CN212696022U - Online automobile CAN network anomaly detection system - Google Patents
Online automobile CAN network anomaly detection system Download PDFInfo
- Publication number
- CN212696022U CN212696022U CN202022060489.5U CN202022060489U CN212696022U CN 212696022 U CN212696022 U CN 212696022U CN 202022060489 U CN202022060489 U CN 202022060489U CN 212696022 U CN212696022 U CN 212696022U
- Authority
- CN
- China
- Prior art keywords
- module
- pin
- capacitor
- vehicle
- mounted terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 77
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 230000003993 interaction Effects 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims abstract description 14
- 239000003990 capacitor Substances 0.000 claims description 37
- 238000000034 method Methods 0.000 claims description 23
- 230000008859 change Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 17
- 238000004891 communication Methods 0.000 description 15
- 230000002159 abnormal effect Effects 0.000 description 12
- 238000012549 training Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 7
- 238000013528 artificial neural network Methods 0.000 description 6
- 238000003066 decision tree Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 239000000243 solution Substances 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000000513 principal component analysis Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000013138 pruning Methods 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The utility model discloses an online automobile CAN network anomaly detection system, which belongs to the technical field of online automobile information security and intrusion detection, and comprises a cloud server and a vehicle-mounted terminal; the cloud server is connected with the vehicle-mounted terminal; the vehicle-mounted terminal comprises a CAN protocol analysis module, a central processing unit module, a remote data interaction module, a detection model storage module, an alarm module and a power supply module; the central processing unit module is connected with one end of the CAN protocol analysis module, the alarm module and the detection model storage module; the other end of the detection model storage module is connected with the remote data interaction module; the power module is connected with the CAN protocol analysis module, the central processing unit module, the detection model storage module and the alarm module; the system can be combined with the security attack change characteristics and trends of the whole network by combining the vehicle-mounted terminal and the cloud server, the detection model of the vehicle-mounted terminal can be updated in real time in a targeted manner, and the whole system has good expansibility and maintainability.
Description
Technical Field
The invention relates to the technical field of internet vehicle information security and intrusion detection, in particular to an online automobile CAN network anomaly detection system.
Background
With the development of automobile four-in-one (electric, intelligent, networking, sharing), the automobile as a vehicle is no longer an isolated system, and it slowly develops into a complex mobile network terminal. The communication of each control unit in the automobile is mostly through the CAN bus, along with the deep research of intelligent networking automobile, the quantity of automobile self control unit and external communication port, external connection equipment is continuously increased, and the complexity of automobile communication network is higher and higher. With the increasing number of automobiles, the information sharing degree is higher and higher, but the automobile information safety problem is increasingly highlighted.
At present, the CAN bus information safety detection technology mainly comprises the following technologies: identity authentication, data encryption and intrusion detection. The first two methods mainly adopt an encryption technology and an authentication method to protect CAN network data and isolate the CAN network data from the outside, so that information which does not conform to a protocol is prevented from entering. And the intrusion monitoring detects the real-time data by selecting a corresponding algorithm according to the data characteristics. The related art is as follows:
application publication number CN106143364A discloses an information security method for distributed controllers of electric vehicles. According to the method, an embedded MCU and a CAN transceiver are added in each control unit, and an encryption and decryption algorithm is built in the embedded MCU, so that effective CAN information is prevented from being stolen, attack of malicious instructions is prevented, and an isolation protection effect is achieved.
Application publication No. CN108040082A discloses a connection device and a data transmission method. The invention provides a connecting device for physically isolating a vehicle-mounted terminal from an automobile CAN network, which avoids the problem of information safety caused by directly reading CAN bus messages by a vehicle networking terminal and simultaneously isolates and protects CAN bus data. The connecting device comprises an off-line downloading module, an automobile CAN bus reading module, a programmable logic module and an open CAN protocol module.
Application publication number CN105279421A discloses an information security detection method based on internet of vehicles accessing OBD ii, which comprises the following steps: establishing an OBD II instruction white list; CAN message filtering and analyzing (from outside to inside); judging whether the command is a malicious command or not according to the white list and the sending frequency; and making corresponding alarm and processing. The filtering device is provided with an instruction judging module, an instruction control module, an instruction white list, a communication module, an MCU and a power supply.
