WO2022047617A1 - Method and system for improving vehicle security - Google Patents

Method and system for improving vehicle security Download PDF

Info

Publication number
WO2022047617A1
WO2022047617A1 PCT/CN2020/112822 CN2020112822W WO2022047617A1 WO 2022047617 A1 WO2022047617 A1 WO 2022047617A1 CN 2020112822 W CN2020112822 W CN 2020112822W WO 2022047617 A1 WO2022047617 A1 WO 2022047617A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
ids
response
event information
strategy
Prior art date
Application number
PCT/CN2020/112822
Other languages
French (fr)
Chinese (zh)
Inventor
彭建芬
郭志鹏
徐云飞
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2020/112822 priority Critical patent/WO2022047617A1/en
Priority to CN202080005094.5A priority patent/CN112752682A/en
Publication of WO2022047617A1 publication Critical patent/WO2022047617A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0231Circuits relating to the driving or the functioning of the vehicle
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Definitions

  • the present application relates to the field of automobiles, and in particular, to a method and system for improving vehicle safety.
  • the embodiments of the present application provide a method and system for improving vehicle safety, which can implement a response strategy in a timely manner in the event of a network attack on the vehicle, so as to ensure the safety of the vehicle and occupants.
  • an embodiment of the present application provides a method for improving vehicle safety, including:
  • a first response policy is sent to the first onboard component.
  • an IDS event refers to the security warning information generated by the intrusion detection system when the triggering condition of the intrusion detection system is satisfied, and the triggering condition of the intrusion detection system is an IDS event detection rule, a set of IDS event detection rules Set of detection rules for IDS events.
  • the response strategy refers to a processing rule for responding to the above-mentioned IDS event information and vehicle running state, the set of response strategies is a response strategy set, and the above-mentioned first response strategy belongs to the response strategy set.
  • the steps of acquiring and analyzing the information related to the running state of the complete vehicle are added to the processing flow of the IDS event.
  • the impact factors of network security and functional safety can be considered together, and the response strategy can be determined and executed on the vehicle side in time, which can effectively ensure the safety of the vehicle and its passengers.
  • an embodiment of the present application provides a system for improving vehicle safety, the system comprising: a collection module, an analysis module, and a response module;
  • an acquisition module for acquiring the first IDS event information and the first vehicle running state
  • an analysis module configured to determine a first response strategy according to the first IDS event information and the first vehicle operating state
  • the response module is used for: sending the first response strategy to the first vehicle-mounted component.
  • the system includes one or more sensors, and/or the acquisition module includes one or more sensors, and/or the first vehicle-mounted component includes one or more sensors.
  • the analysis module is integrated in the vehicle-mounted component, or the analysis module is an independent vehicle-mounted component.
  • the system further includes an execution module, where the execution module is configured to receive at least one of the first response strategy or the second response strategy, and/or execute the first response strategy or at least one of the second response strategies.
  • the vehicle end can execute the response strategy in time, so that the damage to the vehicle and the driver and passengers can be effectively avoided or reduced.
  • the first IDS event information includes the event type, event description, risk level, event source, attacked component of the first IDS event one or more of the.
  • the running state of the entire vehicle includes an intelligent driving level and a driving scenario.
  • the driving scene is composed of one or more of driving speed, terrain, road surface conditions, driving environment, traffic conditions, and driving time periods.
  • Item parameter definition is used to define the driving scene.
  • the driving scenario of the vehicle includes highway cruise HWP, adaptive cruise control ACC, automatic valet parking AVP, automatic traffic jam At least one of driving TJP, manual high-speed driving, manual low-speed driving, and stationary.
  • the first response strategy is associated with at least one IDS event information and at least one vehicle operating state, and the first IDS event belongs to the at least one IDS event.
  • the first complete vehicle operating state belongs to one of the at least one complete vehicle operating state.
  • the first response strategy includes a processing strategy, or the first response strategy includes a processing strategy and a processing opportunity.
  • the first response strategy includes both the processing strategy and the corresponding processing timing.
  • the response strategy can be executed in time, which improves the overall safety of the vehicle and the driver and passengers.
  • the processing strategy includes: executing the lowest risk strategy, prompting an exception, recommending the driver to pull over, prompting the automatic driving function to exit, reporting to safety One or more of the operation module alarm, vehicle power off, and blocking of illegal requests;
  • the processing timing includes one or more of: immediate execution, execution after pulling over, and execution the next time the function is turned on.
  • the method or system for improving vehicle safety further includes: an analysis module according to the first IDS event information and the first vehicle operation The state determines a first failure mode, the first response strategy is associated with at least one failure mode, and the first failure mode belongs to one of the at least one failure modes.
  • the influence factors of network security and functional safety are integrated in the process of determining the failure mode. Therefore, executing the associated response strategy can enable the vehicle to simultaneously resist network attacks and protect the safety of drivers and passengers. Purpose.
  • the aforementioned on-board components include: in-vehicle information box T-Box (Telematics Box), in-vehicle infotainment system IVI (In-Vehicle Infotainment), body control module BCM (Body Control Module), vehicle control unit VCU (Vehicle Control Unit), transmission control unit TCU (Transmission Control Unit), motor controller MCU (Motor Control Unit) cockpit domain controller CDC ( One or more of Cockpit Domain Controller), Mobile Data Center (MDC), and Vehicle Integrated Unit (VIU).
  • T-Box Telematics Box
  • IVI In-Vehicle Infotainment
  • body control module BCM Body Control Module
  • vehicle control unit VCU Vehicle Control Unit
  • transmission control unit TCU Transmission Control Unit
  • motor controller MCU Motor Control Unit
  • cockpit domain controller CDC One or more of Cockpit Domain Controller
  • MDC Mobile Data Center
  • VU Vehicle Integrated Unit
  • the method or system for improving vehicle safety further includes: interacting with a safety operation module, the safety operation module receiving the first IDS event information, and send a second response policy to the response module according to the first IDS event information.
  • the second response policy is a processing rule for responding to the first IDS event information on the network device side.
  • the second response strategy includes:
  • embodiments of the present application provide a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the method in the foregoing first aspect or possible implementation manner.
  • embodiments of the present application provide an electronic device, including a processor, the processor is coupled to a memory, a computer program is stored in the memory, and the processor is configured to execute the computer program stored in the memory, so as to realize the aforementioned first A method in an aspect or possible implementation.
  • embodiments of the present application provide a vehicle including the system for improving vehicle safety in the aforementioned second aspect or possible implementation manner.
  • the impact factors of network security and functional safety are considered to determine a response strategy, and the response strategy can be executed on the vehicle side in time, so as to better protect network security while protecting Safety of the driver and passengers.
  • Fig. 1 is an intrusion detection system of an intelligent networked vehicle
  • FIG. 2 is a schematic flowchart of a method for improving vehicle safety
  • FIG. 3 is a schematic structural diagram of a system for improving vehicle safety
  • Figure 1 is an intrusion detection system for intelligent networked vehicles.
  • the system includes a vehicle-side intrusion detection system IDS and a cloud operation analysis center.
  • the vehicle-side IDS can be deployed in on-board components, such as IVI, T-Box or TCU and other on-board components.
  • the intrusion detection system at the vehicle end includes modules such as acquisition, IDS detection and IDS management.
  • the acquisition module is used to acquire the status of the vehicle components and the system data of the vehicle.
  • the system data of the vehicle can come from the controller area network CAN (Controller Area Network), the message of the vehicle Ethernet (Ethernet) or the electronic control unit ECU (Electronic Control Unit).
  • the IDS detection module acquires the detection rule set corresponding to the state according to the state of the aforementioned vehicle components, and compares the characteristic information of the data acquired by the acquisition module with the valid state predefined by the detection rule.
  • the valid state may be the signature and the value range of the characteristic parameter.
  • the IDS detection module can also perform AI model-based recognition on the data obtained by the aforementioned acquisition module.
  • the IDS management module creates an IDS event, and sends the IDS event information of the IDS event to the cloud operation analysis center.
  • the cloud operation analysis center receives and analyzes the IDS event information, and sends a response strategy to the vehicle components according to the analysis results.
  • the response strategy may be: repairing system vulnerabilities through over-the-air OTA (Over The Air) technology upgrades.
  • the intrusion detection system detects and records the network intrusion event, and needs to send the information of the intrusion event to the cloud, and then the cloud operation analysis center analyzes and issues a response strategy.
  • this method cannot respond to network intrusion attacks in a timely manner, and the response strategy does not take into account the integration of vehicle network security and functional security, making it difficult to ensure the safety of drivers and passengers.
  • FIG. 2 is a schematic flowchart of a method for improving vehicle safety provided by an embodiment of the present application. The corresponding process is described below with reference to specific vehicle components.
  • Step 210 Acquire the first IDS event information and the first vehicle running state.
  • the first IDS event information is associated with the first IDS event, and the first IDS event information is used to indicate one or more of the event type, event description, risk level, event source, and attacked component of the first IDS event .
  • the event source and the attacked component can be the same on-board component or different on-board components.
  • the event source component is the MDC
  • the attacked component is the gateway.
  • the event source and/or the attacked component may be one vehicle-mounted component or multiple vehicle-mounted components, which are not limited in this application.
  • the first IDS event information is one of at least one IDS event information.
  • Each IDS event message is associated with an IDS event.
  • Table 1 lists some examples of IDS event information.
  • event types include:
  • Vehicle control attacks Attacks by exploiting vulnerabilities in software or the overall architecture of the vehicle to gain control of the vehicle or interfere with the normal operation of the user; for example, sending forged steering commands to the chassis CAN bus belongs to vehicle control attacks.
  • Non-vehicle control attacks stealing or tampering with user data, and conducting reconnaissance activities such as scanning ports and network sniffing, such network attacks do not affect vehicle control; Scanning, etc. are non-vehicle-controlled attacks.
  • (III) Illegal use of advanced functions The attacker achieves the purpose of illegally using specific functions by destroying or validating the validity period detection mechanism. As an example, features that require payment, such as real-time traffic, karaoke, theater mode, music services, satellite maps, etc., are classified as premium features. The attacker obtains the security method adopted by the advanced function, for example, obtains the access control of the advanced function, and illegally uses the advanced function by bypassing the adopted security function. It can be understood that the scope of the advanced functions may also be divided according to other indicators, which are not specifically limited in the embodiments of the present application.
  • the risk level can also be referred to as the network security risk level.
  • the types of IDS incidents and the corresponding network security risk levels can be assessed using the commonly used dimensions of threat analysis and risk assessment TARA (Threat Analysis and Risk Assessment), such as functional safety (Safety), assets (Financial), availability (Operational), One or more of the four dimensions of Privacy.
  • TARA Threat Analysis and Risk Assessment
  • the risk level of car control attacks is high.
  • the risk level of data decryption failure in the HD map encrypted channel is high, and the risk level of external network port scanning is low.
  • the risk level of illegal use of advanced features can be low. It can be understood that the risk level may also be assessed by other methods, which are not specifically limited in the embodiments of the present application.
  • one IDS event information may also be associated with multiple IDS events.
  • remote control IDS events include a series of IDS events, such as root privilege escalation (ordinary users exploit vulnerabilities in the system to escalate their privileges to root privileges), rebound shell (the control terminal listens on a TCP/UDP port and is The control terminal initiates a request to this port, and transfers the input and output of its command line to the control terminal), modifying sensitive files and sending illegal vehicle control commands, etc.
  • the remote control IDS event information can be associated with multiple IDS events such as root privilege escalation, reverse shell, sensitive file modification, and illegal vehicle control command sending.
  • the first vehicle operating state may also be referred to as the first vehicle operating state, including at least one of an automatic driving level and a driving scenario.
  • the automatic driving level can refer to the automotive intelligence classification standard formulated by the International Society of Automotive Engineers (SAE).
  • SAE International Society of Automotive Engineers
  • the L0 level is manual driving
  • L1 is assisted driving
  • L2 is partial automatic Conditional autonomous driving
  • L4 highly autonomous driving
  • L5 fully autonomous driving.
  • the above classification methods for automatic driving levels are only for the purpose of examples, and the embodiments of the present application do not limit the classification standards and levels of automatic driving.
  • the driving scenario may include one or more parameter definitions of driving speed, terrain, road surface conditions, driving environment, traffic conditions, and driving time periods.
  • the driving scene division may include highway cruise HWP (Highway Pilot), adaptive cruise control ACC (Adaptive Cruise Control), automatic valet parking AVP (Autonomous Valet Parking), traffic jam automatic driving TJP (Traffic Jam Pilot), at least one of manual high-speed driving, manual low-speed driving, and stationary.
  • the operational design domain ODD (Operational Design Domain) of this driving scenario includes: the driver must hold a driver's license and pay attention to the road conditions at all times; only drive on roads with two-way lanes being physically separated; the maximum speed is 120km/h /h, there can be a vehicle ahead or no vehicle ahead, lane change is allowed, construction site is allowed; it can be driven in the environment of day or night, moderate rain or moderate snow.
  • ODD Operaational Design Domain
  • the first vehicle running state may include at least one of a vehicle running state and a vehicle business state.
