WO2019239798A1 - 電子制御装置および電子制御システム - Google Patents

電子制御装置および電子制御システム Download PDF

Info

Publication number
WO2019239798A1
WO2019239798A1 PCT/JP2019/019866 JP2019019866W WO2019239798A1 WO 2019239798 A1 WO2019239798 A1 WO 2019239798A1 JP 2019019866 W JP2019019866 W JP 2019019866W WO 2019239798 A1 WO2019239798 A1 WO 2019239798A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
prediction
electronic control
data frame
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2019/019866
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
慎太郎 鵜飼
健司 菅島
一夫 山岡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Denso Corp
Original Assignee
Denso Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Denso Corp filed Critical Denso Corp
Publication of WO2019239798A1 publication Critical patent/WO2019239798A1/ja
Priority to US17/116,641 priority Critical patent/US11582112B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • H04L12/40026Details regarding a bus guardian
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40143Bus networks involving priority mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Definitions

  • This application relates to a technique for preventing unauthorized control of an electronic control unit (ECU: Electric Control Unit) via a network, and is mainly used for an electronic control device and an electronic control system for a vehicle.
  • ECU Electric Control Unit
  • Patent Document 1 when an illegal frame is transmitted / received in an in-vehicle system, a cancellation frame for invalidating the illegal frame is transmitted using LIFO (Last In First Out) control, and the electronic control device A frame monitoring device is disclosed that prevents control by an illegal frame.
  • the monitoring device determines that the transmitted / received frame is an illegal frame, the monitoring device transmits a frame having the same content as the regular frame received immediately before as a cancellation frame.
  • an electronic control device that is a transmission destination of a frame is controlled based on control information included in a cancellation frame received after the illegal frame. Can be prevented from being controlled by.
  • control information included in a cancellation frame received after the illegal frame.
  • a frame having the same content as the immediately preceding regular frame is used as a cancellation frame, a change in the vehicle situation over time that may be caused by such a time lag is not taken into consideration. For this reason, the inventor has found a problem that it is not appropriate to use the control information included in the immediately preceding regular frame as the control information included in the cancellation frame.
  • an object of the present disclosure is to predict normal data that should be included in a data frame, and to invalidate an illegal frame using a frame including the predicted data.
  • An electronic control device includes a reception unit that receives a data frame transmitted from another electronic control device via a communication network, a first storage unit that stores the data frame, and the data frame A second storage unit that stores a prediction generation method that predicts and generates data included in the data frame, an abnormality determination unit that determines whether the data frame is abnormal, and the data frame that is determined to have the abnormality A prediction data generation unit that generates prediction data predicted to be normal data to be generated using past data that is data included in the data frame stored in the first storage unit, based on the prediction generation method And a transmission unit that transmits a predicted data frame including the predicted data via the communication network.
  • An electronic control system includes a first electronic control device that transmits a data frame via a communication network, a receiving unit that receives the data frame, and a first storage that stores the data frame.
  • a second storage unit that stores a prediction generation method for predicting and generating data included in the data frame, an abnormality determination unit that determines whether there is an abnormality in the data frame, and determining that there is the abnormality
  • the past data that is data included in the data frame stored in the first storage unit is used to predict normal data to be included in the data frame and predicted data.
  • a prediction data generation program receives a data frame transmitted from another electronic control device via a communication network, stores the data frame in a first storage unit, and stores the data frame Based on the prediction generation method stored in the second storage unit, the prediction data predicted to be normal data to be included in the data frame determined to be abnormal is determined based on the prediction generation method stored in the second storage unit. Generated using past data that is data included in the data frame stored in one storage unit, and transmits a predicted data frame including the predicted data via the communication network.
  • a prediction data generation method receives a data frame transmitted from another electronic control apparatus via a communication network, stores the data frame in a first storage unit, and stores the data frame Based on the prediction generation method stored in the second storage unit, the prediction data predicted to be normal data to be included in the data frame determined to be abnormal is determined based on the prediction generation method stored in the second storage unit. Generated using past data that is data included in the data frame stored in one storage unit, and transmits a predicted data frame including the predicted data via the communication network.
  • the electronic control device the electronic control system, the prediction data generation program, and the prediction data generation method of the present disclosure, it is possible to invalidate an illegal frame using a frame including data with appropriate contents.
  • FIG. 1 is a diagram illustrating a configuration of an electronic control system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating the configuration of the electronic control device according to the first embodiment.
  • FIG. 3 is a diagram illustrating an example of a data frame format.
  • FIG. 4 is a diagram illustrating an example of an information table in the generation method storage unit.
  • FIG. 5 is a diagram for explaining the operation of the electronic control device according to the first embodiment.
  • FIG. 6 is a diagram for explaining the operation of the electronic control device according to the first embodiment.
  • FIG. 7 is a diagram for explaining a prediction data generation method.
  • FIG. 8 is a diagram for explaining a prediction data generation method.
  • FIG. 9 is a diagram illustrating the configuration of the electronic control system according to the second embodiment.
  • FIG. 10 is a block diagram illustrating the configuration of the electronic control device according to the third embodiment.
  • the effect described in the embodiment is an effect when the configuration of the exemplary embodiment of the present disclosure is provided, and is not necessarily the effect that the present disclosure has.
  • the configuration disclosed in each embodiment is not closed only by each embodiment, and can be combined across the embodiments.
  • the configuration disclosed in one embodiment may be combined with another embodiment.
  • the problem described in the present disclosure is not a known problem, but has been independently found by the present inventor, and is a fact that confirms the inventive step together with the configuration and method of the present disclosure.
  • FIG. 1 shows an electronic control system 1 for a vehicle composed of a plurality of electronic control devices.
  • a plurality of electronic control devices are connected via a communication network 101.
  • two electronic control devices A transmission source electronic control device 102 and a transmission destination electronic control device 103. Further, the transmission source electronic control device 102 and the transmission destination electronic control device 103 are respectively connected to sensors that detect the situation of the host vehicle and surrounding vehicles.