Application publication number CN106878130A discloses a method for detecting an abnormality of a CAN network of an electric vehicle. The method comprises the following steps: judging whether an external device is used for sending a virtual message or not by adopting a mode of receiving and sending a message ID; and the power supply of the data terminal is cut off to judge whether the data terminal is invaded. The invention designs a set of detection device, and each CAN network is distributed with a detection module.
Application publication number CN110149345A discloses a vehicle network intrusion detection method based on message sequence prediction. The method comprises the following steps: acquiring automobile CAN bus data through a T-box vehicle-mounted terminal to obtain a standard data set; analyzing whether the vehicle has a security threat or not according to an operation scene formed by the three attack ways; learning according to the normal message data set and the abnormal message feature library to form an evaluation detector; and detecting and evaluating the input message through an evaluation detector.
Application publication No. CN110149258A discloses an isolated forest-based automobile CAN bus network data anomaly detection method. Firstly, establishing an isolated tree and an isolated forest based on a word sample of a training set; and then calculating the abnormal score of the data to be detected according to the isolated forest, and judging whether the data to be detected is abnormal.
Application publication number CN109067773A discloses a vehicle-mounted CAN network intrusion detection method and system based on a neural network. The method comprises the following steps that the sending frequency of various CAN network data packets is the input of a BP neural network, the PCA (principal component analysis) method is used for reducing the data, and the sending frequency of the various CAN data packets is detected; the correctness of data with correlation such as the engine speed, the air intake quantity and the like is used as the input of the BP neural network, the correctness of the data is detected in real time, and the data is judged to be abnormal as long as one abnormality exists.
The technology has a plurality of defects by combining the running of the automobile and the specific situation of the vehicle-mounted network: the encryption technology CAN increase the information composition of the CAN frame, change the CAN communication protocol and is not beneficial to the actual implementation; the encryption and decryption process and the identity authentication process of data CAN increase the calculation burden of the ECU, influence the real-time performance of communication, and also cause that a certain message occupies a CAN network for too long time; in the intrusion detection system, the calculated amount required by model training is large, and the calculation capability of the vehicle-mounted ECU is not sufficient to support. Model training requires a large number of samples to support, single machine training requires a large amount of time, and training efficiency is low. When the model library is trained by a single machine, once the training is finished and the loading is finished, the model library is shaped, and cannot be upgraded and expanded.
SUMMERY OF THE UTILITY MODEL
According to the problem that prior art exists, the utility model discloses an online car CAN network anomaly detection system, include: the method comprises the following steps: the system comprises a cloud server and a vehicle-mounted terminal;
the cloud server is connected with the vehicle-mounted terminal;
the vehicle-mounted terminal comprises a CAN protocol analysis module, a central processing unit module, a remote data interaction module, a detection model storage module, an alarm module and a power supply module;
the central processor module is connected with one end of the CAN protocol analysis module, one end of the alarm module and one end of the detection model storage module;
the other end of the detection model storage module is connected with the remote data interaction module;
the power module is connected with the CAN protocol analysis module, the central processing unit module, the detection model storage module and the alarm module.
Further, the model of the chip adopted by the CAN protocol analysis module is TJA1050, an RS pin of the TJA1050 is connected with an anode of the diode D7, an anode of the diode D8, one end of the capacitor C3, and one end of the capacitor C4, a CANH pin of the TJA1050 is connected with the other end of the capacitor C3 and the other end of the capacitor C4, and a CANL pin of the TJA1050 is connected with a cathode of the diode D7 and a cathode of the diode D8.
Further, the chip model adopted by the central processing unit module is STM32F103CBT6, the NRST pin of STM32F103CBT6 is connected with ground through a capacitor C18, the PB10 pin and the PB11 pin of STM32F103CBT6 are respectively connected with resistors R1 and R22, and the VSS _1 pin, the VSS _2 pin and the VSS _3 pin of STM32F103CBT6 are connected with ground.
Further, the remote data interaction module adopts a ZM9000 module.
Further, the model of the chip adopted by the detection model storage module is W25N512, and the V _ BCKP pin of the W25N512 chip is connected with one end of a capacitor C9, one end of a capacitor C11 and one end of a capacitor C13; the other end of the capacitor C9, the other end of the capacitor C11 and the other end of the capacitor C13 are all connected with the ground.
Furthermore, the chip adopted by the alarm module is an ESP32-U4WDH, the 1Y pin of the ESP32-U4WDH is connected with one end of a resistor R4, and the 2Y pin of the ESP32-U4WDH is connected with one end of a resistor R3.
Furthermore, the power module adopts a chip model of TPS5430, a VIN pin of the TPS5430 is connected to one end of a capacitor C6, a pin of a diode D1, and one end of a resistor R27, and a BOOT pin of the TPS5430 is connected to one end of a capacitor C5 and an anode of a diode D3.
Since the technical scheme is used, the utility model provides a pair of online car CAN network anomaly detection system, vehicle-mounted terminal uploads CAN bus message to high in the clouds server, and high in the clouds server trains Can network anomaly detection model to CAN network anomaly detection model who trains well updates in vehicle-mounted terminal, and this mode has following advantage: 1) the safety attack recognition types are multiple, and the accuracy is high; the cloud server has strong computing capacity, can obtain big data samples of a plurality of terminals, and can accurately establish a security attack model sample library such as DoS, tampering, discarding, replaying, flooding, stealing and the like, and the whole system has the advantages of multiple security attack identification types and high accuracy;
2) the system has the advantages of strong applicability to different vehicle types and regions, short training time of the sample library, saving of the computing resources of the vehicle-mounted terminal, the requirement for training of the CAN network anomaly detection model, large number of samples and strong computing resources, simultaneous reception of large data samples of the vehicle-mounted terminals of vehicles in multiple regions and different models by the cloud server, and targeted security attack sample library training according to the characteristics of the regions and the vehicle types.
3) The system can be upgraded in real time and has better expansibility; when the model library is trained by a single machine, once the training is finished and the loading is finished, the model library is shaped, and cannot be upgraded and expanded. The system can be combined with the security attack change characteristics and trends of the whole network by combining the vehicle-mounted terminal and the cloud server, and the detection model of the vehicle-mounted terminal is updated in real time in a targeted manner, so that the whole system has better expansibility and maintainability; based on the above reasons, the utility model discloses there are wider application prospect and value in internet connection information security and intrusion detection technical field.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of an online CAN network anomaly detection system for an automobile;
FIG. 2 is a schematic view of the connection between the vehicle-mounted terminal and the CAN bus of the vehicle provided by the present invention;
FIG. 3 is a schematic diagram of an online vehicle CAN bus vehicle-mounted terminal circuit provided by the present invention;
fig. 4 is a circuit diagram of a CAN protocol analysis module of the present invention;
fig. 5 is a circuit diagram of a cpu module of the present invention;
fig. 6 is a circuit diagram of the remote data interaction module of the present invention;
fig. 7 is a circuit diagram of a detection model storage module according to the present invention;
fig. 8 is a circuit diagram of an alarm module of the present invention;
fig. 9 is a circuit diagram of a power module of the present invention;
fig. 10 is the utility model provides an online car CAN bus anomaly detection processing flow schematic diagram.
In the figure: 1. the system comprises a CAN protocol analysis module 2, a central processing unit module 3, a remote data interaction module 4, a detection model storage module 5 and an alarm module; 6. a power supply module; 7. cloud server, 10, vehicle-mounted terminal.
Detailed Description
In order to make the technical solution of the present invention better understood, the technical solution of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative efforts shall belong to the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is an overall framework of the system, the cloud server 7 of the system and the vehicle-mounted terminal 10;
the cloud server 7 trains a CAN network anomaly detection model according to the regional characteristics, the user characteristics, the vehicle product characteristics and the full-network security attack change characteristics;
the vehicle-mounted terminal 10 transmits the trained CAN network anomaly detection model to a plurality of different vehicle-mounted terminals 10 to detect CAN network anomalies of the automobile, and simultaneously the vehicle-mounted terminal 10 transmits real-time automobile operation data to the cloud server 7 to update the CAN network anomaly detection model.
The in-vehicle terminal 10 includes: the system comprises a CAN protocol analysis module 1, a central processing unit module 2, a remote data interaction module 3, a sample library storage module 4, an early warning module 5 and a power supply module 6;
the remote data interaction module 3 receives the trained CAN network anomaly detection model transmitted by the cloud server 7 and transmits sample data to the cloud server 7;
the detection model storage module 4 receives and stores the trained CAN network anomaly detection model transmitted by the remote data interaction module 3;
the CAN protocol analysis module 1 is connected with a CAN bus of a vehicle and analyzes a CAN bus message;
the central processor module 2 receives the CAN bus message signal transmitted by the CAN protocol analysis module 1 and the CAN network abnormity detection model transmitted by the detection model storage module 4, and detects whether the CAN network is abnormal or attacked according to the CAN network abnormity detection model;
and the power supply module 6 provides power for the remote data interaction module vehicle 3, the CAN protocol analysis module 1, the detection model storage module 4, the central processor module 2 and the alarm module 5.
The alarm module 5 receives the alarm signal transmitted by the central processor module 2 and gives an alarm.
Fig. 2 is the utility model provides a vehicle mounted terminal and car CAN bus connection sketch map shows two kinds of connection schemes in fig. 2. The vehicle-mounted terminal in fig. 2 CAN be embedded into a car CAN bus network, the data stream of the bus passes through the CAN protocol analysis module 1, the information is known through data analysis, important data is extracted, and the important data flows into the central processing unit module 2 for real-time detection; this scheme still provides a connected mode, and this CAN protocol analysis module 1 also CAN be through the OBD interface, with CAN bus connection, and then obtains CAN bus data flow, accomplishes the anomaly detection.
Fig. 3 shows a schematic circuit diagram of the vehicle-mounted terminal 10, the CAN bus protocol analysis module 1 is composed of a TJA1050, wherein the TJA1050 is responsible for communication level conversion and data transceiving of a CAN bus, and the specific protocol includes: ISO14230-4 address mode, ISO14230-4 express mode, ISO9141-2, ISO15765-4 Standard 11bit 500K, ISO15765-4 extended 29bit 500K, ISO15765-4 Standard 11bit 250K, ISO15765-4 extended 29bit 250K.
Fig. 4 is a circuit diagram of a CAN protocol analysis module of the present invention; the model of the chip adopted by the CAN protocol analysis module 1 is TJA1050, an RS pin of the chip TJA1050 is connected with an anode of the diode D7, an anode of the diode D8, one end of the capacitor C3 and one end of the capacitor C4, a CANH pin of the chip TJA1050 is connected with the other end of the capacitor C3 and the other end of the capacitor C4, and a CANL pin of the chip TJA1050 is connected with a cathode of the diode D7 and a cathode of the diode D8.
Fig. 5 is a circuit diagram of a cpu module of the present invention; the central processor unit 2 module is composed of an STM32F103CBT6 chip, an NRST pin of the STM32F103CBT6 is connected with the ground through a capacitor C18, a PB10 pin and a PB11 pin of the STM32F103CBT6 are respectively connected with resistors R1 and R22, and a VSS _1 pin, a VSS _2 pin and a VSS _3 pin of the STM32F103CBT6 are connected with the ground
Fig. 6 is a circuit diagram of the remote data interaction module of the present invention, the remote data interaction module 3 adopts a ZM9000 module of zhongxing communication, which has NSA/SA dual-mode 5G technology and is compatible with 5G/4G/3G/2G and mobile/internet/telecommunication communication technology. The ZM9000 module and the STM32F103 of the main processor are connected by adopting a serial communication interface.
Fig. 7 is a circuit diagram of the detection model storage module of the present invention; the detection model storage module 4 is composed of a W25N512 chip, the working principle of the detection model storage module is a FLASH type FLASH memory chip, and the storage capacity can be expanded to 512M. The W25N512 and the STM32F7 are connected through an SPI communication interface, and a V _ BCKP pin of the W25N512 chip is connected with one end of a capacitor C9, one end of a capacitor C11 and one end of a capacitor C13; the other end of the capacitor C9, the other end of the capacitor C11 and the other end of the capacitor C13 are all connected with the ground.
Fig. 8 is a circuit diagram of an alarm module of the present invention; the alarm module 5 adopts an ESP32-U4WDH chip, a 1Y pin of the ESP32-U4WDH is connected with one end of a resistor R4, a 2Y pin of the ESP32-U4WDH is connected with one end of a resistor R3, a Bluetooth communication part and a WIFI communication part are integrated in the ESP32-U4WDH chip, and a double-antenna and double-frequency communication mode is supported. The ESP32-U4WDH is connected with the main processor STM32F103CBT6 through an SPI communication interface.
Fig. 9 is the utility model discloses a power module's circuit diagram, power module 6 adopts 12V to change 5V's power module, and its input is on-vehicle 12V power supply, and the output is 5V, provides power supply for whole on-vehicle terminal, the chip model that power module 6 adopted is TPS5430, TPS 5430's VIN pin with electric capacity C6's one end, diode D1's pin and resistance R27's one end are connected, TPS 5430's BOOT pin is connected with electric capacity C5's one end and diode D3's positive pole.