  • the vehicle driving status may include at least one of driving speed, acceleration parameters, braking parameters, and steering parameters
  • the vehicle business status may include one of intelligent driving level, high-precision map download status, driving road information, and driver status information. or more. It can be understood that the manner of representing the running state of the complete vehicle is not limited in the embodiments of the present application.
  • Step S220 Determine a first response strategy according to the first IDS event information and the first vehicle operating state.
  • the first response strategy belongs to one of at least one response strategy, wherein each response strategy may include a processing strategy.
  • the processing strategy may include one or more of: implementing the lowest risk strategy, prompting an exception, recommending the driver to pull over, prompting the automatic driving function to exit, alerting the safety operation module, powering off the entire vehicle, and blocking illegal requests.
  • implementing the lowest risk strategy includes the driver taking over the driving of the vehicle.
  • at least one of the contents included in the corresponding processing strategy is different.
  • each response strategy includes a processing strategy and a processing opportunity.
  • the processing strategy is as described above, and the processing timing includes one or more of immediate execution, execution after pulling over, and execution when the function is turned on next time.
  • the first response strategy is determined according to the first IDS event information and the first vehicle operating state.
  • the first response strategy may be one of at least one response strategy in the following table.
  • Table 2 shows an example of determining different response strategies according to different IDS event information and different vehicle operating states.
  • the event type is a vehicle control attack
  • the event source is VCU
  • the risk level of the IDS event is determined to be high.
  • the processing strategies are determined as: 1. Execute the lowest risk strategy; 2. If the driver has taken over, it will prompt abnormality and suggest the driver to pull over to stop; 3. Alert the security operation module.
  • the processing timings corresponding to processing strategies 1 and 2 are executed immediately, and the timing corresponding to processing strategy 3 is executed after pulling over.
  • the processing strategy is determined as: 1. Alert the user to alert the user that the device is abnormal; 2. , alert the security operation module.
  • the processing timing corresponding to processing strategies 1 and 2 is immediate execution.
  • the embodiment of the present application further includes determining a failure mode.
  • the failure refers to a state in which the vehicle-mounted component loses a prescribed function.
  • the failure mode refers to the entire failure process from the factors leading to failure, the mechanism of failure, the development process of failure to the arrival of the critical state of failure, and is the manifestation of failure.
  • the first failure mode is determined according to the first IDS event information and the first vehicle operating state.
  • determining the first response strategy according to the first IDS event information and the first vehicle operation state includes: determining the first failure mode according to the first IDS event information and the first vehicle operation state, and then according to the first failure mode, Identify first failure management measures. It can be understood that, in each embodiment of the present application, the first failure management measure corresponds to or has the same meaning as the first response strategy.
  • Table 3 below takes the IDS event information 1 as an example, and provides an example of determining different failure modes according to the IDS event information and different vehicle operating states, and further determining the response strategy according to the determined failure modes.
  • the first failure mode may be one of the at least one failure mode in Table 3 below.
  • the event type is a vehicle control attack
  • the event source is VCU
  • the risk level of the IDS event is determined to be high.
  • the determined failure mode is that the HWP function is attacked by the vehicle control type and cannot be controlled. Control the vehicle normally.
  • the processing strategies determined according to the failure mode are: 1. Execute the lowest risk strategy; 2. If the driver has taken over, prompt an exception and suggest the driver to pull over to stop; 3. Alert the safety operation module.
  • the processing timings corresponding to processing strategies 1 and 2 are executed immediately, and the timing corresponding to processing strategy 3 is executed after pulling over.
  • Step S230 Send the first response strategy to the first vehicle-mounted component.
  • the first in-vehicle component may be one in-vehicle component, or may be a plurality of in-vehicle components.
  • the first vehicle component may be the same vehicle component as the event source or the attacked object, or a different vehicle component, or the same one or more vehicle components as the event source or attacked object.
  • the on-board components may include: one or more of the VCU, T-Box, IVI, TCU, MCU, and BCM under the Electronic/Electronic Architecture (EEA), or a communication computing architecture (CCA).
  • EAA Electronic/Electronic Architecture
  • CCA communication computing architecture
  • One or more of the vehicle components MDC, CDC, and VIU under the Computation Communication Architecture may include: one or more of the VCU, T-Box, IVI, TCU, MCU, and BCM under the Electronic/Electronic Architecture (EEA), or a communication computing architecture (CCA).
  • ESA Electronic/Electronic Architecture
  • CCA communication computing architecture
  • MDC Vehicle components
  • CDC CDC
  • VIU Computation Communication Architecture
  • a message of executing the minimum risk status is sent to the vehicle controller VCU, and a warning message is sent to the cockpit domain controller CDC (Cockpit Domain Controller), prompting the user to exit the automatic driving function.
  • CDC Chippit Domain Controller
  • the method further includes sending the first IDS event information to the network device.
  • the network device may be a cloud server.
  • the first IDS event information may include a first IDS event index, or an event type, event description, risk level, event source, and attacked component of the first IDS event.
  • the method further includes receiving a second response policy sent by the network device.
  • the second response strategy includes: updating at least one item of firmware or software of the in-vehicle component; and/or updating at least one item in the IDS event detection rule set; and/or updating at least one item in the response policy set Update at least one item.
  • the method also includes sending the second response strategy to the second vehicle-mounted component.
  • the second vehicle-mounted component and the first vehicle-mounted component may be the same vehicle-mounted component, or may be different vehicle-mounted components.
  • the first response strategy for implementing the minimum risk strategy is sent to the first on-board component MDC
  • the second response strategy for software upgrade of the on-board component is sent to the second on-board component T-Box.
  • sending or receiving a response policy in each embodiment of the present application refers to sending or receiving response policy information, where the response policy is indicated in the information.
  • FIG. 3 is a system for improving vehicle safety performance provided by an embodiment of the present application.
  • the system includes a collection module 310 , an analysis module 320 and a response module 330 for executing the method for improving vehicle safety shown in FIG. 2 .
  • the acquisition module 310 is used for acquiring the first IDS event information and the first vehicle running state.
  • the acquisition module 310 includes one or more sensors, and/or the system includes one or more sensors, and/or the first vehicle-mounted component includes one or more sensors.
  • the arrangement of the sensors may be performed according to the deployment of the vehicle architecture and the design requirements of the modules, which are not specifically limited in the embodiments of the present application.
  • the in-vehicle components may be in-vehicle information box T-Box, in-vehicle infotainment system IVI, transmission control unit TCU, motor controller MCU, vehicle control unit VCU, body control module BCM, cockpit domain controller CDC, mobile One or more of the data center MDC and the vehicle integration unit VIU.
  • one or more sensors are arranged in the VCU of the vehicle to collect the driving state data of the vehicle, such as vehicle speed data, acceleration data, and steering data.
  • sensors are arranged in the MCU of the electric vehicle to collect motor speed data.
  • the analysis module 320 is configured to: determine a first response strategy according to the first IDS event information and the first vehicle operating state.
  • the analysis module 320 is configured to determine a first failure mode according to the first IDS event information and the first vehicle operating state, the first response strategy is associated with at least one failure mode, and the first failure mode belongs to the at least one failure mode. one of.
  • the deployment mode of the analysis module 320 may be selected according to the requirements of the vehicle system architecture, the analysis module 320 may be integrated in the vehicle-mounted component, or the analysis module 320 may be an independent vehicle-mounted component.
  • the response module 330 is used for: sending the information of the first response strategy to the vehicle-mounted component.
  • the system further includes an execution module 340, and the execution module 340 is configured to receive the information of the response strategy and execute the response strategy.
  • the execution module 340 is arranged at the vehicle end.
  • the system further includes a sending module 350 for sending the first IDS event information to the security operation module 360.
  • a sending module 350 for sending the first IDS event information to the security operation module 360.
  • response module 330 is further configured to receive the second response policy from the security operation module 360 .
  • the system further includes a sending module 350 and a security operation module 360, the sending module 350 sends the first IDS event information to the security operation module 360, and the security operation module 360 receives and analyzes the first IDS event information,
  • the second response policy is sent to the response module 330 according to the result of the analysis.
  • the second response strategy is a processing rule for the system for improving vehicle safety to respond to the IDS event information and the running state of the entire vehicle.
  • the response module 330 receives the second response policy.
  • response module 330 sends the second response policy to the execution module 340 .
  • the second response strategy may include: updating at least one of firmware or software of the vehicle-mounted component.
  • the second response strategy includes upgrading the firmware and software involving the security vulnerability through OTA.
  • the second response strategy further includes: updating at least one item of the IDS event detection rule set or the response strategy set.
  • the management module of the external interface of the IDS is delivered to the IDS to configure the response policy, and then the response policy is delivered to the corresponding vehicle components.
  • a computer-readable storage medium provided by an embodiment of the present application stores a computer program thereon, and when the computer program is executed by a processor, implements the method provided by the embodiment shown in FIG. 2 of the present application.
  • One or more processors configured to execute the computer program stored in the memory to implement the method provided by the embodiment shown in FIG. 2 of the present application.
  • the memory is coupled to the processor.
  • the electronic device may further include the above-mentioned memory, where the computer program is stored.
  • An embodiment of the present application provides a vehicle, and the vehicle includes the system provided by the embodiment shown in FIG. 3 of the present application.
  • words such as “first” and “second” are used to identify the same or similar items that have basically the same function and effect.
  • the distinction, for example, the first response strategy and the second response strategy is only for differentiating different response strategies, and unless otherwise explicitly specified and limited, the order of the response strategies is not limited, nor should it be interpreted as an indication or suggestion.
  • words such as “first” and “second” do not limit the quantity and execution order.
  • “Automobile”, “vehicle” and “vehicle” or other similar terms in the embodiments of this application include general motor vehicles, including, for example, sedans, SUVs, MPVs, buses, trucks and other cargo or passenger vehicles, Watercraft including various boats and boats, and aircraft, including hybrid vehicles, electric vehicles, fuel vehicles, plug-in hybrid vehicles, fuel cell vehicles and other alternative fuel vehicles.
  • a hybrid vehicle refers to a vehicle having two or more power sources, and an electric vehicle includes a pure electric vehicle, an extended-range electric vehicle, etc., which is not specifically limited in this application.
  • Computer-readable media may include computer-readable storage media, which correspond to tangible media, such as data storage media, or communication media including any medium that facilitates transfer of a computer program from one place to another (eg, according to a communication protocol) .
  • a computer-readable medium may generally correspond to (1) a non-transitory tangible computer-readable storage medium, or (2) a communication medium such as a signal or carrier wave.
  • Data storage media can be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementing the techniques described in this application.
  • the computer program product may comprise a computer-readable medium.
  • such computer-readable storage media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage devices, magnetic disk storage devices or other magnetic storage devices, flash memory, or may be used to store instructions or data structures desired program code in the form of any other medium that can be accessed by a computer.
  • any connection is properly termed a computer-readable medium.
  • a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave are used to transmit instructions from a website, server, or other remote source
  • the coaxial cable Wire, fiber optic cable, twisted pair, DSL or wireless technologies such as infrared, radio and microwave are included in the definition of medium.
  • computer-readable storage media and data storage media do not include connections, carrier waves, signals, or other transitory media, but are instead directed to non-transitory, tangible storage media.
  • magnetic disks and optical disks include compact disks (CDs), laser disks, optical disks, digital versatile disks (DVDs), and Blu-ray disks, where disks typically reproduce data magnetically, while disks reproduce optically with lasers data. Combinations of the above should also be included within the scope of computer-readable media.
  • DSPs digital signal processors
  • ASICs application specific integrated circuits
  • FPGAs field programmable logic arrays
  • the techniques of this application may be implemented in a wide variety of devices or apparatuses, including in-vehicle equipment, an integrated circuit (IC), or a set of ICs (eg, a chip set).
  • IC integrated circuit
  • a set of ICs eg, a chip set.
  • Various components, modules are described in this application to emphasize functional aspects of means for performing the disclosed techniques, but do not necessarily require realization by different hardware. Indeed, as described above, the various modules may be combined in hardware in conjunction with suitable software and/or firmware, or provided by interoperating hardware including one or more processors as described above.

Abstract

A method and system for improving vehicle security, comprising: obtaining first IDS event information and a first vehicle running state; determining a first response strategy according to the first IDS event information and the first vehicle running state; and sending the first response strategy to a vehicle-mounted component. The network security and the functional security are jointly considered, so that in the case of a network attack, a response strategy can be taken in time, and the personal safety of drivers and passengers in vehicles can be guaranteed while the network security of the vehicles is protected.

Description

提高车辆安全性的方法和系统Method and system for improving vehicle safety 技术领域technical field
本申请涉及汽车领域,尤其涉及一种提高车辆安全的方法和系统。The present application relates to the field of automobiles, and in particular, to a method and system for improving vehicle safety.
背景技术Background technique
汽车工业经过数十年的演进,在传统的电子和机械技术方面已经趋于成熟。近些年,相关技术的创新主要围绕汽车电动化、智能化、网联化和共享化的需求展开。在此过程中,信息技术和互联网与汽车产业不断融合,实现了车内、车与人、车与车、车与路等全方位的网络连接,越来越多的车辆具备了网络接入功能。After decades of evolution, the automotive industry has matured in traditional electronic and mechanical technologies. In recent years, the innovation of related technologies has mainly revolved around the needs of vehicle electrification, intelligence, networking and sharing. In this process, information technology and the Internet have been continuously integrated with the automobile industry, realizing a full range of network connections in vehicles, between vehicles, between vehicles, and between vehicles and roads. More and more vehicles are equipped with network access functions. .
2015年7月23日,美国人Chris Valasek和Charlie Miller利用菲亚特克莱斯勒(Fiat Chrysler)公司吉普切诺基(Jeep Cherokee)2014款车型搭载的Uconnect车载娱乐系统上存在的安全漏洞,通过无线基站非物理接触的远程攻击对车辆进行远程控制,重新刷入了带有病毒的固件,并向CAN总线发送仪表盘控制、转向、制动和变速指令控制汽车。这是针对汽车进行远程攻击的标志性安全事件,由此导致克莱斯勒公司在全球范围内对相关车型超过140万辆汽车进行了召回。近几年,关于车辆被远程网络攻击的报导越来越频繁。由于针对汽车的网络攻击可能影响汽车的功能安全,进而威胁到司乘人员的生命安全,因此,汽车网络安全问题越来越受到汽车生产厂商、用户、监管机构的关注,也成为了汽车在智能化和网联化演进过程中亟待解决的问题。On July 23, 2015, Americans Chris Valasek and Charlie Miller used a security vulnerability in the Uconnect in-vehicle entertainment system of Fiat Chrysler (Fiat Chrysler) 2014 Jeep Cherokee models, through a wireless base station without physical contact. The remote attack takes remote control of the vehicle, re-flashes the virus-laden firmware, and sends instrument cluster control, steering, braking and shifting commands to the CAN bus to control the car. It was the signature security incident of a long-range attack on cars, which led to a worldwide recall of more than 1.4 million vehicles by Chrysler. In recent years, reports of remote cyber-attacks on vehicles have become more frequent. Since cyberattacks against cars may affect the functional safety of cars, and thus threaten the lives of drivers and passengers, car cybersecurity issues have attracted more and more attention from car manufacturers, users, and regulators. Problems that need to be solved urgently in the process of evolution and networking.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供一种提高车辆安全性的方法和系统,在车辆发生网络攻击的情况下,能够及时执行响应策略,保证车辆和乘员的安全。The embodiments of the present application provide a method and system for improving vehicle safety, which can implement a response strategy in a timely manner in the event of a network attack on the vehicle, so as to ensure the safety of the vehicle and occupants.
第一方面,本申请实施例提供一种提高车辆安全性的方法,包括:In a first aspect, an embodiment of the present application provides a method for improving vehicle safety, including:
获取第一IDS(Intrusion Detection System,入侵检测系统)事件信息和第一整车运行状态;Obtain the event information of the first IDS (Intrusion Detection System) and the running status of the first vehicle;
根据第一IDS事件信息和第一整车运行状态确定第一响应策略;Determine the first response strategy according to the first IDS event information and the first vehicle operating state;
向第一车载部件发送第一响应策略。A first response policy is sent to the first onboard component.
在本申请的实施例中,IDS事件是指满足入侵检测系统的触发条件时,该入侵检测系统生成的安全警告信息,入侵检测系统的触发条件为IDS事件检测规则,该IDS事件检测规则的集合为IDS事件检测规则集。响应策略是指对上述IDS事件信息和整车运行状态进行响应的处理规则,响应策略的集合就是响应策略集,上述第一响应策略属于该响应策略集。In the embodiment of the present application, an IDS event refers to the security warning information generated by the intrusion detection system when the triggering condition of the intrusion detection system is satisfied, and the triggering condition of the intrusion detection system is an IDS event detection rule, a set of IDS event detection rules Set of detection rules for IDS events. The response strategy refers to a processing rule for responding to the above-mentioned IDS event information and vehicle running state, the set of response strategies is a response strategy set, and the above-mentioned first response strategy belongs to the response strategy set.
根据本申请实施例的技术方案,在IDS事件的处理流程中加入了对整车运行状态相关的信息进行获取和分析的步骤。在发生IDS事件的情况下,融合考虑网络安全和功能安全的影响因素,能够及时在车辆端确定并执行响应策略,可以及时有效地保障车辆和司乘人员的安全。According to the technical solutions of the embodiments of the present application, the steps of acquiring and analyzing the information related to the running state of the complete vehicle are added to the processing flow of the IDS event. In the event of an IDS incident, the impact factors of network security and functional safety can be considered together, and the response strategy can be determined and executed on the vehicle side in time, which can effectively ensure the safety of the vehicle and its passengers.
第二方面,本申请实施例提供一种用于提高车辆安全性的系统,该系统包括:采集模块、分析模块和响应模块;In a second aspect, an embodiment of the present application provides a system for improving vehicle safety, the system comprising: a collection module, an analysis module, and a response module;
采集模块,用于获取第一IDS事件信息和第一整车运行状态;an acquisition module for acquiring the first IDS event information and the first vehicle running state;
分析模块,用于根据第一IDS事件信息和第一整车运行状态确定第一响应策略;an analysis module, configured to determine a first response strategy according to the first IDS event information and the first vehicle operating state;
响应模块,用于:向第一车载部件发送第一响应策略。The response module is used for: sending the first response strategy to the first vehicle-mounted component.
结合第二方面,在一种可能的实现方式中,该系统包含一个或者多个传感器,和/或采集模块包含一个或多个传感器,和/或,第一车载部件包含一个或多个传感器。With reference to the second aspect, in a possible implementation manner, the system includes one or more sensors, and/or the acquisition module includes one or more sensors, and/or the first vehicle-mounted component includes one or more sensors.
结合第二方面,在一种可能的实现方式中,分析模块集成在车载部件中,或者分析模块为独立的车载部件。With reference to the second aspect, in a possible implementation manner, the analysis module is integrated in the vehicle-mounted component, or the analysis module is an independent vehicle-mounted component.
结合第二方面,在一种可能的实现方式中,该系统还包括执行模块,该执行模块用于接收第一响应策略或第二响应策略中的至少一项,和/或执行第一响应策略或第二响应策略中的至少一项。With reference to the second aspect, in a possible implementation manner, the system further includes an execution module, where the execution module is configured to receive at least one of the first response strategy or the second response strategy, and/or execute the first response strategy or at least one of the second response strategies.
根据上述实施方式的技术方案,车辆端可以及时执行响应策略,从而可以有效地避免或者减轻对车辆和司乘人员造成的伤害。According to the technical solutions of the above-mentioned embodiments, the vehicle end can execute the response strategy in time, so that the damage to the vehicle and the driver and passengers can be effectively avoided or reduced.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,第一IDS事件信息包括第一IDS事件的事件类型、事件描述、风险级别、事件来源、受攻击部件中的一项或者多项。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the first IDS event information includes the event type, event description, risk level, event source, attacked component of the first IDS event one or more of the.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,整车运行状态包括智能驾驶等级和驾驶场景。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the running state of the entire vehicle includes an intelligent driving level and a driving scenario.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,驾驶场景由包含行驶速度、地形、路面情况、行驶环境、交通状况、行驶时段中的一项或多项参数定义。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the driving scene is composed of one or more of driving speed, terrain, road surface conditions, driving environment, traffic conditions, and driving time periods. Item parameter definition.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,车辆的驾驶场景包括高速公路巡航HWP、自适应巡航控制ACC、自动代客泊车AVP、交通拥堵自动驾驶TJP、人工高速驾驶、人工低速驾驶、静止中的至少一种。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the driving scenario of the vehicle includes highway cruise HWP, adaptive cruise control ACC, automatic valet parking AVP, automatic traffic jam At least one of driving TJP, manual high-speed driving, manual low-speed driving, and stationary.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,第一响应策略与至少一个IDS事件信息以及至少一个整车运行状态关联,第一IDS事件属于该至少一个IDS事件中的一个,第一整车运行状态属于该至少一个整车运行状态中的一个。In combination with any of the above aspects or possible implementations, in a possible implementation, the first response strategy is associated with at least one IDS event information and at least one vehicle operating state, and the first IDS event belongs to the at least one IDS event. In one of an IDS event, the first complete vehicle operating state belongs to one of the at least one complete vehicle operating state.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,第一响应策略包括处理策略,或者第一响应策略包括处理策略和处理时机。With reference to any of the above aspects or possible implementation manners, in a possible implementation manner, the first response strategy includes a processing strategy, or the first response strategy includes a processing strategy and a processing opportunity.
在该可能的实施方式中,第一响应策略同时包括处理策略和相对应的处理时机两个维度的考虑因素,在发生影响车辆功能安全的网络攻击、可能影响到车内司乘人员人身安全的情况下,使响应策略能够及时被执行,提高了对车辆和司乘人员整体安全性的保障。In this possible implementation, the first response strategy includes both the processing strategy and the corresponding processing timing. In case of emergency, the response strategy can be executed in time, which improves the overall safety of the vehicle and the driver and passengers.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,处理策略包括:执行最低风险策略、提示异常、建议驾驶员靠边停车、提示自动驾驶功能退出、向安全运营模块告警、整车下电、阻断非法请求中的一项或多项;处理时机包括:立即执行,靠边停车后执行、下次功能开启时执行中的一个或多个。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the processing strategy includes: executing the lowest risk strategy, prompting an exception, recommending the driver to pull over, prompting the automatic driving function to exit, reporting to safety One or more of the operation module alarm, vehicle power off, and blocking of illegal requests; the processing timing includes one or more of: immediate execution, execution after pulling over, and execution the next time the function is turned on.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,该提高车辆安全性的方法或系统还包括:分析模块根据第一IDS事件信息和第一整车运行状态确定第一失效模式,第一响应策略与至少一个失效模式关联,第一失效模式属于该至少一个失效模式中的一个。In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the method or system for improving vehicle safety further includes: an analysis module according to the first IDS event information and the first vehicle operation The state determines a first failure mode, the first response strategy is associated with at least one failure mode, and the first failure mode belongs to one of the at least one failure modes.
在该可能的实施方式中,失效模式的确定过程中同时融合了网络安全和功能安全的 影响因素,因此,执行与之关联的响应策略能够使车辆实现同时抵御网络攻击和保护司乘人员安全的目的。In this possible implementation, the influence factors of network security and functional safety are integrated in the process of determining the failure mode. Therefore, executing the associated response strategy can enable the vehicle to simultaneously resist network attacks and protect the safety of drivers and passengers. Purpose.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实现方式中,前述的车载部件包括:车载信息盒T-Box(Telematics Box)、车载信息娱乐系统IVI(In-Vehicle Infotainment)、车身控制模块BCM(Body Control Module)、整车控制单元VCU(Vehicle Control Unit)、变速箱控制单元TCU(Transmission Control Unit)、电机控制器MCU(Motor Control Unit)座舱域控制器CDC(Cockpit Domain Controller)、移动数据中心MDC(Mobile Data Center)、整车集成单元VIU(Vehicle Integrated Unit)中的一种或者多种。In combination with any of the above aspects or possible implementations, in a possible implementation, the aforementioned on-board components include: in-vehicle information box T-Box (Telematics Box), in-vehicle infotainment system IVI (In-Vehicle Infotainment), body control module BCM (Body Control Module), vehicle control unit VCU (Vehicle Control Unit), transmission control unit TCU (Transmission Control Unit), motor controller MCU (Motor Control Unit) cockpit domain controller CDC ( One or more of Cockpit Domain Controller), Mobile Data Center (MDC), and Vehicle Integrated Unit (VIU).
结合上述各方面或可能的实现方式中的任一种,在一种可能的实现方式中,该提高车辆安全性的方法或系统还包括:与安全运营模块进行交互,该安全运营模块接收第一IDS事件信息,并根据第一IDS事件信息向响应模块发送第二响应策略。In combination with any of the above aspects or possible implementations, in a possible implementation, the method or system for improving vehicle safety further includes: interacting with a safety operation module, the safety operation module receiving the first IDS event information, and send a second response policy to the response module according to the first IDS event information.
在该可能的实施方式中,第二响应策略是在网络设备端针对第一IDS事件信息进行响应的处理规则。In this possible implementation manner, the second response policy is a processing rule for responding to the first IDS event information on the network device side.
结合上述各方面或可能的实现方式中的任一种,在一种可能的实施方式中,第二响应策略包括:In combination with any of the above aspects or possible implementation manners, in a possible implementation manner, the second response strategy includes:
对车载部件的固件或软件中的至少一项进行更新;Update at least one of the firmware or software of the vehicle components;
和/或对IDS事件检测规则集中的至少一项进行更新;and/or update at least one item in the IDS event detection rule set;
和/或对响应策略集中的至少一项进行更新。and/or update at least one item in the response policy set.
第三方面,本申请的实施例提供一种计算机可读存储介质,其上存有计算机程序,该计算机程序被处理器执行时实现前述第一方面或可能的实现方式中的方法。In a third aspect, embodiments of the present application provide a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the method in the foregoing first aspect or possible implementation manner.
第四方面,本申请的实施例提供一种电子设备,包括处理器,处理器与存储器耦合,该存储器上存储有计算机程序,该处理器用于执行存储器上存储的计算机程序,以实现前述第一方面或可能的实现方式中的方法。In a fourth aspect, embodiments of the present application provide an electronic device, including a processor, the processor is coupled to a memory, a computer program is stored in the memory, and the processor is configured to execute the computer program stored in the memory, so as to realize the aforementioned first A method in an aspect or possible implementation.
第五方面,本申请的实施例提供一种车辆,该车辆包含前述第二方面或可能的实现方式中的用于提高车辆安全性的系统。In a fifth aspect, embodiments of the present application provide a vehicle including the system for improving vehicle safety in the aforementioned second aspect or possible implementation manner.
本申请的技术方案,在发生网络入侵事件的情况下,融合考虑网络安全和功能安全的影响因素确定响应策略,并能够及时在车辆端执行响应策略,从而在保护网络安全的同时更好地保护司乘人员的安全。In the technical solution of the present application, in the case of a network intrusion event, the impact factors of network security and functional safety are considered to determine a response strategy, and the response strategy can be executed on the vehicle side in time, so as to better protect network security while protecting Safety of the driver and passengers.
附图说明Description of drawings
图1为一种智能网联车的入侵检测系统;Fig. 1 is an intrusion detection system of an intelligent networked vehicle;
图2为一种提高车辆安全性的方法流程示意图;2 is a schematic flowchart of a method for improving vehicle safety;
图3为一种提高车辆安全性的系统示意性结构图;3 is a schematic structural diagram of a system for improving vehicle safety;
具体实施方式detailed description
以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施方式仅用以解释本申请,而非用于限定本申请。The present application will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.
图1是一种智能网联车的入侵检测系统,该系统包括车端的入侵检测系统IDS和云端运营分析中心,车端IDS可以部署在车载部件中,例如IVI、T-Box或者TCU等车载部件。车端的入侵检测系统包括采集、IDS检测和IDS管理等模块。Figure 1 is an intrusion detection system for intelligent networked vehicles. The system includes a vehicle-side intrusion detection system IDS and a cloud operation analysis center. The vehicle-side IDS can be deployed in on-board components, such as IVI, T-Box or TCU and other on-board components. . The intrusion detection system at the vehicle end includes modules such as acquisition, IDS detection and IDS management.
采集模块用于获取车载部件的状态和车辆的系统数据。例如,车辆的系统数据可以来自于控制器局域网络CAN(Controller Area Network)、车载以太网(Ethernet)的报文或者 电子控制单元ECU(Electronic Control Unit)。The acquisition module is used to acquire the status of the vehicle components and the system data of the vehicle. For example, the system data of the vehicle can come from the controller area network CAN (Controller Area Network), the message of the vehicle Ethernet (Ethernet) or the electronic control unit ECU (Electronic Control Unit).
IDS检测模块根据前述车载部件的状态获取与该状态对应的检测规则集,将采集模块获取的数据的特征信息与检测规则预定义的有效状态进行比较。作为示例,该有效状态可以为签名、特征参数的取值范围。该IDS检测模块也可以通过对前述采集模块获取的数据进行基于AI模型的识别。The IDS detection module acquires the detection rule set corresponding to the state according to the state of the aforementioned vehicle components, and compares the characteristic information of the data acquired by the acquisition module with the valid state predefined by the detection rule. As an example, the valid state may be the signature and the value range of the characteristic parameter. The IDS detection module can also perform AI model-based recognition on the data obtained by the aforementioned acquisition module.
在满足IDS事件触发条件,即满足IDS事件检测规则的情况下,IDS管理模块创建一个IDS事件,并向云端运营分析中心发送该IDS事件的IDS事件信息。When the IDS event trigger condition is satisfied, that is, the IDS event detection rule is satisfied, the IDS management module creates an IDS event, and sends the IDS event information of the IDS event to the cloud operation analysis center.
云端运营分析中心接收IDS事件信息并对其进行分析,根据分析结果向车载部件发送响应策略。作为示例,该响应策略可以为:通过空中下载OTA(Over The Air)技术升级修复系统漏洞。The cloud operation analysis center receives and analyzes the IDS event information, and sends a response strategy to the vehicle components according to the analysis results. As an example, the response strategy may be: repairing system vulnerabilities through over-the-air OTA (Over The Air) technology upgrades.
上述技术方案,在发生网络攻击的情况下,入侵检测系统对网络入侵事件进行检测和记录,需将入侵事件的信息发送至云端,然后经云端运营分析中心分析再下发响应策略。然而,此种方式不能及时地应对网络入侵攻击,并且,响应策略未对车辆的网络安全和功能安全进行融合考虑,难以保证司乘人员的安全。In the above technical solution, in the event of a network attack, the intrusion detection system detects and records the network intrusion event, and needs to send the information of the intrusion event to the cloud, and then the cloud operation analysis center analyzes and issues a response strategy. However, this method cannot respond to network intrusion attacks in a timely manner, and the response strategy does not take into account the integration of vehicle network security and functional security, making it difficult to ensure the safety of drivers and passengers.
图2是本申请实施例提供的一种提高车辆安全性的方法流程示意图,以下结合具体的车载部件对相应的流程进行介绍。FIG. 2 is a schematic flowchart of a method for improving vehicle safety provided by an embodiment of the present application. The corresponding process is described below with reference to specific vehicle components.
步骤210:获取第一IDS事件信息和第一整车运行状态。Step 210: Acquire the first IDS event information and the first vehicle running state.
具体的,第一IDS事件信息与第一IDS事件关联,第一IDS事件信息用于指示第一IDS事件的事件类型、事件描述、风险级别、事件来源、受攻击部件中的一项或者多项。可以理解的,事件来源和受攻击部件可以为同一车载部件,也可以为不同的车载部件。例如,在网关(Gateway)被攻击、网关发出的报文被MDC检测到的情况下,事件来源部件是MDC,受攻击部件是网关。事件来源和/或受攻击部件可以是一个车载部件,也可以是多个车载部件,本申请不作限制。Specifically, the first IDS event information is associated with the first IDS event, and the first IDS event information is used to indicate one or more of the event type, event description, risk level, event source, and attacked component of the first IDS event . It can be understood that the event source and the attacked component can be the same on-board component or different on-board components. For example, when a gateway (Gateway) is attacked and a packet sent by the gateway is detected by the MDC, the event source component is the MDC, and the attacked component is the gateway. The event source and/or the attacked component may be one vehicle-mounted component or multiple vehicle-mounted components, which are not limited in this application.
具体的,第一IDS事件信息是至少一个IDS事件信息中的一个。每个IDS事件信息与一个IDS事件关联。表1列出了IDS事件信息的部分示例。Specifically, the first IDS event information is one of at least one IDS event information. Each IDS event message is associated with an IDS event. Table 1 lists some examples of IDS event information.
表1、IDS事件信息的示例Table 1. Examples of IDS event information
Figure PCTCN2020112822-appb-000001
Figure PCTCN2020112822-appb-000001
可以理解的,上表1中的事件描述可以认为是一个IDS事件的事件描述,即可以表征一个IDS事件。It can be understood that the event description in Table 1 above can be regarded as an event description of an IDS event, that is, it can represent an IDS event.
如上表1所示,事件类型包括:As shown in Table 1 above, event types include:
(I)控车类攻击:利用软件或者车辆整体架构的漏洞进行攻击,获取车辆控制权或者干扰用户的正常操作;例如,向底盘CAN总线发送伪造转向命令等属于控车类攻击。(I) Vehicle control attacks: Attacks by exploiting vulnerabilities in software or the overall architecture of the vehicle to gain control of the vehicle or interfere with the normal operation of the user; for example, sending forged steering commands to the chassis CAN bus belongs to vehicle control attacks.
(II)非控车类攻击:窃取或篡改用户数据,进行扫描端口、网络嗅探等侦查活动,此类网络攻击不影响车辆的控制;例如,高精地图加密通道数据解密失败,外网端口扫描等属于非控车类攻击。(II) Non-vehicle control attacks: stealing or tampering with user data, and conducting reconnaissance activities such as scanning ports and network sniffing, such network attacks do not affect vehicle control; Scanning, etc. are non-vehicle-controlled attacks.
(II I)高级功能非法使用:攻击者通过破坏或者有效期检测机制,达到非法使用特定功能的目的。作为示例,将实时路况、卡拉OK、影院模式、音乐服务、卫星地图等需付费的功能划分为高级功能。攻击者获取到高级功能采用的安全方式,例如,获取到高级功能的访问控制,通过绕过采用的安全功能的方式,非法使用该高级功能。可以理解的,高级功能的范围也可以按照其它指标进行划分,本申请各实施例不作具体限定。(III) Illegal use of advanced functions: The attacker achieves the purpose of illegally using specific functions by destroying or validating the validity period detection mechanism. As an example, features that require payment, such as real-time traffic, karaoke, theater mode, music services, satellite maps, etc., are classified as premium features. The attacker obtains the security method adopted by the advanced function, for example, obtains the access control of the advanced function, and illegally uses the advanced function by bypassing the adopted security function. It can be understood that the scope of the advanced functions may also be divided according to other indicators, which are not specifically limited in the embodiments of the present application.
如上表1所示,风险级别又可称为网络安全风险级别。IDS事件的类型和对应的网络安全风险级别可以利用威胁分析与风险评估TARA(Threat Analysis and Risk Assessment)常用的维度进行评估,如通过功能安全(Safety)、资产(Financial)、可用性(Operational)、隐私(Privacy)四个维度中的一个或多个进行评定。或者,利用自定义的模型,如数据合规、合法性、车型的应用场景(商用车、乘用车)中的一种或者多种进行评定。例如,控车类攻击的风险级别为高,对于非控车类攻击,高精地图加密通道数据解密失败的风险级别为高,而外网端口扫描的风险级别为低。高级功能非法使用的风险级别可以为低。可以理解的,风险级别也可以采用其它方法评估,本申请各实施例不做具体限定。As shown in Table 1 above, the risk level can also be referred to as the network security risk level. The types of IDS incidents and the corresponding network security risk levels can be assessed using the commonly used dimensions of threat analysis and risk assessment TARA (Threat Analysis and Risk Assessment), such as functional safety (Safety), assets (Financial), availability (Operational), One or more of the four dimensions of Privacy. Alternatively, use a custom model, such as one or more of data compliance, legality, and application scenarios of the vehicle model (commercial vehicle, passenger vehicle) for evaluation. For example, the risk level of car control attacks is high. For non-vehicle control attacks, the risk level of data decryption failure in the HD map encrypted channel is high, and the risk level of external network port scanning is low. The risk level of illegal use of advanced features can be low. It can be understood that the risk level may also be assessed by other methods, which are not specifically limited in the embodiments of the present application.
可选的,一个IDS事件信息也可以与多个IDS事件关联。例如,远程控制IDS事件包括一系列的IDS事件,如Root提权(普通用户利用系统中的漏洞,将自己的权限提升为Root权限)、反弹shell(控制端监听在某TCP/UDP端口,被控端发起请求到该端口,并将其命令行的输入输出转到控制端),敏感文件修改及非法控车命令发送等。即,该远程控制IDS事件信息可以与Root提权、反弹shell、敏感文件修改和非法控车命令发送等多个IDS事件关联。Optionally, one IDS event information may also be associated with multiple IDS events. For example, remote control IDS events include a series of IDS events, such as root privilege escalation (ordinary users exploit vulnerabilities in the system to escalate their privileges to root privileges), rebound shell (the control terminal listens on a TCP/UDP port and is The control terminal initiates a request to this port, and transfers the input and output of its command line to the control terminal), modifying sensitive files and sending illegal vehicle control commands, etc. That is, the remote control IDS event information can be associated with multiple IDS events such as root privilege escalation, reverse shell, sensitive file modification, and illegal vehicle control command sending.
具体的,第一整车运行状态又可以称为第一车辆运行状态,包括自动驾驶等级和驾驶场景中的至少一项。Specifically, the first vehicle operating state may also be referred to as the first vehicle operating state, including at least one of an automatic driving level and a driving scenario.
作为以上具体实施方式的一个示例,自动驾驶等级可以参照国际汽车工程师协会(SAE)制定的汽车智能化分级标准,例如,L0等级为人工驾驶、L1为辅助驾驶、L2为部分自动驾驶、L3为有条件自动驾驶、L4高度自动驾驶、L5完全自动驾驶。以上对于自动驾驶等级的划分方式仅作为举例之目的,本申请实施例对自动驾驶的划分标准和等级不做限定。As an example of the above specific implementation, the automatic driving level can refer to the automotive intelligence classification standard formulated by the International Society of Automotive Engineers (SAE). For example, the L0 level is manual driving, L1 is assisted driving, L2 is partial automatic Conditional autonomous driving, L4 highly autonomous driving, and L5 fully autonomous driving. The above classification methods for automatic driving levels are only for the purpose of examples, and the embodiments of the present application do not limit the classification standards and levels of automatic driving.
作为以上具体实施方式的另一个示例,驾驶场景可以包含行驶速度、地形、路面情况、行驶环境、交通状况、行驶时段中的一项或多项参数定义。示例性的,对驾驶场景划分,可以包括高速公路巡航HWP(Highway Pilot)、自适应巡航控制ACC(Adaptive Cruise Control)、自动代客泊车AVP(Autonomous Valet Parking)、交通拥堵自动驾驶TJP(Traffic Jam Pilot)、人工高速驾驶、人工低速驾驶、静止中的至少一种。以高速公路巡航HWP 为例,该驾驶场景的运行设计域ODD(Operational Design Domain)包括:驾驶员须持有驾照并随时关注路面情况;仅在双向车道被物理隔离的道路上驾驶;最高时速120km/h,可有前方车辆或无前车,可以变道,允许有施工现场;可以在白天或夜晚,中雨或中雪的环境下驾驶。示例性的,对于人工高速、中速和低速驾驶场景覆盖的速度范围,可以参考行业通用的标准或者国家相关法律法规和规章制度中的规定,本申请各实施例不作具体限制。可以理解的,车辆的驾驶场景定义还可以按照其它标准进行划分,本申请各实施例也不作具体限制。As another example of the above specific embodiment, the driving scenario may include one or more parameter definitions of driving speed, terrain, road surface conditions, driving environment, traffic conditions, and driving time periods. Exemplarily, the driving scene division may include highway cruise HWP (Highway Pilot), adaptive cruise control ACC (Adaptive Cruise Control), automatic valet parking AVP (Autonomous Valet Parking), traffic jam automatic driving TJP (Traffic Jam Pilot), at least one of manual high-speed driving, manual low-speed driving, and stationary. Taking highway cruise HWP as an example, the operational design domain ODD (Operational Design Domain) of this driving scenario includes: the driver must hold a driver's license and pay attention to the road conditions at all times; only drive on roads with two-way lanes being physically separated; the maximum speed is 120km/h /h, there can be a vehicle ahead or no vehicle ahead, lane change is allowed, construction site is allowed; it can be driven in the environment of day or night, moderate rain or moderate snow. Exemplarily, for the speed range covered by manual high-speed, medium-speed, and low-speed driving scenarios, reference may be made to industry standards or relevant national laws, regulations, and rules and regulations, which are not specifically limited in the embodiments of the present application. It can be understood that the definition of the driving scene of the vehicle may also be divided according to other standards, and the embodiments of the present application are not specifically limited.
可选的,对于第一整车运行状态,可以采用其它指标表征,例如,第一整车运行状态可以包括车辆行驶状态和车辆业务状态中的至少一项。车辆行驶状态可以包括行驶速度、加速参数、制动参数、转向参数中的至少一项,整车业务状态可以包括智能驾驶等级、高精地图下载状态、行驶道路信息、驾驶员状态信息的一种或者多种。可以理解的,对于整车运行状态的表征方式,本申请各实施例中不作限制。Optionally, other indicators may be used to represent the first vehicle running state. For example, the first vehicle running state may include at least one of a vehicle running state and a vehicle business state. The vehicle driving status may include at least one of driving speed, acceleration parameters, braking parameters, and steering parameters, and the vehicle business status may include one of intelligent driving level, high-precision map download status, driving road information, and driver status information. or more. It can be understood that the manner of representing the running state of the complete vehicle is not limited in the embodiments of the present application.
可以理解的,关于获得第一IDS事件信息和第一整车运行状态的具体方式,本申请各实施例中不作限制。It can be understood that the specific manner of obtaining the first IDS event information and the first vehicle running state is not limited in the embodiments of the present application.
步骤S220:根据第一IDS事件信息和第一整车运行状态确定第一响应策略。Step S220: Determine a first response strategy according to the first IDS event information and the first vehicle operating state.
示例性的,第一响应策略属于至少一个响应策略中的一个,其中,每个响应策略可以包括处理策略。处理策略可以包括:执行最低风险策略、提示异常、建议驾驶员靠边停车、提示自动驾驶功能退出、向安全运营模块告警、整车下电、阻断非法请求中的一项或多项。例如,执行最低风险策略包括驾驶员接管车辆驾驶。对于不同的响应策略,对应的处理策略包括的内容中至少有一项内容不同。Exemplarily, the first response strategy belongs to one of at least one response strategy, wherein each response strategy may include a processing strategy. The processing strategy may include one or more of: implementing the lowest risk strategy, prompting an exception, recommending the driver to pull over, prompting the automatic driving function to exit, alerting the safety operation module, powering off the entire vehicle, and blocking illegal requests. For example, implementing the lowest risk strategy includes the driver taking over the driving of the vehicle. For different response strategies, at least one of the contents included in the corresponding processing strategy is different.
示例性的,每个响应策略包括处理策略和处理时机。处理策略如上所述,处理时机包括立即执行、靠边停车后执行、下次功能开启时执行中的一个或多个。Exemplarily, each response strategy includes a processing strategy and a processing opportunity. The processing strategy is as described above, and the processing timing includes one or more of immediate execution, execution after pulling over, and execution when the function is turned on next time.
具体的,根据第一IDS事件信息和第一整车运行状态确定第一响应策略。第一响应策略可以是下表中的至少一个响应策略中的一个。Specifically, the first response strategy is determined according to the first IDS event information and the first vehicle operating state. The first response strategy may be one of at least one response strategy in the following table.
下表2示出了根据不同的IDS事件信息和不同的整车运行状态确定不同的响应策略的示例。Table 2 below shows an example of determining different response strategies according to different IDS event information and different vehicle operating states.
表2、IDS事件信息、整车运行状态和响应策略示例Table 2. Examples of IDS event information, vehicle operation status and response strategy
Figure PCTCN2020112822-appb-000002
Figure PCTCN2020112822-appb-000002
Figure PCTCN2020112822-appb-000003
Figure PCTCN2020112822-appb-000003
Figure PCTCN2020112822-appb-000004
Figure PCTCN2020112822-appb-000004
Figure PCTCN2020112822-appb-000005
Figure PCTCN2020112822-appb-000005
作为一个具体的示例,如表1所示,对于向底盘CAN总线发送伪造转向命令的网络攻击事件,其事件类型为控车类攻击,事件来源为VCU,由此确定该IDS事件的风险级别为高。如上表2所示,在智能驾驶等级为L3、驾驶场景为高速公路巡航HWP的条件下,基于前述的IDS事件信息和整车运行状态,确定处理策略为:1、执行最低风险策略;2、若驾驶员已接管,提示异常,并建议驾驶员靠边停车;3、向安全运营模块告警。处理策略1和2对应的处理时机为立即执行,与处理策略3对应的时机为靠边停车后执行。As a specific example, as shown in Table 1, for a network attack event that sends a forged steering command to the chassis CAN bus, the event type is a vehicle control attack, and the event source is VCU, so the risk level of the IDS event is determined to be high. As shown in Table 2 above, under the condition that the intelligent driving level is L3 and the driving scene is highway cruise HWP, based on the aforementioned IDS event information and vehicle operation status, the processing strategies are determined as: 1. Execute the lowest risk strategy; 2. If the driver has taken over, it will prompt abnormality and suggest the driver to pull over to stop; 3. Alert the security operation module. The processing timings corresponding to processing strategies 1 and 2 are executed immediately, and the timing corresponding to processing strategy 3 is executed after pulling over.
作为另一个具体的示例,如表1所示,对于高精地图加密通道数据解密失败的事件,其事件类型为非控车类攻击,事件来源为T-Box,由此确定该IDS事件的风险级别为高。如上表2所示,在智能驾驶等级为L0、驾驶场景为静止的条件下,基于前述的IDS事件信息和整车运行状态,确定处理策略为:1、向用户告警,提示用户设备异常;2、向安全运营模块告警。处理策略1和2对应的处理时机为立即执行。As another specific example, as shown in Table 1, for the event that HD map encryption channel data fails to decrypt, the event type is non-vehicle control attack, and the event source is T-Box, so the risk of the IDS event is determined. level is high. As shown in Table 2 above, under the condition that the intelligent driving level is L0 and the driving scene is static, based on the aforementioned IDS event information and vehicle running status, the processing strategy is determined as: 1. Alert the user to alert the user that the device is abnormal; 2. , alert the security operation module. The processing timing corresponding to processing strategies 1 and 2 is immediate execution.
可选的,在确定响应策略之前,本申请实施例还包括确定失效模式。在本申请实施例中,失效是指车载部件丧失规定功能的状态。失效模式是指从导致失效的因素、失效的机理、失效发展过程到失效临界状态到达的整个失效过程,是失效的表现形式。Optionally, before determining the response strategy, the embodiment of the present application further includes determining a failure mode. In the embodiments of the present application, the failure refers to a state in which the vehicle-mounted component loses a prescribed function. The failure mode refers to the entire failure process from the factors leading to failure, the mechanism of failure, the development process of failure to the arrival of the critical state of failure, and is the manifestation of failure.
具体的,根据第一IDS事件信息和第一整车运行状态,确定第一失效模式。Specifically, the first failure mode is determined according to the first IDS event information and the first vehicle operating state.
进一步的,根据第一IDS事件信息和第一整车运行状态确定第一响应策略包括:根据第一IDS事件信息和第一整车运行状态,确定第一失效模式,再根据第一失效模式,确定第一失效管理措施。可以理解的,在本申请各实施例中,第一失效管理措施与第一响应策略相对应或者含义相同。Further, determining the first response strategy according to the first IDS event information and the first vehicle operation state includes: determining the first failure mode according to the first IDS event information and the first vehicle operation state, and then according to the first failure mode, Identify first failure management measures. It can be understood that, in each embodiment of the present application, the first failure management measure corresponds to or has the same meaning as the first response strategy.
下表3以IDS事件信息1为例,给出了根据IDS事件信息和不同的整车运行状态确定不同的失效模式,并根据所确定的失效模式进一步确定响应策略的示例。第一失效模式可以是下表3中至少一个失效模式的中一个。Table 3 below takes the IDS event information 1 as an example, and provides an example of determining different failure modes according to the IDS event information and different vehicle operating states, and further determining the response strategy according to the determined failure modes. The first failure mode may be one of the at least one failure mode in Table 3 below.
表3、IDS事件信息、整车运行状态、失效模式和响应策略示例Table 3. Examples of IDS event information, vehicle operating status, failure mode and response strategy
Figure PCTCN2020112822-appb-000006
Figure PCTCN2020112822-appb-000006
Figure PCTCN2020112822-appb-000007
Figure PCTCN2020112822-appb-000007
Figure PCTCN2020112822-appb-000008
Figure PCTCN2020112822-appb-000008
作为另一个具体示例,如上表1所示,对于向底盘CAN总线发送伪造转向命令的网络攻击事件,其事件类型为控车类攻击,事件来源为VCU,由此确定该IDS事件的风险级别为高。如上表2所示,在智能驾驶等级为L3、驾驶场景为高速公路巡航HWP的条件下,基于前述的IDS事件信息和整车运行状态,确定的失效模式为HWP功能受到控车类攻击,无法正常控制车辆。进一步地,根据该失效模式确定的处理策略为:1、执行最低风险策略;2、若驾驶员已接管,提示异常,并建议驾驶员靠边停车;3、向安全运营模块告警。处理策略1和2对应的处理时机为立即执行,与处理策略3对应的时机为靠边停车后执行。As another specific example, as shown in Table 1 above, for a network attack event that sends a forged steering command to the chassis CAN bus, the event type is a vehicle control attack, and the event source is VCU, so the risk level of the IDS event is determined to be high. As shown in Table 2 above, under the condition that the intelligent driving level is L3 and the driving scene is highway cruising HWP, based on the aforementioned IDS event information and vehicle operating status, the determined failure mode is that the HWP function is attacked by the vehicle control type and cannot be controlled. Control the vehicle normally. Further, the processing strategies determined according to the failure mode are: 1. Execute the lowest risk strategy; 2. If the driver has taken over, prompt an exception and suggest the driver to pull over to stop; 3. Alert the safety operation module. The processing timings corresponding to processing strategies 1 and 2 are executed immediately, and the timing corresponding to processing strategy 3 is executed after pulling over.
步骤S230:向第一车载部件发送第一响应策略。Step S230: Send the first response strategy to the first vehicle-mounted component.
第一车载部件可以是一个车载部件,也可以是多个车载部件。The first in-vehicle component may be one in-vehicle component, or may be a plurality of in-vehicle components.
第一车载部件可以是与事件来源或受攻击对象所属车载部件相同的车载部件,或者不同的车载部件,或者与事件来源或受攻击对象所属车载部件中的一个或多个车载部件相同。The first vehicle component may be the same vehicle component as the event source or the attacked object, or a different vehicle component, or the same one or more vehicle components as the event source or attacked object.
进一步的,针对不同IDS事件信息的不同的响应策略可以发送到不同的车载部件。Further, different response strategies for different IDS event information can be sent to different vehicle components.
示例性的,车载部件可以包括:电子电气架构EEA(Electric/Electronic Architecture)下的VCU、T-Box、IVI、TCU、MCU、BCM中的一种或者多种,也可以是通信计算架构CCA(Computation Communication Architecture)下的车载部件MDC、CDC、VIU的一个或多个。Exemplarily, the on-board components may include: one or more of the VCU, T-Box, IVI, TCU, MCU, and BCM under the Electronic/Electronic Architecture (EEA), or a communication computing architecture (CCA). One or more of the vehicle components MDC, CDC, and VIU under the Computation Communication Architecture).
作为一个具体的实施方式,根据前述的处理策略,向整车控制器VCU发送执行最小风险状态消息,向座舱域控制器CDC(Cockpit Domain Controller)发送告警提示的消息,提示用户自动驾驶功能退出。As a specific implementation, according to the aforementioned processing strategy, a message of executing the minimum risk status is sent to the vehicle controller VCU, and a warning message is sent to the cockpit domain controller CDC (Cockpit Domain Controller), prompting the user to exit the automatic driving function.
可选的,该方法还包括向网络设备发送第一IDS事件信息。Optionally, the method further includes sending the first IDS event information to the network device.
例如,网络设备可以是云服务器。For example, the network device may be a cloud server.
第一IDS事件信息可以包括第一IDS事件索引,或者包括第一IDS事件的事件类型、事件描述、风险级别、事件来源、受攻击部件。The first IDS event information may include a first IDS event index, or an event type, event description, risk level, event source, and attacked component of the first IDS event.
进一步的,该方法还包括接收网络设备发送的第二响应策略。Further, the method further includes receiving a second response policy sent by the network device.
具体的,第二响应策略包括:对所述车载部件的固件或软件中的至少一项进行更新;和/或对IDS事件检测规则集中的至少一项进行更新;和/或对响应策略集中的至少一项进行更新。Specifically, the second response strategy includes: updating at least one item of firmware or software of the in-vehicle component; and/or updating at least one item in the IDS event detection rule set; and/or updating at least one item in the response policy set Update at least one item.
进一步的,该方法还包括向第二车载部件发送第二响应策略。Further, the method also includes sending the second response strategy to the second vehicle-mounted component.
具体的,第二车载部件与第一车载部件可以为相同的车载部件,也可以为不同的车载部件。例如,向第一车载部件MDC发送执行最小风险策略的第一响应策略,向第二车载部件T-Box发送车载部件软件升级的第二响应策略。Specifically, the second vehicle-mounted component and the first vehicle-mounted component may be the same vehicle-mounted component, or may be different vehicle-mounted components. For example, the first response strategy for implementing the minimum risk strategy is sent to the first on-board component MDC, and the second response strategy for software upgrade of the on-board component is sent to the second on-board component T-Box.
可以理解的,本申请各实施例中发送或接收响应策略,指的是发送或接收响应策略的信息,该信息中指示了响应策略。It can be understood that sending or receiving a response policy in each embodiment of the present application refers to sending or receiving response policy information, where the response policy is indicated in the information.
图3是本申请实施例提供的一种提高车辆安全性能的系统,该系统包括采集模块310、分析模块320和响应模块330,用于执行图2所示的提高车辆安全的方法。FIG. 3 is a system for improving vehicle safety performance provided by an embodiment of the present application. The system includes a collection module 310 , an analysis module 320 and a response module 330 for executing the method for improving vehicle safety shown in FIG. 2 .
采集模块310用于获取第一IDS事件信息及第一整车运行状态。The acquisition module 310 is used for acquiring the first IDS event information and the first vehicle running state.
作为一个具体的实施方式,所述采集模块310包含一个或多个传感器,和/或所述系统包含一个或者多个传感器,和/或所述第一车载部件包含一个或多个传感器。传感器的布置方式可以根据车辆架构的部署和模块的设计要求进行,本申请实施例不作具体限定。As a specific implementation manner, the acquisition module 310 includes one or more sensors, and/or the system includes one or more sensors, and/or the first vehicle-mounted component includes one or more sensors. The arrangement of the sensors may be performed according to the deployment of the vehicle architecture and the design requirements of the modules, which are not specifically limited in the embodiments of the present application.
示例性的,车载部件可以为车载信息盒T-Box、车载信息娱乐系统IVI、变速箱控制单元TCU、电机控制器MCU、整车控制单元VCU、车身控制模块BCM、座舱域控制器CDC、移动数据中心MDC、整车集成单元VIU中的一个或者多个。Exemplarily, the in-vehicle components may be in-vehicle information box T-Box, in-vehicle infotainment system IVI, transmission control unit TCU, motor controller MCU, vehicle control unit VCU, body control module BCM, cockpit domain controller CDC, mobile One or more of the data center MDC and the vehicle integration unit VIU.
作为该具体实施方式的示例,在车辆的VCU中布置一个或多个传感器对车辆的行驶状态数据,如车辆速度数据、加速度数据、转向数据,进行采集。As an example of this specific embodiment, one or more sensors are arranged in the VCU of the vehicle to collect the driving state data of the vehicle, such as vehicle speed data, acceleration data, and steering data.
作为该具体实施方式的又一示例,在电动汽车的MCU中布置传感器,对电动机转速数据进行采集。As another example of this specific implementation manner, sensors are arranged in the MCU of the electric vehicle to collect motor speed data.
分析模块320用于:根据第一IDS事件信息和第一整车运行状态确定第一响应策略。The analysis module 320 is configured to: determine a first response strategy according to the first IDS event information and the first vehicle operating state.
可选地,分析模块320用于根据第一IDS事件信息和第一整车运行状态确定第一失效模式,第一响应策略与至少一个失效模式关联,该第一失效模式属于至少一个失效模式中的一个。Optionally, the analysis module 320 is configured to determine a first failure mode according to the first IDS event information and the first vehicle operating state, the first response strategy is associated with at least one failure mode, and the first failure mode belongs to the at least one failure mode. one of.
可选地,分析模块320的部署方式可以根据车辆系统架构的要求进行选择,分析模块320可以集成在车载部件中,或者分析模块320为独立的车载部件。Optionally, the deployment mode of the analysis module 320 may be selected according to the requirements of the vehicle system architecture, the analysis module 320 may be integrated in the vehicle-mounted component, or the analysis module 320 may be an independent vehicle-mounted component.
响应模块330用于:向车载部件发送第一响应策略的信息。The response module 330 is used for: sending the information of the first response strategy to the vehicle-mounted component.
可选地,该系统还包括执行模块340,该执行模块340用于接收响应策略的信息以及执行响应策略。示例性的,执行模块340布置在车辆端。Optionally, the system further includes an execution module 340, and the execution module 340 is configured to receive the information of the response strategy and execute the response strategy. Exemplarily, the execution module 340 is arranged at the vehicle end.
在一种实施方式中,该系统还包括发送模块350,用于向安全运营模块360发送第 一IDS事件信息。可以理解的,本申请实施例中的安全运营模块360对应于上图2中所述的网络设备。In one embodiment, the system further includes a sending module 350 for sending the first IDS event information to the security operation module 360. It can be understood that the security operation module 360 in this embodiment of the present application corresponds to the network device described in FIG. 2 above.
进一步的,响应模块330还用于从安全运营模块360接收第二响应策略。Further, the response module 330 is further configured to receive the second response policy from the security operation module 360 .
在另一种实施方式中,该系统还包括发送模块350和安全运营模块360,该发送模块350向安全运营模块360发送第一IDS事件信息,安全运营模块360接收和分析第一IDS事件信息,根据该分析的结果向响应模块330发送第二响应策略。在本申请实施例中,第二响应策略是用于提高车辆安全性的系统针对IDS事件信息和整车运行状态进行响应的处理规则。In another embodiment, the system further includes a sending module 350 and a security operation module 360, the sending module 350 sends the first IDS event information to the security operation module 360, and the security operation module 360 receives and analyzes the first IDS event information, The second response policy is sent to the response module 330 according to the result of the analysis. In the embodiment of the present application, the second response strategy is a processing rule for the system for improving vehicle safety to respond to the IDS event information and the running state of the entire vehicle.
进一步的,响应模块330接收第二响应策略。Further, the response module 330 receives the second response policy.
进一步的,响应模块330向执行模块340发送第二响应策略。Further, the response module 330 sends the second response policy to the execution module 340 .
本申请各实施例中,第二响应策略可以包括:对车载部件的固件或软件中的至少一项进行更新。例如,在车载部件的固件和/或软件出现安全漏洞的情况下,第二响应策略包括通过OTA方式进行涉及安全漏洞的固件、软件进行升级。In each embodiment of the present application, the second response strategy may include: updating at least one of firmware or software of the vehicle-mounted component. For example, in the case of a security vulnerability in the firmware and/or software of the vehicle component, the second response strategy includes upgrading the firmware and software involving the security vulnerability through OTA.
或者,第二响应策略还包括:对IDS事件检测规则集或响应策略集中的至少一项进行更新。例如,则通过OTA下发到IDS的对外接口的管理模块进行响应策略配置,之后将响应策略下发到对应的车载部件。Alternatively, the second response strategy further includes: updating at least one item of the IDS event detection rule set or the response strategy set. For example, the management module of the external interface of the IDS is delivered to the IDS to configure the response policy, and then the response policy is delivered to the corresponding vehicle components.
为了描述的方便和简洁,本实施例中具体的描述可以参照前述图2对应的方法实施例中的描述,在此不作赘述。For the convenience and brevity of description, for the specific description in this embodiment, reference may be made to the description in the foregoing method embodiment corresponding to FIG. 2 , which is not repeated here.
本申请实施例提供的一种计算机可读存储介质,其上存有计算机程序,该计算机程序被处理器执行时实现如本申请图2所示实施例提供的方法。A computer-readable storage medium provided by an embodiment of the present application stores a computer program thereon, and when the computer program is executed by a processor, implements the method provided by the embodiment shown in FIG. 2 of the present application.
本申请实施例提供的一种电子设备,包括:An electronic device provided by an embodiment of the present application includes:
一个或多个处理器,该处理器用于执行存储器上存储的计算机程序,以实现如本申请图2所示实施例提供的方法。One or more processors configured to execute the computer program stored in the memory to implement the method provided by the embodiment shown in FIG. 2 of the present application.
可选地,该存储器与该处理器耦合。Optionally, the memory is coupled to the processor.
可选地,该电子设备还可以包括上述存储器,该存储器上存储有计算机程序。Optionally, the electronic device may further include the above-mentioned memory, where the computer program is stored.
本申请实施例提供一种车辆,该车辆包括如本申请图3所示实施例提供的系统。An embodiment of the present application provides a vehicle, and the vehicle includes the system provided by the embodiment shown in FIG. 3 of the present application.
需要说明的是,上述实施例是以VCU作为车载部件为例进行说明的,但不构成对本申请的限定,上述方案同样可以适用于其它车载部件的技术方案,本申请不对车载部件的具体类型进行限定。It should be noted that the above embodiments are described by taking the VCU as an on-board component as an example, but this does not constitute a limitation to the present application. The above solution can also be applied to technical solutions of other on-board components. limited.
本申请实施例的具体实施方式部分使用的术语仅用于对本申请的具体实施方式进行解释,而非旨在限定本申请实施例。Terms used in the detailed description of the embodiments of the present application are only used to explain the specific embodiments of the present application, and are not intended to limit the embodiments of the present application.
需要说明的是,为了便于清楚描述本申请实施例的技术方案,在本申请的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或者相似项进行区分,例如第一响应和第二响应策略仅仅是为了区分不同的响应策略,除非另有明确的规定和限定,并不对其先后顺序进行限定,也不能理解为指示或者暗示。本领域技术人员可以理解,“第一”、“第二”等字样并不对数量和执行次序进行限定。It should be noted that, in order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to identify the same or similar items that have basically the same function and effect. The distinction, for example, the first response strategy and the second response strategy is only for differentiating different response strategies, and unless otherwise explicitly specified and limited, the order of the response strategies is not limited, nor should it be interpreted as an indication or suggestion. Those skilled in the art can understand that words such as "first" and "second" do not limit the quantity and execution order.
本申请中实施例中的“汽车”、“车辆”和“整车”或者其它相似术语包括一般的机动车辆,例如包括轿车、SUV、MPV、公交车、卡车和其它载货或者载客车辆,包括各种船、艇在内的水运工具,以及航空器等,包括混合动力车辆、电动车辆、燃油车辆、插电式混合动力车辆、燃料电池汽车以及其它代用燃料车辆。其中,混合动力车辆指的是具有两种或者多种 动力源的车辆,电动车辆包括纯电动汽车、增程式电动汽车等,本申请对此不做具体限定。"Automobile", "vehicle" and "vehicle" or other similar terms in the embodiments of this application include general motor vehicles, including, for example, sedans, SUVs, MPVs, buses, trucks and other cargo or passenger vehicles, Watercraft including various boats and boats, and aircraft, including hybrid vehicles, electric vehicles, fuel vehicles, plug-in hybrid vehicles, fuel cell vehicles and other alternative fuel vehicles. Wherein, a hybrid vehicle refers to a vehicle having two or more power sources, and an electric vehicle includes a pure electric vehicle, an extended-range electric vehicle, etc., which is not specifically limited in this application.
本领域技术人员能够领会,结合本文公开描述的各种说明性逻辑框、模块和算法步骤所描述的功能可以硬件、软件、固件或其任何组合来实施。如果以软件来实施,那么各种说明性逻辑框、模块、和步骤描述的功能可作为一或多个指令或代码在计算机可读介质上存储或传输,且由基于硬件的处理单元执行。计算机可读介质可包含计算机可读存储介质,其对应于有形介质,例如数据存储介质,或包括任何促进将计算机程序从一处传送到另一处的介质(例如,根据通信协议)的通信介质。以此方式,计算机可读介质大体上可对应于(1)非暂时性的有形计算机可读存储介质,或(2)通信介质,例如信号或载波。数据存储介质可为可由一或多个计算机或一或多个处理器存取以检索用于实施本申请中描述的技术的指令、代码和/或数据结构的任何可用介质。计算机程序产品可包含计算机可读介质。Those skilled in the art will appreciate that the functions described in connection with the various illustrative logical blocks, modules, and algorithm steps described in this disclosure may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions described by the various illustrative logical blocks, modules, and steps may be stored on or transmitted over as one or more instructions or code on a computer-readable medium and executed by a hardware-based processing unit. Computer-readable media may include computer-readable storage media, which correspond to tangible media, such as data storage media, or communication media including any medium that facilitates transfer of a computer program from one place to another (eg, according to a communication protocol) . In this manner, a computer-readable medium may generally correspond to (1) a non-transitory tangible computer-readable storage medium, or (2) a communication medium such as a signal or carrier wave. Data storage media can be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementing the techniques described in this application. The computer program product may comprise a computer-readable medium.
作为实例而非限制,此类计算机可读存储介质可包括RAM、ROM、EEPROM、CD-ROM或其它光盘存储装置、磁盘存储装置或其它磁性存储装置、快闪存储器或可用来存储指令或数据结构的形式的所要程序代码并且可由计算机存取的任何其它介质。并且,任何连接被恰当地称作计算机可读介质。举例来说,如果使用同轴缆线、光纤缆线、双绞线、数字订户线(DSL)或例如红外线、无线电和微波等无线技术从网站、服务器或其它远程源传输指令,那么同轴缆线、光纤缆线、双绞线、DSL或例如红外线、无线电和微波等无线技术包含在介质的定义中。但是,应理解,计算机可读存储介质和数据存储介质并不包括连接、载波、信号或其它暂时介质,而是实际上针对于非暂时性有形存储介质。如本文中所使用,磁盘和光盘包含压缩光盘(CD)、激光光盘、光学光盘、数字多功能光盘(DVD)和蓝光光盘,其中磁盘通常以磁性方式再现数据,而光盘利用激光以光学方式再现数据。以上各项的组合也应包含在计算机可读介质的范围内。By way of example and not limitation, such computer-readable storage media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage devices, magnetic disk storage devices or other magnetic storage devices, flash memory, or may be used to store instructions or data structures desired program code in the form of any other medium that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave are used to transmit instructions from a website, server, or other remote source, then the coaxial cable Wire, fiber optic cable, twisted pair, DSL or wireless technologies such as infrared, radio and microwave are included in the definition of medium. It should be understood, however, that computer-readable storage media and data storage media do not include connections, carrier waves, signals, or other transitory media, but are instead directed to non-transitory, tangible storage media. As used herein, magnetic disks and optical disks include compact disks (CDs), laser disks, optical disks, digital versatile disks (DVDs), and Blu-ray disks, where disks typically reproduce data magnetically, while disks reproduce optically with lasers data. Combinations of the above should also be included within the scope of computer-readable media.
可通过例如一或多个数字信号处理器(DSP)、通用微处理器、专用集成电路(ASIC)、现场可编程逻辑阵列(FPGA)或其它等效集成或离散逻辑电路等一或多个处理器来执行指令。因此,如本文中所使用的术语“处理器”可指前述结构或适合于实施本文中所描述的技术的任一其它结构中的任一者。另外,在一些方面中,而且,技术可完全实施于一或多个电路或逻辑元件中。may be processed by one or more of, for example, one or more digital signal processors (DSPs), general purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuits to execute the instruction. Accordingly, the term "processor," as used herein may refer to any of the foregoing structure or any other structure suitable for implementation of the techniques described herein. In addition, in some aspects, moreover, the techniques may be fully implemented in one or more circuits or logic elements.
本申请的技术可在各种各样的装置或设备中实施,包含车载设备、集成电路(IC)或一组IC(例如,芯片组)。本申请中描述各种组件、模块是为了强调用于执行所揭示的技术的装置的功能方面,但未必需要由不同硬件实现。实际上,如上文所描述,各种模块可结合合适的软件和/或固件组合在硬件中,或者通过互操作硬件(包含如上文所描述的一个或多个处理器)来提供。The techniques of this application may be implemented in a wide variety of devices or apparatuses, including in-vehicle equipment, an integrated circuit (IC), or a set of ICs (eg, a chip set). Various components, modules are described in this application to emphasize functional aspects of means for performing the disclosed techniques, but do not necessarily require realization by different hardware. Indeed, as described above, the various modules may be combined in hardware in conjunction with suitable software and/or firmware, or provided by interoperating hardware including one or more processors as described above.
在上述实施例中,对各个实施例的描述各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.
以上所述,仅为本申请的具体实施方式,对于本领域技术人员来说,在本申请揭露的范围内可轻易想到变化或替代,都应涵盖在本申请的保护范围之内。本申请的保护范围应以权利要求的保护范围为准。The above descriptions are only specific embodiments of the present application. For those skilled in the art, changes or substitutions can be easily thought of within the scope disclosed in the present application, and all should be included within the protection scope of the present application. The protection scope of the present application shall be subject to the protection scope of the claims.

Claims (32)

  1. 一种提高车辆安全性的方法,其特征在于,所述方法包括:A method for improving vehicle safety, characterized in that the method comprises:
    获取第一IDS事件信息和第一整车运行状态;Obtain the first IDS event information and the first vehicle running state;
    根据所述第一IDS事件信息和所述第一整车运行状态确定第一响应策略;determining a first response strategy according to the first IDS event information and the first vehicle operating state;
    向第一车载部件发送所述第一响应策略。The first response strategy is sent to the first onboard component.
  2. 根据权利要求1所述的方法,其特征在于,所述第一IDS事件信息用于指示第一IDS事件的事件类型、事件描述、风险级别、事件来源、受攻击部件中的一项或者多项。The method according to claim 1, wherein the first IDS event information is used to indicate one or more of the event type, event description, risk level, event source, and attacked component of the first IDS event .
  3. 根据权利要求1或2所述的方法,其特征在于,所述第一整车运行状态包括自动驾驶等级和驾驶场景中的至少一种。The method according to claim 1 or 2, wherein the first vehicle operating state includes at least one of an automatic driving level and a driving scenario.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述驾驶场景由包含行驶速度、地形、路面情况、行驶环境、交通状况、行驶时段中的一项或多项参数定义。The method according to any one of claims 1-3, wherein the driving scene is defined by one or more parameters including driving speed, terrain, road conditions, driving environment, traffic conditions, and driving time period.
  5. 根据权利要求4所述的方法,其特征在于,所述驾驶场景包括高速公路巡航HWP、自适应巡航控制ACC、自动代客泊车AVP、交通拥堵自动驾驶TJP、人工高速驾驶、人工低速驾驶、静止中的一种或多种。The method according to claim 4, wherein the driving scenarios include highway cruise HWP, adaptive cruise control ACC, automatic valet parking AVP, traffic jam automatic driving TJP, manual high-speed driving, manual low-speed driving, one or more of stationary.
  6. 根据权利要求1-5任一项所述的方法,其特征在于,所述第一响应策略与至少一个IDS事件信息以及至少一个整车运行状态关联,所述第一IDS事件信息属于所述至少一个IDS事件信息中的一个,所述第一整车运行状态属于所述至少一个整车运行状态中的一个。The method according to any one of claims 1-5, wherein the first response strategy is associated with at least one IDS event information and at least one vehicle operating state, and the first IDS event information belongs to the at least one IDS event information. One of the pieces of IDS event information, the first vehicle operating state belongs to one of the at least one vehicle operating state.
  7. 根据权利要求1-6任一项所述的方法,其特征在于,所述第一响应策略包括处理策略,或者所述第一响应策略包括处理策略和处理时机。The method according to any one of claims 1-6, wherein the first response strategy includes a processing strategy, or the first response strategy includes a processing strategy and a processing opportunity.
  8. 根据权利要求7所述的方法,其特征在于,所述处理策略包括:执行最低风险策略、提示异常、建议驾驶员靠边停车、提示自动驾驶功能退出、向安全运营模块告警、整车下电、阻断非法请求中的一项或多项;所述处理时机包括:立即执行、靠边停车后执行、下次功能开启时执行中的一个或多个。The method according to claim 7, wherein the processing strategy comprises: executing the lowest risk strategy, prompting an exception, recommending the driver to pull over to the side, prompting the automatic driving function to exit, alerting the safety operation module, powering off the whole vehicle, One or more items of illegal requests are blocked; the processing timing includes one or more of: immediate execution, execution after pulling over, and execution when the next function is turned on.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,所述根据所述第一IDS事件信息和所述第一整车运行状态确定第一响应策略具体包括:The method according to any one of claims 1-8, wherein the determining the first response strategy according to the first IDS event information and the first vehicle operating state specifically includes:
    根据所述第一IDS事件信息和所述第一整车运行状态确定第一失效模式,A first failure mode is determined according to the first IDS event information and the first vehicle operating state,
    根据所述第一失效模式,确定所述第一响应策略,其中,所述第一响应策略与至少一个失效模式关联,所述第一失效模式属于所述至少一个失效模式中的一个。The first response strategy is determined based on the first failure mode, wherein the first response strategy is associated with at least one failure mode, and the first failure mode belongs to one of the at least one failure modes.
  10. 根据权利要求1-9任一项所述的方法,其特征在于,所述车载部件包括:车载信息盒T-Box、车载信息娱乐系统IVI、变速箱控制单元TCU、电机控制器MCU、整车控制单元VCU、车身控制模块BCM、座舱域控制器CDC、移动数据中心MDC中的一种或者多种。The method according to any one of claims 1-9, wherein the on-board components include: on-board information box T-Box, on-board infotainment system IVI, transmission control unit TCU, motor controller MCU, complete vehicle One or more of the control unit VCU, the body control module BCM, the cockpit domain controller CDC, and the mobile data center MDC.
  11. 根据权利要求1-10任一项所述的方法,其特征在于,所述方法还包括:向网络设备发送所述第一IDS事件信息。The method according to any one of claims 1-10, wherein the method further comprises: sending the first IDS event information to a network device.
  12. 根据权利要求11所述的方法,其特征在于,所述方法还包括,从网络设备接收第二响应策略。11. The method of claim 11, further comprising receiving a second response policy from a network device.
  13. 根据权利要求12所述方法,其特征在于,所述方法还包括,向第二车载部件发送所述第二响应策略。13. The method of claim 12, further comprising sending the second response strategy to a second vehicle-mounted component.
  14. 根据权利要求12或13所述的方法,其特征在于,所述第二响应策略包括:The method according to claim 12 or 13, wherein the second response strategy comprises:
    对所述车载部件的固件或软件中的至少一项进行更新;Updating at least one of the firmware or software of the on-board component;
    和/或对IDS事件检测规则集中的至少一项进行更新;and/or update at least one item in the IDS event detection rule set;
    和/或对响应策略集中的至少一项进行更新。and/or update at least one item in the response policy set.
  15. 一种用于提高车辆安全性的系统,其特征在于,所述系统包括采集模块、分析模块和响应模块;A system for improving vehicle safety, characterized in that the system includes an acquisition module, an analysis module and a response module;
    所述采集模块,用于获取第一IDS事件信息和第一整车运行状态;The acquisition module is used to acquire the first IDS event information and the first vehicle running state;
    所述分析模块,用于根据所述第一IDS事件信息和所述第一整车运行状态确定第一响应策略;the analysis module, configured to determine a first response strategy according to the first IDS event information and the first vehicle operating state;
    所述响应模块,用于向第一车载部件发送所述第一响应策略。The response module is configured to send the first response strategy to the first vehicle-mounted component.
  16. 根据权利要求15所述的系统,其特征在于,所述系统包含一个或者多个传感器,和/或所述采集模块包含一个或多个传感器,和/或,所述第一车载部件包含一个或多个传感器。The system according to claim 15, wherein the system includes one or more sensors, and/or the acquisition module includes one or more sensors, and/or the first vehicle-mounted component includes one or more sensors multiple sensors.
  17. 根据权利要求15或16所述的系统,其特征在于,所述分析模块集成在所述车载部件中,或者所述分析模块为独立的车载部件。The system according to claim 15 or 16, wherein the analysis module is integrated in the vehicle-mounted component, or the analysis module is an independent vehicle-mounted component.
  18. 根据权利要求15-17任一项所述的系统,其特征在于,所述车载部件包括:车载信息盒T-Box、车载信息娱乐系统IVI、变速箱控制单元TCU、电机控制器MCU、整车控制单元VCU、车身控制模块BCM、座舱域控制器CDC、移动数据中心MDC、整车集成单元VIU中的一种或者多种。The system according to any one of claims 15-17, wherein the on-board components include: on-board information box T-Box, on-board infotainment system IVI, transmission control unit TCU, motor controller MCU, complete vehicle One or more of the control unit VCU, the body control module BCM, the cockpit domain controller CDC, the mobile data center MDC, and the vehicle integration unit VIU.
  19. 根据权利要求15-18任一项所述的系统,其特征在于,所述系统还与安全运营模块进行交互,所述安全运营模块接收所述第一IDS事件信息,并根据所述第一IDS事件信息向所述响应模块发送所述第二响应策略。The system according to any one of claims 15 to 18, wherein the system further interacts with a security operation module, and the security operation module receives the first IDS event information and, according to the first IDS The event information sends the second response policy to the response module.
  20. 根据权利要求15-19任一项所述的系统,其特征在于,所述第二响应策略包括:The system according to any one of claims 15-19, wherein the second response strategy comprises:
    对所述车载部件的固件或软件中的至少一项进行更新;Updating at least one of the firmware or software of the on-board component;
    和/或对IDS事件检测规则集中的至少一项进行更新;and/or update at least one item in the IDS event detection rule set;
    和/或对响应策略集中的至少一项进行更新。and/or update at least one item in the response policy set.
  21. 根据权利要求15-20任一项所述的系统,其特征在于,所述分析模块具体用于根据所述第一IDS事件信息和所述第一整车运行状态确定第一失效模式,根据所述第一失效模式,确定所述第一响应策略,其中,所述第一响应策略与至少一个失效模式关联,所述第一失效模式属于所述至少一个失效模式中的一个。The system according to any one of claims 15-20, wherein the analysis module is specifically configured to determine a first failure mode according to the first IDS event information and the first vehicle operating state, and according to the The first failure mode is determined, and the first response strategy is determined, wherein the first response strategy is associated with at least one failure mode, and the first failure mode belongs to one of the at least one failure modes.
  22. 根据权利要求15-21任一项所述的系统,其特征在于,所述系统还包括执行模块,所述执行模块用于接收所述第一响应策略或所述第二响应策略中的至少一项,和/或执行所述第一响应策略或所述第二响应策略中的至少一项。The system according to any one of claims 15-21, wherein the system further comprises an execution module, and the execution module is configured to receive at least one of the first response strategy or the second response strategy item, and/or implement at least one of the first response strategy or the second response strategy.
  23. 根据权利要求15-22任一项所述的系统,其特征在于,所述第一IDS事件信息用于指示第一IDS事件的事件类型、事件描述、风险级别、事件来源、受攻击部件中的一项或者多项。The system according to any one of claims 15-22, wherein the first IDS event information is used to indicate an event type, an event description, a risk level, an event source, and an attacked component of the first IDS event. one or more.
  24. 根据权利要求15-23任一项所述的系统,其特征在于,所述第一整车运行状态包括自动驾驶等级和驾驶场景中的至少一种。The system according to any one of claims 15-23, wherein the first vehicle operating state includes at least one of an automatic driving level and a driving scenario.
  25. 根据权利要求15-24任一项所述的系统,其特征在于,所述驾驶场景由包含行驶速度、地形、路面情况、行驶环境、交通状况、行驶时段中的一项或多项参数定义。The system according to any one of claims 15-24, wherein the driving scenario is defined by one or more parameters including driving speed, terrain, road conditions, driving environment, traffic conditions, and driving time periods.
  26. 根据权利要求25所述的系统,其特征在于,所述驾驶场景包括高速公路巡航 HWP、自适应巡航控制ACC、自动代客泊车AVP、交通拥堵自动驾驶TJP、人工高速驾驶、人工低速驾驶、静止中的一种或多种。The system according to claim 25, wherein the driving scenarios include highway cruise HWP, adaptive cruise control ACC, automatic valet parking AVP, traffic jam automatic driving TJP, manual high-speed driving, manual low-speed driving, one or more of stationary.
  27. 根据权利要求15-26任一项所述的系统,其特征在于,所述第一响应策略与至少一个IDS事件信息以及至少一个整车运行状态关联,所述第一IDS事件信息属于所述至少一个IDS事件信息中的一个,所述第一整车运行状态属于所述至少一个整车运行状态中的一个。The system according to any one of claims 15-26, wherein the first response strategy is associated with at least one IDS event information and at least one vehicle operating state, and the first IDS event information belongs to the at least one IDS event information. One of the pieces of IDS event information, the first vehicle operating state belongs to one of the at least one vehicle operating state.
  28. 根据权利要求15-27任一项所述的系统,其特征在于,所述第一响应策略包括处理策略,或者所述第一响应策略包括处理策略和处理时机。The system according to any one of claims 15-27, wherein the first response strategy includes a processing strategy, or the first response strategy includes a processing strategy and a processing opportunity.
  29. 根据权利要求28所述的系统,其特征在于,所述处理策略包括:执行最低风险策略、提示异常、建议驾驶员靠边停车、提示自动驾驶功能退出、向安全运营模块告警、整车下电、阻断非法请求中的一项或多项;所述处理时机包括:立即执行,靠边停车后执行、下次功能开启时执行中的一个或多个。The system according to claim 28, wherein the processing strategy comprises: executing the lowest risk strategy, prompting an exception, recommending the driver to pull over to stop, prompting the automatic driving function to exit, alerting the safety operation module, powering off the whole vehicle, Block one or more of the illegal requests; the processing timing includes one or more of: executing immediately, executing after pulling over, and executing the next time the function is turned on.
  30. 一种计算机可读存储介质,其上存有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1-14任一项所述的方法。A computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the method according to any one of claims 1-14 is implemented.
  31. 一种电子设备,其特征在于,包括处理器,所述处理器与存储器耦合,所述存储器上存储有计算机程序,所述处理器用于执行所述计算机程序,以实现如权利要求1-14任一项所述的方法。An electronic device, characterized in that it comprises a processor, wherein the processor is coupled with a memory, and a computer program is stored on the memory, and the processor is configured to execute the computer program to implement any one of claims 1-14. one of the methods described.
  32. 一种车辆,其特征在于,所述车辆包括如权利要求15-29任一项所述的系统。A vehicle, characterized in that the vehicle comprises the system of any one of claims 15-29.
PCT/CN2020/112822 2020-09-01 2020-09-01 Method and system for improving vehicle security WO2022047617A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/112822 WO2022047617A1 (en) 2020-09-01 2020-09-01 Method and system for improving vehicle security
CN202080005094.5A CN112752682A (en) 2020-09-01 2020-09-01 Method and system for improving vehicle safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/112822 WO2022047617A1 (en) 2020-09-01 2020-09-01 Method and system for improving vehicle security

Publications (1)

Publication Number Publication Date
WO2022047617A1 true WO2022047617A1 (en) 2022-03-10

Family

ID=75651279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/112822 WO2022047617A1 (en) 2020-09-01 2020-09-01 Method and system for improving vehicle security

Country Status (2)

Country Link
CN (1) CN112752682A (en)
WO (1) WO2022047617A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579388A (en) * 2024-01-16 2024-02-20 北京源堡科技有限公司 Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114312778A (en) * 2022-01-27 2022-04-12 中国第一汽车股份有限公司 Method and device for acquiring functional safety requirement of cruise control system
CN114760147A (en) * 2022-05-07 2022-07-15 国汽智控(北京)科技有限公司 Security event processing method, security event processing device, equipment and medium
CN115878111B (en) * 2022-09-26 2024-02-06 北京犬安科技有限公司 Threat analysis and risk assessment TARA data multiplexing implementation method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965267A (en) * 2018-06-28 2018-12-07 北京车和家信息技术有限公司 network attack processing method, device and vehicle
CN110268681A (en) * 2017-02-16 2019-09-20 歌乐株式会社 Vehicle gateway device and communication cutting-off method
US20190308589A1 (en) * 2018-04-09 2019-10-10 Cisco Technology, Inc. Vehicle network intrusion detection system (ids) using vehicle state predictions
CN110682875A (en) * 2019-09-19 2020-01-14 中国第一汽车股份有限公司 Vehicle safety risk assessment method and device and vehicle
CN111052681A (en) * 2018-05-08 2020-04-21 松下电器(美国)知识产权公司 Abnormality detection electronic control unit, vehicle-mounted network system, and abnormality detection method
CN111489576A (en) * 2020-02-21 2020-08-04 中国电子技术标准化研究院 Control method and system of vehicle automatic driving equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111353471A (en) * 2020-03-17 2020-06-30 北京百度网讯科技有限公司 Safe driving monitoring method, device, equipment and readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110268681A (en) * 2017-02-16 2019-09-20 歌乐株式会社 Vehicle gateway device and communication cutting-off method
US20190308589A1 (en) * 2018-04-09 2019-10-10 Cisco Technology, Inc. Vehicle network intrusion detection system (ids) using vehicle state predictions
CN111052681A (en) * 2018-05-08 2020-04-21 松下电器(美国)知识产权公司 Abnormality detection electronic control unit, vehicle-mounted network system, and abnormality detection method
CN108965267A (en) * 2018-06-28 2018-12-07 北京车和家信息技术有限公司 network attack processing method, device and vehicle
CN110682875A (en) * 2019-09-19 2020-01-14 中国第一汽车股份有限公司 Vehicle safety risk assessment method and device and vehicle
CN111489576A (en) * 2020-02-21 2020-08-04 中国电子技术标准化研究院 Control method and system of vehicle automatic driving equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579388A (en) * 2024-01-16 2024-02-20 北京源堡科技有限公司 Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system
CN117579388B (en) * 2024-01-16 2024-04-05 北京源堡科技有限公司 Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system

Also Published As

Publication number Publication date
CN112752682A (en) 2021-05-04

Similar Documents

Publication Publication Date Title
WO2022047617A1 (en) Method and system for improving vehicle security
den Hartog et al. Security and privacy for innovative automotive applications: A survey
US11748474B2 (en) Security system and methods for identification of in-vehicle attack originator
US10356122B2 (en) Device for detection and prevention of an attack on a vehicle
US20200351281A1 (en) Systems and methods for detection of malicious activity in vehicle data communication networks
Miller et al. A survey of remote automotive attack surfaces
Sagstetter et al. Security challenges in automotive hardware/software architecture design
RU2706887C2 (en) System and method for blocking computer attack on vehicle
Henniger et al. Security requirements for automotive on-board networks
Burakova et al. Truck hacking: An experimental analysis of the {SAE} j1939 standard
US20130145482A1 (en) Vehicle middleware
Klets et al. Information security risk management of vehicles
Winsen Threat modelling for future vehicles: on identifying and analysing threats for future autonomous and connected vehicles
CN116800531A (en) Automobile electronic and electric architecture and safety communication method
US20230242152A1 (en) Systems and methods for detecting misbehavior behavior based on fusion data at an autonomous driving system
Trope et al. Why smart car safety depends on cybersecurity
Groza et al. Designing security for in-vehicle networks: a Body Control Module (BCM) centered viewpoint
Ibarra et al. Cyber-security as an attribute of active safety systems and their migration towards vehicle automation
Rumez et al. Security hardening of automotive networks through the implementation of attribute-based plausibility checks
Gurban et al. Risk assessment and security countermeasures for vehicular instrument clusters
Ghafarian et al. An Analysis of Connected Cars Technology and Security
Caberto et al. A method of securing a vehicle’s controller area network
Costantino et al. Improving Vehicle Safety Through a Fog Collaborative Infrastructure
Tillman Security Analysis Methodology for Modern Automobiles: Attack Surfaces, Targets and Impacts
Rai et al. Unveiling Threats: A Comprehensive Taxonomy of Attacks in In-Vehicle Networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20951865

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20951865

Country of ref document: EP

Kind code of ref document: A1