  • the electronic control device constituting the electronic control system 1 transmits and receives data acquired from the sensors via the communication network 101.
  • the communication network 101 includes, for example, a communication method such as CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet (registered trademark), Wi-Fi (registered trademark), Bluetooth (registered trademark), etc.
  • CAN Controller Area Network
  • LIN Local Interconnect Network
  • Ethernet registered trademark
  • Wi-Fi registered trademark
  • Bluetooth registered trademark
  • the electronic control device 100 may be configured as, for example, a so-called information processing device that mainly includes a semiconductor device and includes a volatile storage unit such as a CPU (Central Processing Unit) and a RAM (Random Access Memory). .
  • the information processing apparatus may further include a nonvolatile storage unit such as a flash memory, a network interface unit connected to a communication network, and the like.
  • a nonvolatile storage unit such as a flash memory, a network interface unit connected to a communication network, and the like.
  • such an information processing device may be a packaged semiconductor device or a configuration in which each semiconductor device is connected by wiring on a wiring board.
  • the electronic control system 1 includes the electronic control device 100 as a dedicated electronic control device that exhibits the functions described in the present embodiment.
  • the electronic control device 100 is not necessarily a dedicated electronic control device, and an electronic control device having other functions may be configured to further have the functions described in the present embodiment.
  • a gateway (not shown) having a relay function for data communication performed between a plurality of communication networks mounted on the vehicle and a function for communicating with the outside of the vehicle is configured to have the function of this embodiment. Also good.
  • the electronic control system 1 shows an example in which the electronic control system 1 includes only the electronic control device 100, the transmission source electronic control device 102, and the transmission destination electronic control device 103.
  • the electronic control system 1 May include any number of electronic control devices connected via the communication network 101.
  • the configuration of the electronic control device 100 of this embodiment will be described with reference to FIG.
  • the electronic control device 100 includes a receiving unit 10, a data frame storage unit 11, a generation method storage unit 12, an abnormality determination unit 13, a predicted data generation unit 14, and a transmission unit 15.
  • a receiving unit 10 receives a signal from the external control device.
  • a data frame storage unit 11 stores data from the external control device.
  • a generation method storage unit 12 receives a data frame storage unit 11
  • an abnormality determination unit 13 a predicted data generation unit 14
  • a transmission unit 15 a transmission unit 16.
  • the configuration illustrated in FIG. 2 may be provided across a plurality of electronic control devices.
  • the receiving unit 10 receives data frames transmitted / received between two or more electronic control devices connected via the communication network 101.
  • the receiving unit 10 of the electronic control device 100 receives a data frame transmitted from the transmission source electronic control device 102 (corresponding to another electronic control device).
  • FIG. 3 shows an example of a format of a data frame transmitted / received via the communication network 101.
  • the data frame shown in FIG. 3 includes an ID field (CAN-ID) having identification information (hereinafter referred to as a frame ID) of a data frame communicated by CAN, a length field (DLC) indicating the length of the data field, and 1 It consists of a data field having the above signal part.
  • CAN-ID ID field
  • DLC length field
  • the frame ID is specific identification information assigned according to the type of data included in the signal part. That is, the same frame ID is assigned to data frames having the same type of data included in the signal portion.
  • the data frame storage unit 11 (corresponding to the first storage unit) stores “data frame” received by the receiving unit 10.
  • the data frame storage unit 11 may store all the contents included in the data frame received by the receiving unit 10, and only a part of the data frame, for example, the data stored in the frame ID and the signal unit May be stored.
  • the data frame storage unit 11 may further store the reception time of the data frame in the reception unit 10 in association with the data frame.
  • the data frame storage unit 11 stores all data frames that are determined to be normal by an abnormality determination unit 13 described later.
  • the data frame storage unit 11 may store only a data frame having a specific frame ID or data stored in a specific signal unit. Furthermore, in order to secure a memory capacity, the data frame storage unit 11 stores the data frame.
  • “store data frame” in the present disclosure includes not only the case of storing all data frames but also the case of storing only a part of the contents included in the data frames.
  • the generation method storage unit 12 (corresponding to the second storage unit) stores a method for predicting and generating data included in the data frame (hereinafter referred to as prediction generation method).
  • the prediction generation method is written and stored in advance in the generation method storage unit 12 before the electronic control device 100 performs the operation described below. Therefore, the prediction generation method is written by, for example, a vehicle manufacturing factory or an electronic control device manufacturing factory before being shipped from the factory, or is written or updated by a dealer after being shipped from the factory.
  • FIG. 4 shows an example of an information table indicating the prediction generation method stored in the generation method storage unit 12.
  • the generation method storage unit 12 stores a frame ID (for example, 0x001) and prediction data assigned to the type of prediction data generated by the prediction generation method.
  • Information indicating a signal part for example, signal A
  • a signal part start point indicating the position of the signal part in the data frame
  • a bit length of the signal part indicating the position of the signal part in the data frame
  • a data list necessary for prediction generation for example, a prediction generation method
  • data indicating the storage destination of the data in the data frame storage unit 11 are stored.
  • the information table illustrated in FIG. 4 is merely an example, and the generation method storage unit 12 may store information other than that illustrated in FIG.
  • the abnormality determination unit 13 determines whether there is a “data frame abnormality” received by the reception unit 10.
  • “abnormality of data frame” in the present disclosure includes not only the case where the data frame itself or the content of the data frame is abnormal, but also the case where the timing at which the data frame is transmitted or received is not normal.
  • the method for determining whether the abnormality determination unit 13 has an abnormality in the data frame is arbitrary.
  • the abnormality determination unit 13 may determine whether there is an abnormality in the data frame based on the reception time of the data frame. For example, some data frames are transmitted from a specific electronic control device at a constant cycle. For such a data frame, the scheduled reception time of the next data frame can be calculated based on the transmission period of the data frame and the reception time when the receiving unit 10 received the latest data frame. However, if there is a large difference between the scheduled reception time and the actual reception time of the next data frame, there is a high possibility that this data frame has not been transmitted normally.
  • the abnormality determination unit 13 determines that the data frame received at this reception time is abnormal.
  • the abnormality determination unit 13 determines that some or all of the plurality of data frames received near the scheduled reception time are abnormal.
  • the prediction data generation unit 14 generates prediction data predicted as “normal data to be included” in the data frame determined to be abnormal based on the prediction generation method stored in the generation method storage unit 12. To do.
  • This predicted data is, for example, normal data that should be included in a data frame when it is assumed that a data frame determined to be abnormal is transmitted at a predetermined frame transmission time (corresponding to a predetermined transmission time). is there.
  • the prediction data generation unit 14 selects a data frame determined as having an abnormality from the information table.
  • a prediction generation method is selected based on specific types of data such as vehicle speed and pressure included, and prediction data is generated based on the selected prediction generation method.
  • the prediction data generation unit 14 obtains data (corresponding to past data) necessary for generation of prediction data from the data frame stored in the data frame storage unit 11, and performs operations on these data. Generated by.
  • the prediction data generation unit 14 since the generation method storage unit 12 stores a data list indicating data necessary for prediction generation together with the prediction generation method, the prediction data generation unit 14 is shown in the data list. Data may be read out from the data frame storage unit 11 and acquired. However, when the data list is not included in the information table stored in the generation method storage unit 12, the prediction data generation unit 14 generates the prediction generation based on the prediction generation method read from the generation method storage unit 12. Data necessary to execute the method may be determined, and necessary data may be acquired from the data frame storage unit 11 based on the determination result.
  • normal data to be included in the data frame of the present disclosure is data originally included when the data frame determined to be abnormal is transmitted from the transmission source electronic control device. It is not limited.
  • “normal data to be included” includes data that is predicted and generated in consideration of a difference in transmission source electronic control device, a difference in transmission time, or a type or attribute of data to be transmitted. Data that will be included when it is assumed that the data frame determined to be abnormal is transmitted at a time different from the transmission time transmitted from the transmission source electronic control device.
  • the prediction data generation unit 14 further stores the generated prediction data in a predetermined signal unit based on the information of the signal unit shown in the information table of the generation method storage unit 12, and information indicating the starting point of the signal unit, and Based on the information indicating the bit length of the signal, the signal portion is arranged at a predetermined position of the data frame, thereby generating a prediction data frame including the prediction data.
  • the prediction data generation unit 14 When the data frame has a plurality of signal parts in the data field, the prediction data generation unit 14 generates prediction data to be stored in each of the plurality of signal parts based on each prediction generation method. Then, the generated prediction data is stored in each signal part, and each signal part is arranged at a predetermined position to generate a prediction data frame.
  • the transmission unit 15 transmits the prediction data frame generated by the prediction data generation unit 14. Note that when the prediction data generation unit 14 generates normal data to be included in the data frame on the assumption that the prediction data is transmitted at a predetermined frame transmission time as the prediction data, the transmission unit 15 The predicted data frame is transmitted at the transmission time.
  • the frame transmission time is a time obtained by adding the time required to generate and transmit the prediction data frame to the time determined to be abnormal, and includes the prediction data without delay after the generation of the prediction data, for example. Although it is the time when the prediction data frame can be transmitted, it may be the time when a predetermined weight is sandwiched after the generation of the prediction data.
  • the predetermined transmission time corresponds to a time lag until the electronic control device 100 transmits the predicted data frame after the abnormality is detected. Further, depending on the processing speed of the electronic control device 100, the frame transmission time and the time determined to be abnormal may be evaluated to be substantially the same time. The time at which the abnormality is detected is substantially the same as the time at which the other electronic control device transmits the data frame.
  • FIG. 5 shows an operation when there is no abnormality in the data frame received by the receiving unit 10
  • FIG. 6 shows an operation when there is an abnormality in the data frame.
  • the receiving unit 10 receives a data frame transmitted / received between electronic control devices connected via the communication network 101 (S101).
  • the receiving unit 10 requests the abnormality determining unit 13 to determine whether or not the received data frame is abnormal (S102).
  • the reception unit 10 may notify the abnormality determination unit 13 of the received data frame and the reception time thereof together with the abnormality determination request.
  • the abnormality determination unit 13 that has received the request in S102 determines whether there is an abnormality in the received data frame (S103).
  • the abnormality determination unit 13 When it is determined that there is no abnormality in the data frame as shown in FIG. 5, the abnormality determination unit 13 notifies the reception unit 10 of a determination result indicating that there is no abnormality in the data frame (S104). Then, the receiving unit 10 stores the data frame received in S101 in the data frame storage unit 11 (S105). In the embodiment shown in FIG. 5, only the data frame determined to have no abnormality is stored in the data frame storage unit 11, but all the data frames received by the reception unit 10 are stored in the data frame storage unit 11. You may remember.
  • the abnormality determination unit 13 instructs the prediction data generation unit 14 A generation is requested (S114). At this time, the abnormality determination unit 13 may notify the prediction data generation unit 14 of the frame ID of the data frame determined to have an abnormality, the frame reception time, the data included in the data frame, and the like.
  • the prediction data generation unit 14 that has received the prediction data generation request from the abnormality determination unit 13 is based on the data included in the data frame determined to be abnormal from the information table stored in the generation method storage unit 12.
  • a prediction generation method, a data list indicating data necessary for prediction generation, and the like are read (S115).
  • the prediction data generation unit 14 selects and reads out the prediction generation method corresponding to the data included in the data frame determined to be abnormal, using the frame ID assigned according to the data type. Good. For example, when the frame ID of the data frame determined to be abnormal is “0x001”, the first data is read out from the information table shown in FIG. If the frame ID is “0x002”, the second and third data are read from the information table shown in FIG.
  • the prediction data generation unit 14 that has read the prediction generation method and the like from the information table of the generation method storage unit 12 reads data necessary to execute the read prediction generation method from the data frame storage unit 11 (S116). .
  • the prediction data generation unit 14 generates prediction data using data (corresponding to past data) read from the data frame storage unit 11 based on the prediction generation method read in S115 (S117).
  • the prediction data generation unit 14 further generates a prediction data frame including the generated prediction data (S118).
  • the prediction data generation unit 14 requests the transmission unit 15 to transmit the generated prediction data frame (S119).
  • the transmission unit 15 transmits a prediction data frame (S120).
  • the transmission destination electronic control device 103 receives the same data frame as the data frame received by the receiving unit 10 in S101, and then receives the predicted data frame transmitted from the transmitting unit 15 in S120.
  • the transmission destination electronic control unit 103 reads out the latest data frame from the received data frame by LIFO control, and performs control based on data included in the data frame. That is, when the transmission destination electronic control apparatus 103 receives the predicted data frame transmitted from the transmission unit 15 in S120 before being controlled by the previously received data frame, the transmission destination electronic control apparatus 103 is controlled by the predicted data frame.
  • the prediction data A is generated using data related to the past steering angle based on the prediction generation method shown in the following equation (1).
  • A a 1 + (a 1 ⁇ a 2 ) / T ⁇ (t 0 ⁇ t 1 ) (1)
  • a 1 is the latest data on the steering angle that is included in the data frame stored in the data frame storage unit 11
  • the steering angle a 2 is contained in the data frame stored in the data frame store 11 a data related to, a new data to the next of a 1.
  • T is a transmission period of a data frame including data related to the steering angle.
  • T 0 is a scheduled transmission time at which the data frame generated by the prediction data generation unit 14 is scheduled to be transmitted from the transmission unit 15, and t 1 is a data frame including a 1 received by the reception unit 10. Received time.
  • scheduled transmission time t 0 can be calculated by adding the reception time of the data frame determined that there is an abnormality, and a time required for generating and transmitting a data frame including the prediction data .
  • the generation method storage unit 12 stores a data list necessary for predictive generation, in the above example, as shown first in the information table shown in FIG. 4, the data list includes a 1 and a 2. , And t 1 are described, and the prediction data generation unit 14 reads these data from the data frame storage unit 11 and generates the prediction data A based on Expression (1).
  • FIG. 7 is a diagram for explaining this prediction generation method.
  • the electronic control unit since the content of the data frame that invalidates the illegal frame is the same as the data frame received immediately before, the electronic control unit transmits the data of a 1 at the scheduled transmission time t 0 .
  • the steering angle at the scheduled transmission time t 0 may increase from a 1 as shown by the broken line in FIG. Is expensive. Therefore, the steering angle at the scheduled transmission time t 0 is predicted based on the prediction generation method shown in Expression (1), and the prediction data A is generated.
  • the steering angle a 1 stored in the data frame store 11 is 30.0 °
  • the reception time t 1 of the steering angle a 1 is 10.00 seconds
  • the steering angle a 2 is 29.0 °
  • the data Consider a case where the frame transmission cycle T is 1.0 second, the reception time of a data frame determined to be abnormal is 10.05 seconds, and the time required to transmit the data frame is 0.05 seconds.
  • the steering angle prediction data A is calculated to be 30.1 ° based on the equation (1). Therefore, the transmission unit 15 transmits the predicted data frame including the generated predicted data of 30.1 ° at the scheduled transmission time of 10.10 seconds (10.05 + 0.05 seconds).
  • prediction data may be generated based on an average of data of the same type as abnormal data among data stored in the data frame storage unit 11.
  • the lighting state of a fog lamp of a vehicle generally does not change frequently. Therefore, when it is assumed that the data that will be included in the data frame determined to be abnormal, or the abnormal data frame was transmitted at a predetermined frame transmission time, the normal data to be included in the data frame All the data is likely to be the same as the past lighting state of the fog lamp. Therefore, when the abnormal data included in the data frame determined to be abnormal is data indicating the lighting state of the fog lamp of the vehicle, prediction data is generated from the average of the data indicating the past lighting state of the fog lamp.
  • the prediction data generation unit 14 generates data indicating the lighting of the fog lamp, which is data above the average, as prediction data.
  • prediction data predicted from data of the same type as abnormal data is generated. Predicted data may be generated.
  • the prediction data B is generated using past vehicle speed data and data other than the vehicle speed based on the prediction generation method shown in the following equation (2).
  • B b 1 + c 1 ⁇ (t 0 ⁇ t 1 ) (2)
  • b 1 is the latest data related to the vehicle speed stored in the data frame storage unit
  • c 1 is the latest data related to the acceleration stored in the data frame storage unit.
  • T 1 is a reception time when the receiving unit 10 receives a data frame including b 1 .
  • the prediction data generation unit 14 reads these data from the data frame storage unit 11 and generates the prediction data B based on Expression (2).
  • a vehicle speed b 1 stored in the data frame store 11 is 30.0km / h
  • the reception time t 1 of b 1 is 10.00 seconds
  • the acceleration c 1 is 1.0 m / s 2
  • abnormality Consider a case where the reception time of a data frame determined to be 10.05 seconds and the time required to transmit the data frame is 0.05 seconds.
  • the vehicle speed prediction data B is calculated as 30.36 km / h based on the equation (2). Therefore, the transmission unit 15 transmits a prediction data frame including prediction data of 30.36 km / h at a transmission time of 10.10 seconds.
  • prediction data is generated using data other than the vehicle speed (for example, acceleration data) in addition to the past vehicle speed data.
  • prediction data may be generated using only data of a type completely different from abnormal data.
  • the preceding vehicle For example, in a vehicle equipped with a driving support system, multiple factors such as the speed of the host vehicle, the speed of a vehicle traveling in front of the host vehicle (hereinafter referred to as the preceding vehicle), and the inter-vehicle distance from the preceding vehicle are determined in combination. And generate a brake request. Therefore, when the abnormal data is data related to a brake request, it is desirable to generate prediction data using data that is completely different from data related to a past brake request. Below, an example of the prediction production
  • the prediction data generation unit 14 executes the following formulas (3) to (8) to generate prediction data.
  • the relative acceleration ar 1 of the host vehicle with respect to the preceding vehicle is calculated according to the following equation (3).
  • ar 1 (vr 1 ⁇ vr 2 ) / (t 1 ⁇ t 2 ) (3)
  • vr 1 is the latest data regarding the relative speed with the preceding vehicle stored in the data frame storage unit 11
  • vr 2 is the data regarding the relative speed with the preceding vehicle stored in the data frame storage unit 11.
  • t 1 and t 2 are the reception times of vr 1 and vr 2 in the receiving unit 10, respectively.
  • ar 1 corresponds to the rate of change of the relative speed between t 1 and t 2 as shown in FIG.
  • a1 a0-ar 1 (4)
  • a0 is data relating to the acceleration of the host vehicle stored in the data frame storage unit 11.
  • the relative acceleration ar of the host vehicle with respect to the preceding vehicle at the time of emergency braking is calculated based on Expression (5).
  • 0 is calculated.
  • the acceleration when the emergency brake is applied may be set in advance, or may be calculated by calculation based on the vehicle speed.
  • ar 0 g ⁇ a1 (5) Note that ar 0 corresponds to the rate of change of the relative speed after t 1 as shown in FIG.
  • the predicted braking distance R0 obtained by the equation (7) is compared with the actual inter-vehicle distance R between the preceding vehicle and the host vehicle stored in the data frame storage unit.
  • the predicted braking distance R0 is larger than the actual inter-vehicle distance R, the relative speed of the host vehicle with respect to the preceding vehicle becomes zero, and the host vehicle is moved to the preceding vehicle before the speeds of the preceding vehicle and the host vehicle become equal. There is a risk of collision. Therefore, when R 0 > R, the prediction data generation unit 14 generates data indicating that there is a brake request as prediction data.
  • the types of data described above are merely examples, and arbitrary data can be generated as prediction data.
  • an engine speed whose value can be continuously changed, such as the vehicle speed may be generated as the prediction data.
  • data indicating ON / OFF of ACC Adaptive Cruise Control
  • the vehicle speed is shown as an example of the prediction generation method using data of a different type from the abnormal data, only the past vehicle speed data is used without generating the acceleration data in order to generate the vehicle speed prediction data. May be.
  • prediction generation method on the assumption that the data changes linearly and the prediction generation method using the average are shown, but the prediction generation method of the present embodiment is limited to the exemplified one. Rather, any method can be used.
  • prediction data may be generated by a least square method using a plurality of data stored in the data frame storage unit.
  • the data frame transmitted from the transmission unit 15 includes the prediction data generated based on the prediction generation method, and data other than the prediction data may be included.
  • the prediction data generation unit 14 stores the prediction data generated based on the prediction generation method of the present embodiment in the signal unit A, and generates based on the prediction generation method like vehicle identification information. Data different from the predicted data to be generated is stored in the signal part B to generate a data frame.
  • the prediction data generation unit 14 may store vehicle identification information in a memory, and generate a prediction data frame by adding vehicle identification information to the generated prediction data.
  • constant data such as vehicle identification information may also be generated using the same method as the prediction data of this embodiment.
  • c 1 is the latest data relating to the identification information of the vehicle stored in the data frame store. That is, for data such as vehicle identification information, the same value as the latest data stored in the data frame storage unit is always stored in the signal unit.
  • the prediction data generation part 14 combines the signal part which stored the prediction data produced
  • the data included in the data frame that invalidates the illegal frame is set as the prediction data of normal data that should be included in the data frame, thereby appropriately controlling the transmission destination electronic control device. Can be done. Furthermore, by using the prediction data as data at the transmission time of the data frame, it is possible to control the transmission destination electronic control device with information suitable for the state at the time of transmission of data that changes with time. .
  • the prediction data generation unit 14 is configured to generate prediction data mainly from the data frames stored in the data frame storage unit 11. However, the prediction data generation unit 14 may further acquire data directly from a sensor or the like connected to the electronic control device 100, and generate prediction data using this data.
  • FIG. 9 shows the electronic control system of this embodiment. Unlike the electronic control system shown in FIG. 1, a sensor (corresponding to a sensor device) 104 is connected to the electronic control device 100. In FIG. 9, only the sensor 104 is connected to the electronic control device 100, but the electronic control device 100 may be connected to a plurality of sensors as a matter of course. Further, the electronic control device 100 may be connected to a sensor connected to the transmission source electronic control device 102 or the transmission destination electronic control device 103.
  • the sensor 104 connected to the electronic control device 100 is a distance measuring sensor that detects data indicating the state of the vehicle (corresponding to vehicle data), for example, a distance between the vehicle ahead and the host vehicle.
  • the brake request exemplified in the first embodiment is generated as prediction data
  • the data frame stored in the data frame storage unit 11 is not read for the actual inter-vehicle distance R between the preceding vehicle and the host vehicle.
  • the data of the inter-vehicle distance R may be received from the sensor 104, and this data may be compared with the expected braking distance R0 obtained by the equation (7).
  • the sensor to which the electronic control device 100 is connected is not limited to the distance measuring sensor according to the above example, and can be connected to any sensor.
  • the electronic control unit 100 can acquire data directly from the sensor and generate predicted data, an appropriate number of data frames for generating predicted data is stored in the data frame.
  • the case where the data frame is not stored in the unit 11 is, for example, the case immediately after starting the vehicle and the number of data frames sufficient to generate the prediction data is not stored in the data frame storage unit 11.
  • the electronic control device 100 can generate prediction data by using the data directly acquired from the sensor.
  • the electronic control device 100 can generate prediction data using the latest data by acquiring data directly from the sensor, the accuracy of the prediction data can be improved. Can appropriately control the transmission destination electronic control device using the latest data.
  • the prediction data generation unit 14 In the first embodiment, the configuration in which the prediction data generation unit 14 generates the prediction data whenever there is an abnormality in the data frame has been described. However, the prediction data generation unit 14 may be configured to generate prediction data only when a specific condition is satisfied even when there is an abnormality in the data frame.
  • FIG. 10 shows an electronic control device 200 according to the third embodiment.
  • the electronic control device 200 illustrated in FIG. 10 includes a data generation determination unit 16 in addition to the configuration illustrated in FIG.
  • the data generation determination unit 16 determines whether or not to generate the prediction data in the prediction data generation unit 14 and determines the determination. The result is notified to the prediction data generation unit 14. And when the determination result notified from the data generation determination part 16 has shown producing
  • the data generation determination unit 16 executes the generation of prediction data only when the data type included in the data frame determined to be abnormal is a preset data type. Make a decision. For example, data such as vehicle speed, engine speed, and steering angle are data directly related to vehicle travel, and affect vehicle safety. Therefore, in order to realize safe driving of the vehicle, it is desirable to prevent the electronic control device from being controlled by an illegal data frame when a data frame including such data is illegally transmitted.
  • the data The generation determination unit 16 determines to generate prediction data.
  • the data generation determination unit 16 includes the latest data of the same type as the data included in the data frame determined to be abnormal among the data frames stored in the data frame storage unit 11; Whether to generate prediction data may be determined based on the difference from the abnormal data.
  • the data generation determination unit 16 compares the difference between the abnormal data and the latest data with a preset allowable difference, and determines that the prediction data is generated when the difference is equal to or larger than the allowable difference. Specifically, when the allowable difference is set to 5 km / h for the data relating to the vehicle speed, the abnormal data indicates the vehicle speed of 65 km / h, and the latest data stored in the data frame storage unit 11 is It is assumed that the vehicle speed is 50 km / h. In this case, the difference between the abnormal data and the latest data is 15 km / h, which is equal to or greater than the allowable difference. Therefore, the data generation determination unit 16 determines to generate prediction data, and notifies the prediction data generation unit 14 of the determination result.
  • the data generation determination unit 16 determines not to generate the prediction data, and notifies the prediction data generation unit 14 of the determination result.
  • a data frame determined to be abnormal includes a plurality of signal parts
  • only abnormal data stored in a specific signal part for example, signal part A
  • the difference between the latest data and the allowable difference may be compared.
  • the data generation determination unit 16 does not consider abnormal data stored in a signal unit other than the signal unit A (for example, the signal unit B) in determining whether to generate prediction data.
  • the data generation determination unit 16 may further monitor the load on the communication network 101 and determine whether to generate prediction data based on the load on the communication network 101.
  • the load on the communication network 101 increases by transmitting a prediction data frame including the generated prediction data. Therefore, when the load of the communication network 101 is high, transmission / reception of a more important data frame may be hindered by transmitting the predicted data frame. Therefore, for example, the data generation determination unit 16 compares the load of the communication network 101 with a preset threshold of the load of the communication network, and generates prediction data when the load of the communication network 101 is lower than the threshold. If the load on the communication network 101 is higher than the threshold value, it is determined not to generate the prediction data, and the determination result is notified to the prediction data generation unit 14.
  • the data generation determination unit 16 further monitors the “reception frequency” at which the reception unit 10 receives the data frame determined to be abnormal, and generates prediction data based on the reception frequency. You may determine whether.
  • the “reception frequency” indicates, for example, the “number of times” such as the number of times an abnormal data frame is received within a certain period, or the number of times an abnormal data frame is continuously received.
  • both cases where “interval” is indicated, such as the reception interval of an abnormal data frame, are included.
  • the prediction data generation unit 14 does not generate prediction data for all the data frames determined to be abnormal and receives Prediction data may be generated for every fixed number of data frames or every fixed time, and a prediction data frame including the prediction data may be transmitted from the transmission unit 15.
  • the transmission destination electronic control device 103 reads out the latest data frame from the received data frame by LIFO control, and performs control based on the data included in the data frame. That is, even if the electronic control apparatus 100 transmits a plurality of predicted data frames including the predicted data, the transmission destination electronic control apparatus 103 uses only the latest predicted data frame, and the other predicted data frames are invalid. In this way, when the electronic control device 100 transmits a predicted data frame that is not used by the transmission destination electronic control device 103, the load on the communication network 101 may increase, and transmission / reception of more important data frames may be hindered. . In particular, if a data frame having an abnormality is continuously received and a predicted data frame is continuously transmitted along with the data frame, the load on the communication network 101 increases rapidly.
  • the data generation determination unit 16 monitors and counts the number of times a data frame having an abnormality is received within a certain period or continuously, and counts the received number of times and a preset threshold number of times. Compare. If the counted number of receptions is higher than the threshold number, it is determined that the generation of the prediction data is not performed for a certain number of times or a certain time. On the other hand, when a certain number of times or a certain time elapses, it is determined to generate prediction data, and the determination result is notified to the prediction data generation unit 14. It should be noted that the threshold number of times and the time used as criteria for determining whether or not to generate prediction data may differ depending on the type of data.
  • the block diagram used in the description of the embodiment is a classification and arrangement of the configuration of the electronic control device or the like for each function. These functional blocks are realized by any combination of hardware or software. Further, since the function is shown, such a block diagram can be grasped as the disclosure of the method invention.
  • first and second used in each embodiment and claims are used to distinguish two or more configurations and methods of the same type, and do not limit the order or superiority. .
  • Each embodiment is premised on an electronic control device and an electronic control system for a vehicle mounted on a vehicle, but this specification describes an information processing system including a dedicated or general-purpose electronic control system other than for a vehicle, and An information processing device including a dedicated or general-purpose electronic control device is also disclosed.
  • examples of the form of the electronic control device of the present disclosure include a semiconductor, an electronic circuit, a module, and a microcomputer.
  • necessary functions such as an antenna and a communication interface may be added to these. It is also possible to take forms such as a car navigation system, a smartphone, a personal computer, and a portable information terminal.
  • the present disclosure can be realized not only by dedicated hardware having the configuration and functions described in each embodiment, but also by a program for realizing the present disclosure stored in a storage medium such as a memory or a hard disk, and the program. It can also be realized as a combination with executable hardware or general-purpose hardware having a general-purpose CPU and memory.
  • Dedicated or general-purpose hardware storage media can be provided to dedicated or general-purpose hardware via a storage medium or via a communication line from a server without a storage medium. As a result, the latest functions can always be provided through program upgrades.
  • the electronic control device of the present disclosure has been described mainly as a vehicle electronic control device mounted on an automobile. Is possible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Small-Scale Networks (AREA)
PCT/JP2019/019866 2018-06-12 2019-05-20 電子制御装置および電子制御システム Ceased WO2019239798A1 (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/116,641 US11582112B2 (en) 2018-06-12 2020-12-09 Electronic control unit and electronic control system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018112285A JP6922852B2 (ja) 2018-06-12 2018-06-12 電子制御装置および電子制御システム
JP2018-112285 2018-06-12

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/116,641 Continuation US11582112B2 (en) 2018-06-12 2020-12-09 Electronic control unit and electronic control system

Publications (1)

Publication Number Publication Date
WO2019239798A1 true WO2019239798A1 (ja) 2019-12-19

Family

ID=68842529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/019866 Ceased WO2019239798A1 (ja) 2018-06-12 2019-05-20 電子制御装置および電子制御システム

Country Status (3)

Country Link
US (1) US11582112B2 (enExample)
JP (1) JP6922852B2 (enExample)
WO (1) WO2019239798A1 (enExample)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7347141B2 (ja) * 2019-11-13 2023-09-20 株式会社オートネットワーク技術研究所 車載通信装置及び情報置換方法
JP7122494B2 (ja) 2020-05-22 2022-08-19 三菱電機株式会社 車両制御システム、車両統合制御装置、電子制御装置、ネットワーク通信装置、車両制御方法、および、車両制御プログラム
JP7466396B2 (ja) * 2020-07-28 2024-04-12 株式会社Soken 車両制御装置
JP7540402B2 (ja) * 2021-06-22 2024-08-27 トヨタ自動車株式会社 センタ、otaマスタ、システム、方法、プログラム、及び車両
CN116881234B (zh) * 2023-06-20 2024-08-02 北京自动化控制设备研究所 磁探系统遥测数据实时预测补数方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06199154A (ja) * 1992-12-28 1994-07-19 Fujitsu Ten Ltd 電子機器の制御装置
JP2007043256A (ja) * 2005-08-01 2007-02-15 Calsonic Kansei Corp ゲートウェイ装置
JP2007081484A (ja) * 2005-09-09 2007-03-29 Auto Network Gijutsu Kenkyusho:Kk ゲートウェイ、通信制御ユニットおよび周期データの代理送信方法
WO2008126698A1 (ja) * 2007-04-05 2008-10-23 Autonetworks Technologies, Ltd. 車載用の中継接続ユニット
JP2017168993A (ja) * 2016-03-15 2017-09-21 本田技研工業株式会社 監視装置、及び、通信システム

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9975550B2 (en) * 2013-05-31 2018-05-22 Toyota Jidosha Kabushiki Kaisha Movement trajectory predicting device and movement trajectory predicting method
JP6032195B2 (ja) * 2013-12-26 2016-11-24 トヨタ自動車株式会社 センサ異常検出装置
JP6299208B2 (ja) * 2013-12-26 2018-03-28 トヨタ自動車株式会社 車両周辺状況推定装置
JP5972951B2 (ja) * 2014-10-28 2016-08-17 三菱重工業株式会社 補機制御装置、制御システム、過給機、制御方法及びプログラム
JP6429202B2 (ja) * 2016-02-10 2018-11-28 本田技研工業株式会社 車両、車両制御装置、車両制御方法、および車両制御プログラム
JP6497349B2 (ja) * 2016-04-13 2019-04-10 トヨタ自動車株式会社 車両走行制御装置
JP6460349B2 (ja) * 2016-04-13 2019-01-30 トヨタ自動車株式会社 車両走行制御装置
JP6280662B2 (ja) 2016-07-05 2018-02-14 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America 不正制御抑止方法、不正制御抑止装置及び車載ネットワークシステム
JP6849528B2 (ja) 2016-07-28 2021-03-24 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America フレーム伝送阻止装置、フレーム伝送阻止方法及び車載ネットワークシステム
JP6717723B2 (ja) * 2016-10-12 2020-07-01 矢崎総業株式会社 車両システム
US20180152475A1 (en) * 2016-11-30 2018-05-31 Foundation Of Soongsil University-Industry Cooperation Ddos attack detection system based on svm-som combination and method thereof
JP6565893B2 (ja) * 2016-12-26 2019-08-28 トヨタ自動車株式会社 運転支援装置
CN110214312A (zh) * 2017-01-24 2019-09-06 三菱电机株式会社 共享备用单元和控制系统
US10598104B2 (en) * 2017-02-03 2020-03-24 Achates Power, Inc. Mass airflow sensor monitoring using supercharger airflow characteristics in an opposed-piston engine
CN106911511B (zh) * 2017-03-10 2019-09-13 网宿科技股份有限公司 一种cdn客户源站的防护方法和系统
JP6494821B2 (ja) * 2017-04-07 2019-04-03 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America 不正通信検知基準決定方法、不正通信検知基準決定システム及びプログラム
JP6815925B2 (ja) * 2017-04-24 2021-01-20 日立オートモティブシステムズ株式会社 車両の電子制御装置
JP6993559B2 (ja) * 2017-05-16 2022-01-13 富士通株式会社 トラフィック管理装置、トラフィック管理方法およびプログラム
JP6638695B2 (ja) * 2017-05-18 2020-01-29 トヨタ自動車株式会社 自動運転システム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06199154A (ja) * 1992-12-28 1994-07-19 Fujitsu Ten Ltd 電子機器の制御装置
JP2007043256A (ja) * 2005-08-01 2007-02-15 Calsonic Kansei Corp ゲートウェイ装置
JP2007081484A (ja) * 2005-09-09 2007-03-29 Auto Network Gijutsu Kenkyusho:Kk ゲートウェイ、通信制御ユニットおよび周期データの代理送信方法
WO2008126698A1 (ja) * 2007-04-05 2008-10-23 Autonetworks Technologies, Ltd. 車載用の中継接続ユニット
JP2017168993A (ja) * 2016-03-15 2017-09-21 本田技研工業株式会社 監視装置、及び、通信システム

Also Published As

Publication number Publication date
JP2019216348A (ja) 2019-12-19
JP6922852B2 (ja) 2021-08-18
US20210092025A1 (en) 2021-03-25
US11582112B2 (en) 2023-02-14

Similar Documents

Publication Publication Date Title
WO2019239798A1 (ja) 電子制御装置および電子制御システム
US11469921B2 (en) Security device, network system, and fraud detection method
JP7231559B2 (ja) 異常検知電子制御ユニット、車載ネットワークシステム及び異常検知方法
JP6925120B2 (ja) V2x通信装置及びv2x通信システム
CN111791889B (zh) 用于驾驶机动车的控制系统和控制方法
KR101665451B1 (ko) 차량의 긴급제동 상황 판단 방법 및 장치
WO2019021403A1 (ja) 制御ネットワークシステム、車両遠隔制御システム及び車載中継装置
JPWO2012157633A1 (ja) 走行制御装置
JP6558703B2 (ja) 制御装置、制御システム、及びプログラム
KR20150125256A (ko) 운전자 편의 시스템 및 운전자 편의 시스템에서 레이더 센서의 수직각도 이상 판정 방법
JP2010006178A (ja) 運転疲労判定装置
US11636002B2 (en) Information processing device and information processing method
JP2009289204A (ja) 車載データ記録システム及び車載データ記録方法
JP6760137B2 (ja) 通信装置及び通信端末装置
JP6674312B2 (ja) ゲートウェイ装置
KR20180009221A (ko) 차량 센서 고장 검출 장치 및 방법
JP6395115B2 (ja) 車間距離制御装置及び車間距離制御方法
JP7344050B2 (ja) 車両案内システム
CN110290981B (zh) 用于以共同系统时间来触发人员保护装置的方法和装置
JP2011250110A (ja) 電子制御装置
US10495721B2 (en) Communication device, communication terminal device, communication method, and non-transitory tangible computer readable medium
JP7476018B2 (ja) 車両検知情報共有システム
WO2018158862A1 (ja) 車両用事故予測システム、および車両用事故予測方法
CN115257763B (zh) 一种行驶辅助控制模式的切换方法及相关设备
JP2020068506A (ja) 電子制御装置、電子制御システム及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19818792

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19818792

Country of ref document: EP

Kind code of ref document: A1