Fig. 10 is the schematic diagram of the on-line abnormal detection processing flow of the car CAN bus provided by the utility model, the central processing unit module 2 performs safety detection according to real-time to-be-detected CAN bus data and a CAN network abnormal detection model, and after detecting an abnormality, further triggers an alarm, real-time dynamic data of the car CAN be transmitted to the cloud server to perfect the sample library, so that the sample library better conforms to the driving habit of a user, the establishment of a user personalized sample library is realized, and false detection and missed detection are prevented; the updated CAN network abnormity detection model is also transmitted to the vehicle-mounted terminal 1, and the detection model storage module is stored for use.
The cloud server 7 trains the CAN network anomaly detection model based on the information entropy principle, namely, when there is an anomaly or an intrusion, the entropy value CAN change: when replay attack exists, the information entropy of the CAN bus system is increased; when the replay is started, the relative distance of the message obtains the change of a positive value; at the end of playback, the message gets a negative change in relative distance. In the process of constructing the CAN network anomaly detection model, according to the collected original data, namely sample data adopted by a CAN network anomaly detection model training model, after preprocessing, determining an entropy value, a threshold value for detecting anomaly and a monitoring sampling period under normal conditions, and completing the establishment of the CAN network anomaly detection model, wherein the model has abnormal data transmission frequency, such as replay and flood attack;
the CAN network anomaly detection model scheme of the cloud server 7 may also be based on a decision tree principle, that is, the model is constructed by using data purity to construct a tree with the fastest data purity rise, and the method includes three stages: selecting attributes of a decision tree model, generating the decision tree model and pruning the decision tree model; the generation of the random tree adopts a binary method or a random hyperplane method. And then, carrying out abnormity judgment according to the abnormal score of the isolated tree structure, wherein a random forest is a tree group formed by isolated decision trees with different IDs (identities), and the model CAN detect message data abnormity, such as CAN (controller area network) frame tampering, illegal message injection and other attacks.
The CAN network anomaly detection model scheme of the cloud server 7 CAN also be based on a neural network principle, namely, a neural network model is constructed to detect whether an event is abnormal or not, whether a fault occurs or not, or to predict the development of an object; the method can carry out joint detection through two aspects: the data packet sending frequency of the CAN network is used as the input of a BP neural network to train a model, and the CAN network anomaly detection model CAN detect denial of service attack, replay and injection attack; and (3) training a model by taking data with relevance (such as engine speed, air intake quantity, vehicle speed and the like) as input of another BP neural network, and if one data is abnormal and an error occurs in the relevance with the other data, judging that the data is abnormal, wherein the model can detect tampering attack and man-in-the-middle attack.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention.
Claims (7)
1. The utility model provides an online car CAN network anomaly detection system which characterized in that: the method comprises the following steps: the system comprises a cloud server (7) and a vehicle-mounted terminal (10);
the cloud server (7) is connected with the vehicle-mounted terminal (10);
the vehicle-mounted terminal (10) comprises a CAN protocol analysis module (1), a central processor module (2), a remote data interaction module (3), a detection model storage module (4), an alarm module (5) and a power supply module (6);
the central processor module (2) is connected with one end of the CAN protocol analysis module (1), one end of the alarm module (5) and one end of the detection model storage module (4);
the other end of the detection model storage module (4) is connected with the remote data interaction module (3);
the power module (6) is connected with the CAN protocol analysis module (1), the central processor module (2), the detection model storage module (4) and the alarm module (5).
2. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the CAN protocol analysis module (1) adopts a chip model of TJA1050, an RS pin of the TJA1050 is connected with an anode of a diode D7, an anode of a diode D8, one end of a capacitor C3 and one end of a capacitor C4, a CANH pin of the TJA1050 is connected with the other end of the capacitor C3 and the other end of a capacitor C4, and a CANL pin of the TJA1050 is connected with a cathode of a diode D7 and a cathode of a diode D8.
3. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the chip model adopted by the central processing unit module (2) is STM32F103CBT6, the NRST pin of STM32F103CBT6 is connected with the ground through a capacitor C18, the PB10 pin and the PB11 pin of STM32F103CBT6 are respectively connected with resistors R1 and R22, and the VSS _1 pin, the VSS _2 pin and the VSS _3 pin of STM32F103CBT6 are connected with the ground.
4. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the remote data interaction module (3) adopts a ZM9000 module.
5. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the model of a chip adopted by the detection model storage module (4) is W25N512, and a V _ BCKP pin of the W25N512 chip is connected with one end of a capacitor C9, one end of a capacitor C11 and one end of a capacitor C13; the other end of the capacitor C9, the other end of the capacitor C11 and the other end of the capacitor C13 are all connected with the ground.
6. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the chip adopted by the alarm module (5) is ESP32-U4WDH, the 1Y pin of the ESP32-U4WDH is connected through one end of a resistor R4, and the 2Y pin of the ESP32-U4WDH is connected through one end of a resistor R3.
7. The on-line CAN network anomaly detection system for automobiles according to claim 1, characterized in that: the power module (6) adopts a chip model of TPS5430, a VIN pin of the TPS5430 is connected with one end of a capacitor C6, a pin of a diode D1 and one end of a resistor R27, and a BOOT pin of the TPS5430 is connected with one end of a capacitor C5 and an anode of a diode D3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022060489.5U CN212696022U (en) | 2020-09-18 | 2020-09-18 | Online automobile CAN network anomaly detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022060489.5U CN212696022U (en) | 2020-09-18 | 2020-09-18 | Online automobile CAN network anomaly detection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212696022U true CN212696022U (en) | 2021-03-12 |
Family
ID=74885304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202022060489.5U Active CN212696022U (en) | 2020-09-18 | 2020-09-18 | Online automobile CAN network anomaly detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212696022U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988342A (en) * | 2020-09-18 | 2020-11-24 | 大连理工大学 | Online automobile CAN network anomaly detection system |
-
2020
- 2020-09-18 CN CN202022060489.5U patent/CN212696022U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988342A (en) * | 2020-09-18 | 2020-11-24 | 大连理工大学 | Online automobile CAN network anomaly detection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131185B (en) | CAN bus network anomaly detection method and device based on machine learning | |
| CN111988342A (en) | Online automobile CAN network anomaly detection system | |
| CN110149345B (en) | Vehicle-mounted network intrusion detection method based on message sequence prediction | |
| US11748474B2 (en) | Security system and methods for identification of in-vehicle attack originator | |
| Zhang et al. | Intrusion detection system using deep learning for in-vehicle security | |
| Martinelli et al. | Car hacking identification through fuzzy logic algorithms | |
| CN111030962B (en) | Vehicle-mounted network intrusion detection method and computer-readable storage medium | |
| EP3787936B1 (en) | Detecting abnormal events in vehicle operation based on machine learning analysis of messages transmitted over communication channels | |
| CN111970309A (en) | Spark Internet of vehicles based combined deep learning intrusion detection method and system | |
| CN111770069B (en) | Vehicle-mounted network simulation data set generation method based on intrusion attack | |
| CN111885060B (en) | Internet of vehicles-oriented nondestructive information security vulnerability detection system and method | |
| CN114900331B (en) | Vehicle-mounted CAN bus intrusion detection method based on CAN message characteristics | |
| CN212696022U (en) | Online automobile CAN network anomaly detection system | |
| CN112822684B (en) | Vehicle intrusion detection method and defense system | |
| CN110793537A (en) | Navigation path recommendation method, vehicle machine and vehicle | |
| CN111199030A (en) | Vehicle, vehicle equipment and automatic activation method of vehicle-mounted third-party application software | |
| CN113938295B (en) | Method and system for detecting abnormal transmission behavior of internet automobile communication data, electronic equipment and readable medium | |
| CN111966083A (en) | Automobile CAN bus information safety simulation device | |
| CN213338428U (en) | Automobile CAN bus information safety simulation device | |
| Wang et al. | Detecting vehicle anomaly by sensor consistency: An edge computing based mechanism | |
| CN113037750B (en) | Vehicle detection data enhancement training method and system, vehicle and storage medium | |
| CN112118256A (en) | Industrial control equipment fingerprint normalization method and device, computer equipment and storage medium | |
| Hamad et al. | Intrusion detection system using artificial intelligence for internal messages of robotic cars | |
| TWI814555B (en) | Internet of vehicles message flow detection system and method thereof for analyzing malicious behavior | |
| CN115277123B (en) | Method and system for detecting vehicle CAN bus injection attack abnormality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |