooth interface, the infrared interface, and the wired connection interface provided in the vehicle, f1=1.
Further, S72, if the located interfaces are at least two, F1 needs to be summed, and F1 of the summation is 2 based on different types of interfacesF1/>15+n, and the F1 is a natural number, and the N is the number of the other interfaces.
Further, s8, determining a module of the vehicle controlled by the difference instruction code based on the difference instruction code, and if the module relates to a braking system, determining a control risk score f2=5;
if the module is related to the vehicle monitoring system, determining a control risk score f2=4; the vehicle monitoring system comprises the vehicle alarm system;
if the module is related to the vehicle navigation system, determining a control risk score f2=3;
if the module is related to the vehicle lighting system, determining a control risk score f2=2;
determining a control risk score f2=1 if the module relates to systems other than the braking, the vehicle monitoring system, the vehicle navigation system and the vehicle lighting system;
if the module involves at least two systems, then F2 requires summation, with F2 based on different types of modules having a value of 2F1/>15+m, and the F2 is a natural number, and the M is the number of the other systems.
S9, setting a vehicle attack risk assessment model to obtain a risk score F=F1+/>F2+B;
Wherein the saidScoring coefficients for the security risk sources in the vehicle attack risk assessment model; the saidThe control risk scoring coefficients in the vehicle attack risk assessment model are provided; the system comprises a third party attack path evaluation device, a third party attack path evaluation device and a third party attack path evaluation device, wherein the third party attack path evaluation device is used for setting a vehicle brand security evaluation basic score, the vehicle brand security evaluation basic score is obtained based on the vehicle security scoring of corresponding brands of users, the third party attack path evaluation device is used for setting a vehicle attack risk evaluation model, and the third party attack path evaluation device is used for setting the vehicle attack risk evaluation model. The lower the B score, the higher the vehicle safety.
S10, setting a second threshold value, and when the F is larger than the second threshold value, determining whether the connection interface is a network interface or not based on the located connection interface of the external device used for modifying the instruction code by the third party attack path evaluation device, and if the connection interface is the network interface, inquiring the IP address of the external device used for modifying the instruction code to determine an attack path.
S10.1, calling the vehicle network interface, inquiring log information, inquiring message header information sent by the external equipment based on the instruction code modification date and determining the IP address of the external equipment in the process of inquiring the IP address of the external equipment used for modifying the instruction code.
The invention has the advantages that:
1. the vehicle control instruction code checking method has the advantages that whether the vehicle is allowed to be checked through the vehicle owner is judged by identifying the distance between the vehicle and the key so as to improve the safety of the method, meanwhile, after the vehicle is connected through the third-party attack path evaluation device, whether the code is modified is automatically detected, after the control instruction code is modified, the modified instruction code can be automatically compared after the corresponding code is acquired from the cloud based on the version of the vehicle control instruction code, the interface connected with external equipment is determined by calling the vehicle-mounted protocol conversion module, the attack path is primarily judged, the work of manual code checking, manual registration input and the like can be avoided, and intelligent execution is realized.
2. And determining the safety risk level of the vehicle by screening the interface types, and grading to distinguish different safety risks faced by the vehicle under different conditions of different interfaces being broken. By setting N and comprehensively scoring under the condition of involving a plurality of interfaces, the possibility of attack sources can be comprehensively considered, and the searching process can be comprehensively and accurately covered.
3. By setting the control risk score, the vehicle function influenced by the code can be clarified, and the influence of the attack on the vehicle safety can be distinguished based on the condition that different functions are influenced. By setting M and comprehensively scoring under the condition of affecting a plurality of systems, the range of attack influence can be comprehensively considered, and the searching process can be comprehensively and accurately covered.
4. By setting the vehicle attack risk assessment model, the influence of an attack source on the vehicle safety and the influence of an attack specific system on the vehicle safety can be comprehensively considered, and the influence of the attack on the vehicle safety can be comprehensively and accurately considered by combining the real-time safety assessment based on the vehicle brand obtained by the user, so that the improvement of enterprises on the vehicle safety can be better guided.
5. By setting the second threshold to determine whether the security risk is huge, whether the security threat needs to trace the source and be responsible for, when the security threat to the vehicle is higher, the specific path is further traced, and the IP tracing to the network attack is mainly embodied.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.
Claims (8)
1. A method for finding a full-scale attack path, comprising:
s1, judging whether the distance L between a vehicle and the key of the vehicle is larger than a first threshold value, if the distance L is not larger than the first threshold value, executing S2, otherwise, waking up the alarm device by the vehicle;
s2, establishing connection between a third party attack path evaluation device and the vehicle;
s3, the third party attack path evaluation device acquires a control instruction code stored in the vehicle central control system, and inquires the last modification time of the instruction code;
if the last modification time is the delivery date, judging that no attack exists;
if the last modification time is later than the delivery date, executing S4;
s4, the third party attack path evaluation device inquires a control instruction code version stored in the vehicle central control system, and downloads a control instruction code of a corresponding version from the cloud based on a version serial number;
s5, comparing the control instruction codes stored in the vehicle central control system with control instruction codes of corresponding versions downloaded from the cloud based on the version serial numbers, and obtaining difference instruction code details.
2. The method of claim 1, wherein the third party attack path evaluation device establishes a connection with the vehicle, comprising: a USB connection, an ODB connection, a local area network connection, or an Internet connection.
3. The method of finding a full-scale attack path of claim 2, further comprising:
s51, judging that no attack exists if no instruction codes are different.
4. A method of looking up a full-scale attack path according to claim 3 and also comprising:
s52, if the difference instruction codes exist, judging that the attack exists, and executing S6;
s6, traversing the detail of the difference instruction codes, and classifying the difference instruction codes based on protocols supported by different interfaces provided by the vehicle.
5. The method for finding a full-scale attack path according to claim 4, wherein said S6 comprises:
s61, the vehicle is provided with a protocol conversion module, after receiving messages sent by external equipment, different interfaces provided by the vehicle all send the messages to the protocol conversion module, the protocol conversion module carries out protocol conversion on the messages and then sends the messages to an ECU, and the ECU executes control instructions carried in the messages after the protocol conversion;
s62, inquiring log information of the protocol conversion module, obtaining a corresponding input protocol through the classified difference instruction codes, determining a protocol used for modifying the instruction codes, and positioning a connection interface of external equipment used for modifying the instruction codes.
6. The method of looking up a full-scale attack path according to claim 5, further comprising:
s7, scoring the safety risk sources based on the located connection interfaces to obtain F1.
7. The method for finding a full-scale attack path according to claim 6, wherein said S7 comprises:
s71. if the located interface is a network interface, the F1 is the lowest, f1=2;
if the located connection interface is a bluetooth interface, f1=3;
if the located connection interface is an infrared interface, f1=4;
if the located connection interface is a wired connection interface provided in the vehicle, f1=5;
if the located connection interface is other than the network interface, the bluetooth interface, the infrared interface, and the wired connection interface provided in the vehicle, f1=1.
8. The method for searching for a full-scale attack path according to claim 7, wherein said S7 comprises:
if the located interfaces are at least two, F1 needs to be summed, and F1 of the summation takes a value of 2 based on different types of interfacesF1/>15+n, and the F1 is a natural number, and the N is the number of the other interfaces.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410182920.3A CN117749529A (en) | 2024-02-19 | 2024-02-19 | Method for searching full attack path |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410182920.3A CN117749529A (en) | 2024-02-19 | 2024-02-19 | Method for searching full attack path |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117749529A true CN117749529A (en) | 2024-03-22 |
Family
ID=90279843
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410182920.3A Pending CN117749529A (en) | 2024-02-19 | 2024-02-19 | Method for searching full attack path |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117749529A (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111726774A (en) * | 2020-06-28 | 2020-09-29 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for defending attack |
CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
CN112329022A (en) * | 2020-11-11 | 2021-02-05 | 浙江长三角车联网安全技术有限公司 | Intelligent network automobile information security risk assessment method and system |
CN113271321A (en) * | 2021-07-20 | 2021-08-17 | 成都信息工程大学 | Propagation prediction processing method and system based on network abnormal attack |
CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
CN113434866A (en) * | 2021-06-30 | 2021-09-24 | 华中科技大学 | Unified risk quantitative evaluation method for instrument functional safety and information safety strategies |
CN114666101A (en) * | 2022-03-01 | 2022-06-24 | 国网新疆电力有限公司信息通信公司 | Attack tracing detection system, method, device and medium |
CN114866280A (en) * | 2022-03-25 | 2022-08-05 | 鹏城实验室 | Security assessment method, device, equipment and computer readable storage medium |
US20220394053A1 (en) * | 2019-06-24 | 2022-12-08 | Cymotive Technologies Ltd. | Systems and methods for assessing risk in networked vehicle components |
CN115563618A (en) * | 2022-09-23 | 2023-01-03 | 智己汽车科技有限公司 | Penetration testing method and device based on central computing platform |
CN115719167A (en) * | 2022-11-30 | 2023-02-28 | 中国第一汽车股份有限公司 | Vehicle information safety monitoring method and device |
CN116932406A (en) * | 2023-07-27 | 2023-10-24 | 中移动信息技术有限公司 | Component detection method, device, terminal equipment and storage medium |
CN117336052A (en) * | 2023-09-28 | 2024-01-02 | 中国科学院信息工程研究所 | Intrusion detection method and device for network manufacturing system and electronic equipment |
CN117454376A (en) * | 2023-08-15 | 2024-01-26 | 西安电子科技大学杭州研究院 | Industrial Internet data security detection response and tracing method and device |
-
2024
- 2024-02-19 CN CN202410182920.3A patent/CN117749529A/en active Pending
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220394053A1 (en) * | 2019-06-24 | 2022-12-08 | Cymotive Technologies Ltd. | Systems and methods for assessing risk in networked vehicle components |
CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
CN111726774A (en) * | 2020-06-28 | 2020-09-29 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for defending attack |
CN112329022A (en) * | 2020-11-11 | 2021-02-05 | 浙江长三角车联网安全技术有限公司 | Intelligent network automobile information security risk assessment method and system |
CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
CN113434866A (en) * | 2021-06-30 | 2021-09-24 | 华中科技大学 | Unified risk quantitative evaluation method for instrument functional safety and information safety strategies |
CN113271321A (en) * | 2021-07-20 | 2021-08-17 | 成都信息工程大学 | Propagation prediction processing method and system based on network abnormal attack |
CN114666101A (en) * | 2022-03-01 | 2022-06-24 | 国网新疆电力有限公司信息通信公司 | Attack tracing detection system, method, device and medium |
CN114866280A (en) * | 2022-03-25 | 2022-08-05 | 鹏城实验室 | Security assessment method, device, equipment and computer readable storage medium |
CN115563618A (en) * | 2022-09-23 | 2023-01-03 | 智己汽车科技有限公司 | Penetration testing method and device based on central computing platform |
CN115719167A (en) * | 2022-11-30 | 2023-02-28 | 中国第一汽车股份有限公司 | Vehicle information safety monitoring method and device |
CN116932406A (en) * | 2023-07-27 | 2023-10-24 | 中移动信息技术有限公司 | Component detection method, device, terminal equipment and storage medium |
CN117454376A (en) * | 2023-08-15 | 2024-01-26 | 西安电子科技大学杭州研究院 | Industrial Internet data security detection response and tracing method and device |
CN117336052A (en) * | 2023-09-28 | 2024-01-02 | 中国科学院信息工程研究所 | Intrusion detection method and device for network manufacturing system and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109587125B (en) | Network security big data analysis method, system and related device | |
CN111680068A (en) | Verification method, device, equipment and storage medium | |
CN111027074B (en) | Vulnerability automatic utilization method and system | |
CN114070654B (en) | Safety management and control method and system based on big data | |
US20070016960A1 (en) | NTO input validation technique | |
CN113032792A (en) | System service vulnerability detection method, system, equipment and storage medium | |
CN105824805B (en) | Identification method and device | |
US20230087540A1 (en) | Communication permission list generation device, communication permission list generation method, and non-transitory computer readable-medium | |
CN110620760A (en) | FlexRay bus fusion intrusion detection method and detection device for SVM (support vector machine) and Bayesian network | |
CN110471028B (en) | Personnel positioning method, device and system for construction site | |
CN111935149A (en) | Vulnerability detection method and system | |
WO2020075801A1 (en) | Information processing device, abnormality analyzing method, and program | |
CN117749529A (en) | Method for searching full attack path | |
CN111031025B (en) | Method and device for automatically detecting and verifying Webshell | |
CN114124837A (en) | Asset information discovery system and method based on passive flow | |
CN110197719B (en) | Guardianship data processing system | |
CN111683089A (en) | Method, server, medium and computer equipment for identifying phishing website | |
CN111798638A (en) | Auxiliary system fire information processing method based on information fusion | |
CN115758389A (en) | Vulnerability processing result checking method and device, electronic equipment and storage medium | |
CN115314304A (en) | Network security event analysis device and method | |
CN108075918B (en) | Internet service change detection method and system | |
CN114548686A (en) | Engineering construction quality acceptance supervision method, system and device and storage medium | |
CN114584348A (en) | Industrial control system network threat analysis method based on vulnerability | |
CN114553468A (en) | Three-level network intrusion detection method based on feature intersection and ensemble learning | |
CN114372497A (en) | Multi-modal security data classification method and classification system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |