WO2022205132A1 - Method and apparatus for determining protection plan of attack path - Google Patents

Method and apparatus for determining protection plan of attack path Download PDF

Info

Publication number
WO2022205132A1
WO2022205132A1 PCT/CN2021/084561 CN2021084561W WO2022205132A1 WO 2022205132 A1 WO2022205132 A1 WO 2022205132A1 CN 2021084561 W CN2021084561 W CN 2021084561W WO 2022205132 A1 WO2022205132 A1 WO 2022205132A1
Authority
WO
WIPO (PCT)
Prior art keywords
attack path
protection
attack
protection scheme
scheme
Prior art date
Application number
PCT/CN2021/084561
Other languages
French (fr)
Chinese (zh)
Inventor
赵付霞
冀浩杰
王云鹏
于海洋
秦洪懋
王颖会
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN202180001195.XA priority Critical patent/CN113228713B/en
Priority to PCT/CN2021/084561 priority patent/WO2022205132A1/en
Publication of WO2022205132A1 publication Critical patent/WO2022205132A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Definitions

  • the present application relates to the technical field of network-connected vehicle security, and in particular, to a method and device for determining a protection scheme for an attack path.
  • the information security of connected cars has been paid more and more attention by people.
  • the information security attacks against connected vehicles are usually based on attack paths, which cause the connected vehicles to generate greater information security risks.
  • the attack path is composed of at least one subject, and the subject can be the in-vehicle communication box (telematics box, T-Box, gateway (GW), electronic control unit (electronic control unit, ECU) and other nodes in the connected car. applications, operating systems, etc.
  • the embodiments of the present application provide a method and device for determining a protection scheme for an attack path, which can more efficiently select a protection scheme that meets both information security requirements and protection cost requirements from multiple attack path protection schemes.
  • the technical scheme is as follows:
  • a method for determining a protection scheme of an attack path comprising:
  • the attack path protection scheme that satisfies the information security conditions is determined.
  • the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
  • the attack path may be a high-risk attack path, that is, an attack path that may threaten personal safety after being attacked.
  • the protection cost is the quantitative value of manpower and material resources to implement the protection plan.
  • Each subject of the attack path may correspond to at least one subject protection measure, and by combining the subject protection measures of each subject in the attack path, multiple attack path protection schemes may be obtained.
  • the computer equipment can directly select the attack path protection scheme that meets the information security conditions without manual participation, which ensures the protection effect of the finally selected protection scheme to be used.
  • the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path.
  • Use protective schemes In this way, without manual participation, the protection scheme to be used can be directly selected by computer equipment efficiently, and the selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save investment to a certain extent. cost of protection.
  • the delay caused by the attack path protection scheme for packet transmission may also be considered.
  • an attack path protection scheme that satisfies both the information security condition and the time cost condition can be determined first. Then, in the attack path protection scheme that satisfies both the information security condition and the time cost condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
  • the time cost of the attack path protection solution is the sum of the time costs corresponding to the protection measures included in the attack path protection solution.
  • the time cost corresponding to the protection measure is used to indicate the time between the time when the message passes through the node to which the subject belongs when the protection measure is implemented on the subject and the time when the packet passes through the node to which the subject belongs when the node to which the subject belongs does not implement the protection measure. difference value.
  • the time cost corresponding to the protective measures can be measured by technicians through experiments.
  • the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
  • the information security condition is that the attack probability corresponding to the attack path protection scheme is less than a preset attack probability threshold.
  • the attack probability corresponding to the attack path protection scheme is used to quantify the protection effect of the attack path protection scheme, and the attack probability corresponding to the attack path protection scheme indicates that the attack path is attacked after implementing the attack path protection scheme
  • the probability of success the smaller the corresponding attack probability, the lower the probability of being attacked successfully, on the contrary, the higher the corresponding attack probability, the higher the probability of being attacked successfully.
  • each attack path protection scheme can correspond to an attack probability. If the attack probability corresponding to an attack path protection scheme is less than the preset attack probability threshold, it can be determined that the attack path protection scheme satisfies the information security conditions and achieves the required protection effect. , instead of testing the attack path protection scheme to know its protection effect when selecting the protection scheme to be used like the related schemes, which can effectively save the time for selecting the protection scheme to be used.
  • the corresponding attack path protection scheme with the least protection cost is determined.
  • the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path.
  • the number of corresponding attack path protection schemes with the smallest protection cost is greater than 1, among the multiple attack path protection schemes with the smallest protection cost, the corresponding attack path protection scheme with the smallest attack probability is determined.
  • the corresponding attack path protection scheme with the smallest attack probability is used as the to-be-used protection scheme for the attack path.
  • the number of the corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the attack path to be used. protection plan.
  • the information security condition and the time cost condition are prioritized, and the priority of the information security condition is higher than that of the time cost condition.
  • Time cost condition, and the attack path protection scheme with the same protection cost the attack path protection scheme with the smaller attack probability is preferentially selected, and when the attack probability is also the same, the attack path protection scheme with the smallest time cost is selected.
  • the method provided by the embodiment of the present application may be used to select a protection scheme to be used against the attack path that threatens the security of the connected car. Specifically, among the multiple attack path protection schemes corresponding to the attack path of the connected vehicle, an attack path protection scheme that satisfies the information security conditions of the connected vehicle is determined. Then, in the attack path protection scheme that satisfies the information security conditions of the connected vehicle, the attack path protection scheme that satisfies the protection cost condition of the connected vehicle is determined as the protection scheme to be used for the attack path of the connected vehicle.
  • the relevant information of the determined protection scheme to be used may be displayed.
  • the relevant information may include specific implementation steps of the protection scheme to be used, expected protection effects, protection costs, precautions, and the like. In this way, technicians can clearly know the relevant information of the protection scheme to be used, and then the technicians can implement the protection scheme to be used in the connected car based on the relevant information of the protection scheme to be used to protect the attack path of the connected car .
  • an apparatus for determining a protection solution for an attack path is provided, which is used to execute the method described in the first aspect and any possible implementation manner of the first aspect.
  • the apparatus includes a module for performing the method described in the first aspect and any possible implementation manner of the first aspect.
  • a computer device in a third aspect, includes a processor and a memory, wherein:
  • the memory stores instructions, and the processor executes the instructions to implement the method for determining a protection solution for an attack path as described in the first aspect and any possible implementation manner of the first aspect.
  • a computer-readable storage medium where instructions are stored in the computer-readable storage medium, and the instructions are loaded and executed by a processor to implement the first aspect and any one of the first aspects.
  • a computer program product includes instructions, and the instructions are loaded and executed by a processor, so as to realize the above-mentioned first aspect and any one of the possible implementations of the first aspect.
  • a chip system in a sixth aspect, includes at least one processor, and is configured to support implementing the functions involved in the first aspect and any possible implementation manner of the first aspect, for example, receiving or Process the data and/or information involved in the above methods.
  • the system-on-a-chip further includes a memory for storing program instructions and data, and the memory is located inside the processor or outside the processor.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • an apparatus for determining a protection scheme of an attack path includes at least one processor and a communication interface, the communication interface is used for sending and/or receiving data, and the at least one processor is used for calling A computer program stored in at least one memory to cause the apparatus to implement the method described in the first aspect and any one of the possible implementations of the first aspect.
  • FIG. 1 is an electronic and electrical architecture diagram of a connected vehicle provided by an embodiment of the present application
  • FIG. 2 is a schematic diagram of a node-level attack path provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of the relationship between a subject-level attack path and a node-level attack path provided by an embodiment of the present application;
  • FIG. 4 is a flowchart of a method for determining a protection solution for an attack path provided by an embodiment of the present application
  • FIG. 5 is a schematic structural diagram of an apparatus for a protection solution for determining an attack path provided by an embodiment of the present application
  • FIG. 6 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • An embodiment of the present application provides a method for determining a protection solution for an attack path, and the method can be implemented by a computer device, where the computer device can be a laptop computer (Laptop), desktop computer, tablet computer (pad), server, or the like.
  • the computer device can automatically select an attack path protection scheme that satisfies the information security conditions, which ensures the protection effect of the finally selected protection scheme to be used.
  • the attack path protection scheme that satisfies the information security conditions continue to automatically select the attack path protection scheme that satisfies the protection cost condition among the attack path protection schemes that meet the information security conditions, as the final attack path protection scheme to be used .
  • the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
  • FIG. 1 exemplarily shows an electrical and electronic architecture diagram of a connected car.
  • a telematics box (T-Box) is used to communicate with the outside world, and a gateway (GW) is used to perform protocol conversion, data exchange, and the like.
  • Parts other than T-Box and GW can include power domain, chassis domain, body domain, infotainment domain and advanced driver assistance system (Advanced Driver Assistance System, ADAS).
  • Each domain includes a corresponding domain controller (Domain Controller, DC), a controller area network (Controller Area Network, CAN), and at least one electronic control unit (Electronic Control Unit, ECU).
  • DC Domain Controller
  • CAN Controller Area Network
  • ECU Electronic Control Unit
  • the power domain includes DC1, powertrain controller area network (Powertrain CAN, PT CAN), ECU1, ECU2, etc., where the ECU can be an engine control module (Engine Control Module, ECM), a battery management system ( Battery Management System, BMS), etc.
  • the chassis domain includes DC2, chassis controller area network (Chassis CAN, CH CAN), ECU3, ECU4, etc. Among them, ECU can be anti-lock braking system (Antilock Brake System, ABS), body electronic stability system (Electronic Stability Program) , ESP) etc.
  • the body domain includes DC3, body controller area network (Body CAN), body control module (Body Control Module, BCM) ECU5, ECU6, etc.
  • the ECU can be a tire pressure monitoring system (Tire Pressure Monitoring System, TPMS), panoramic Surveillance imaging system (Around View Monitor, AVM), etc.
  • the infotainment domain includes DC4, infotainment controller area network (information CAN, info CAN), ECU7, in-vehicle infotainment (In-Vehicle Infotainment, IVI) system, etc., where the ECU can be a combination instrument (Instrument Pack, IPK), etc. .
  • the attack path is the node-level attack path, and from the specific attacked subject in the hardware, the attack path is the subject-level attack path.
  • Each node-level attack path includes at least one node, and the node can be a hardware module in a connected car, such as T-Box, GW, DC, ECU, etc.
  • the corresponding node-level attack path can be shown in Figure 2, that is, first attack the T-Box, then attack the GW, then attack the DC in the body domain, and finally attack the control high beam light ECU.
  • Each subject-level attack path includes at least one subject, and the subject may be an application program, firmware, etc. installed in the node.
  • the essence of the attack node is the subject in the attack node.
  • a node-level attack path may correspond to multiple subject-level attack paths.
  • FIG. 3 a relationship between a possible node-level attack path and an agent-level attack path is shown.
  • a node-level attack path is shown, and the nodes included in the node-level attack path are T-Box, GW, DC1, and ECU1 in sequence, wherein the T-Box includes multiple subjects, and among the multiple subjects Subject 1 and subject 2 are attacked subjects.
  • GW includes multiple subjects.
  • subject 3 and subject 4 are attacked subjects.
  • DC1 includes multiple subjects, and subject 5 and subject 6 are attacked subjects.
  • ECU1 includes multiple subjects, among which subject 7 is the subject to be attacked.
  • Figure 3 also shows three subject-level attack paths, wherein the first subject-level attack path includes subjects in sequence: subject 2, subject 1, subject 3, subject 5, and subject 7,
  • the subjects included in the second subject-level attack path are subject 1, subject 4, subject 6, and subject 7, and the subjects included in the third subject-level attack path are subject 2, subject 3, subject 5, and subject 7 in order.
  • an embodiment of the present application provides a method for determining an attack path protection scheme, and the processing flow of the method may include the following steps:
  • Step 401 among multiple attack path protection schemes of the attack path, determine an attack path protection scheme that satisfies the information security condition.
  • the attack path is a high-risk attack path, that is, an attack path that may threaten personal safety after being attacked.
  • the technician can provide multiple attack path protection schemes for the attack path, and each attack path protection scheme consists of at least one main protection measure.
  • Each subject of the attack path may correspond to at least one subject protection measure, and by combining the subject protection measures of each subject in the attack path, multiple attack path protection schemes may be obtained.
  • an attack path includes k subjects
  • the first subject corresponds to n 1 subject protection measures
  • the second subject corresponds to n 2 -n 1 subject protection measures
  • the third subject corresponds to n 3 -n 2 subjects
  • the k-th subject corresponds to n k -n k-1 subject protective measures.
  • the computer equipment can establish a vector M to be solved
  • Each element in vector M corresponds to a subject protection measure, where M 1 to The n 1 elements of , in turn, correspond to the n 1 subject protection measures of the first subject, arrive The n 2 -n 1 elements in turn correspond to the n 2 -n 1 body guards of the second body, and so on, arrive The n k -n k-1 elements of , in turn, correspond to the n k -n k-1 subject protection measures of the kth subject.
  • Each element in the vector M is an unknown quantity and takes a value of 0 or 1. When the value of the element is 0, it means that the main protective measure corresponding to the element is not implemented.
  • the main protection measures corresponding to the elements, and different value combinations of the vector M correspond to different attack path protection schemes. The relationship between the vector M and the attack path protection scheme is described below with an example:
  • the attack path includes two subjects, subject 1 and subject 2.
  • the first element M 1 and the second element M 2 correspond to the main body protection measure 1 and the main body protection measure 2 of the main body 1 respectively
  • the third element M 3 corresponds to the main body protection measure 3 of the main body 2 .
  • All possible value combinations of vector M include (0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), ( 1, 0, 1), (1, 1, 0) and (1, 1, 1).
  • the value combination (0, 0, 0) indicates that the attack path protection scheme is not implemented for the attack path, and the attack path protection scheme corresponding to the value combination (0, 0, 1) consists of the main protection measures 3; , 1, 0) corresponding to the attack path protection scheme consists of the main protection measure 2; the attack path protection scheme corresponding to the value combination (0, 1, 1) consists of the main protection measure 2 and the main protection measure 3; the value combination ( The attack path protection scheme corresponding to 1, 0, 0) consists only of the main protection measure 1; the attack path protection scheme corresponding to the value combination (1, 0, 1) is composed of the main protection measure 1 and the main protection measure 3; The attack path protection scheme corresponding to the combination (1, 1, 0) consists of the main protection measure 1 and the main protection measure 2; the attack path protection scheme corresponding to the value combination (1, 1, 1) consists of the main protection measure 1, the main protection measure Measure 2 and main body protection measure 3 are composed.
  • an information security constraint function is established based on the attack probability corresponding to each main protection measure and the vector M to be solved.
  • the information security constraint function can be as follows:
  • k is the number of subjects included in the attack path of the protection scheme to be determined
  • P j is the attack probability corresponding to the jth subject in the attack path
  • P max is the attack probability threshold given by the technician.
  • the information security constraint function can have other forms besides the above forms, such as where N is a constant.
  • the calculation method of P j can be as follows:
  • P j P j (*).
  • P j (*) is the attack probability when the j th subject does not implement any subject protection measures, and the value of P j (*) can be calculated by the technical personnel according to the risk assessment after determining the attack path.
  • the attack probability is used to represent the possibility of being attacked.
  • One of the elements takes the value of 1, and the other elements take the value of 0, that is, the subject protection measures corresponding to the element with the value of 1 are implemented for the j-th subject.
  • P j is equal to the maximum value in . in, implement element for the jth subject The attack probability after the corresponding subject protection measures, and so on, implement element for the jth subject The attack probability after the corresponding subject protection measures.
  • F j max is the maximum value of the sum of the quantified values of the attack potential factors. and F j max are obtained by technicians according to experimental tests.
  • the first element M 1 and the second element M 2 correspond to the main body protection measure 1 and the main body protection measure 2 of the main body 1 respectively
  • the third element M 3 corresponds to the main body protection measure 3 of the main body 2 .
  • All possible value combinations of vector M include (0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), ( 1, 0, 1), (1, 1, 0) and (1, 1, 1). Substitute these eight value combinations into the information security constraint function in turn to obtain the corresponding P(M).
  • the obtained P(M) is all less than P max , then, (1, 0, 1) and (1, 0, 1) and The main protection measures corresponding to (1, 0, 0) constitute two attack path protection schemes.
  • the main protection measure 1 and the main protection measure 3 are obtained to form an attack path protection scheme as an attack path protection scheme that satisfies the information security conditions.
  • the main protection measure 1 is obtained, and an attack path protection scheme is formed as an attack path protection scheme that satisfies the information security conditions.
  • Step 402 in the attack path protection scheme satisfying the information security condition, determine the attack path protection scheme that satisfies the protection cost condition as the to-be-used protection scheme of the attack path.
  • the protection cost corresponding to each attack path protection scheme can be calculated separately, and an attack path protection scheme that satisfies the protection cost conditions can be selected among them.
  • protection cost calculation formula When calculating the protection cost corresponding to the attack path protection scheme, the following protection cost calculation formula can be used:
  • C(M) is the protection cost of the attack path protection scheme
  • m is the number of subject protection measures corresponding to the subject of the attack path of the protection scheme to be determined
  • m n 1 +n 2 +n 3
  • M i is the above vector
  • C i is the protection cost of the main protection measures corresponding to M i
  • C i is a known quantity, which can be set by technicians according to the actual situation.
  • the protection cost of the attack path protection scheme can be obtained.
  • the corresponding attack path protection scheme with the smallest protection cost is determined. If the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the smallest protection cost is greater than 1, among the multiple attack path protection schemes with the smallest protection cost, the corresponding attack path protection scheme with the smallest attack probability is determined as the protection scheme to be used for the attack path. .
  • the time cost of the attack path protection scheme may also be used as a constraint condition.
  • an attack path protection scheme that satisfies both information security conditions and time cost conditions can be determined first. Then, among the attack path protection schemes that satisfy both the information security condition and the time cost condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
  • a time cost constraint function can be established based on the time cost corresponding to each main protection measure and the vector M to be solved to realize the time cost constraint on the attack path.
  • the time cost constraint function can be as follows:
  • m is the number of main body protection measures corresponding to the main body of the attack path of the protection scheme to be determined
  • M i is the ith element of the above vector M
  • D i is the time cost of the main body protection measures corresponding to M i
  • D i is The known quantity can be measured by the technician through experiments
  • D max is the time cost threshold value
  • D max is the known quantity, which can be set by the technician according to actual needs.
  • the time cost constraint function can have other forms besides the above forms, such as where N is a constant.
  • the time cost of the above-mentioned subject protection measures is used to indicate the time for the packets to pass through the node to which the subject belongs when the subject protection measures are implemented on the subject, and the time for the packets to pass through the node to which the subject belongs when the subject protection measures are not implemented on the node to which the subject belongs. difference between the times.
  • the attack path protection scheme that satisfies both the information security condition and the time cost condition is obtained.
  • the protection cost of the attack path protection scheme satisfying both the information security condition and the time cost condition is calculated by the above protection cost calculation formula.
  • the corresponding attack path protection scheme with the smallest protection cost is determined. If the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the minimum protection cost is greater than 1, among the multiple attack path protection schemes with the minimum protection cost, the corresponding attack path protection scheme with the minimum attack probability is determined.
  • the corresponding attack path protection scheme with the smallest attack probability is used as the to-be-used protection scheme for the attack path. If the number of corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined.
  • the corresponding attack path protection scheme with the minimum time cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the minimum time cost is greater than 1, the above corresponding attack path protection schemes with the minimum time cost can be displayed to the technician, and the technician selects one of the attack path protection schemes as the waiting path of the attack path. Use protective schemes.
  • the technician can deploy the protection solution to be used to the designated vehicle.
  • the computer device can also reselect the protection scheme to be used according to a preset cycle, or reselect the protection scheme to be used after the technician updates the information security conditions or protection cost conditions.
  • an attack path protection scheme that satisfies information security conditions can be automatically selected for multiple attack path protection schemes of an attack path, which ensures the protection effect of the finally selected protection scheme to be used.
  • the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path.
  • Use protective schemes In this way, the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
  • an embodiment of the present application also provides an apparatus for determining a protection solution for an attack path.
  • the apparatus may be computer equipment.
  • the apparatus includes a combination module 510 and a calculation module 520 .
  • the calculation module 510 is used for determining an attack path protection scheme that satisfies the information security conditions among the multiple attack path protection schemes; specifically, the calculation module 510 is used for executing the above steps 401 and 402 .
  • the selection module 520 is configured to, among the attack path protection schemes satisfying the information security condition, determine the attack path protection scheme that satisfies the protection cost condition as the to-be-used protection scheme of the attack path. Specifically, the selection module 520 is configured to execute the above step 403 .
  • the computing module 510 is used for:
  • the attack path protection scheme determines the attack path protection scheme that satisfies the information security conditions and satisfies the time cost conditions.
  • the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
  • the information security condition corresponding to the attack path protection scheme is that the corresponding attack probability is less than a preset attack probability threshold.
  • the selection module 520 is used to:
  • the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path; or,
  • the corresponding attack path protection scheme with the smallest attack probability is used as the protection scheme to be used for the attack path; or,
  • the corresponding attack path protection scheme with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the attack path to be used. protection plan.
  • an attack path protection scheme that satisfies information security conditions can be automatically selected for multiple attack path protection schemes of an attack path, which ensures the protection effect of the finally selected protection scheme to be used.
  • the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path.
  • Use protective schemes In this way, the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
  • the device for determining the protection scheme of the attack path determines the protection scheme of the attack path
  • only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be used as required.
  • the allocation is completed by different functional modules, that is, the internal structure of the computer device is divided into different functional modules, so as to complete all or part of the functions described above.
  • the apparatus for determining a protection solution for an attack path provided in the above embodiment and the method embodiment for determining a protection solution for an attack path belong to the same concept, and the specific implementation process is detailed in the method embodiment, which will not be repeated here.
  • an embodiment of the present application provides a schematic diagram of a computer device 600 .
  • the computer device 600 includes at least one processor 601 , internal connections 602 , memory 603 and at least one transceiver 604 .
  • the computer device 600 is an apparatus with a hardware structure, which can be used to implement the functional modules in the apparatus shown in FIG. 5 .
  • the computing module 510 in the apparatus shown in FIG. 5 can be implemented by calling the code in the memory 603 through the at least one processor 601, and the selection module 520 can also call the memory through the at least one processor 601. 603 code to achieve.
  • processor 601 may be a general-purpose central processing unit (central processing unit, CPU), network processor (network processor, NP), microprocessor, application-specific integrated circuit (application-specific integrated circuit, ASIC) , or one or more integrated circuits used to control the execution of the program of this application.
  • CPU central processing unit
  • NP network processor
  • ASIC application-specific integrated circuit
  • the internal connection 602 described above may include a path to transfer information between the above described components.
  • the internal connection 602 is a single board or a bus or the like.
  • the above transceiver 604 is used to communicate with other devices or communication networks.
  • the above-mentioned memory 603 can be a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, a random access memory (random access memory, RAM) or other types of storage devices that can store information and instructions.
  • ROM read-only memory
  • RAM random access memory
  • Types of dynamic storage devices which can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM), or other optical storage, CD-ROM storage (including compact discs, laser discs, compact discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being accessed by Any other medium accessed by the computer, but not limited to this.
  • the memory can exist independently and be connected to the processor through a bus.
  • the memory can also be integrated with the processor.
  • the memory 603 is used for storing the application code for executing the solution of the present application, and the execution is controlled by the processor 601 .
  • the processor 601 is configured to execute the application program code stored in the memory 603, and cooperate with at least one transceiver 604, so that the computer device 600 realizes the functions in the present application.
  • the processor 601 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 6 .
  • the computer device 600 may include multiple processors. Each of these processors can be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor.
  • a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data, such as computer program instructions.
  • Embodiments of the present application further provide a computer-readable storage medium, where instructions or programs are stored in the computer-readable storage medium, and the instructions or programs are loaded and executed by a processor to implement the attack path determination method provided by the embodiments of the present application. method of protection.
  • Embodiments of the present application also provide a computer program product, the computer program product includes instructions, and the instructions are loaded and executed by a processor to implement the method for determining a protection solution for an attack path provided by the embodiments of the present application.
  • An embodiment of the present application further provides a chip system, where the chip system includes at least one processor for supporting the functions involved in implementing the above method for determining a protection solution for an attack path, such as processing data involved in the above method and/or or information.
  • the system-on-a-chip further includes a memory for storing program instructions and data, and the memory is located inside the processor or outside the processor.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • the computer program product includes one or more computer instructions, and when the computer program instructions are loaded and executed on a device, all or part of the processes or functions described in the embodiments of the present application are generated.
  • Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, from a website site, computer, server, or data center over a wired connection. (eg coaxial cable, optical fiber, digital subscriber line) or wireless (eg infrared, wireless, microwave, etc.) means to another website site, computer, server or data center.
  • the computer-readable storage medium may be any available medium that the device can access, or a data storage device such as a server, data center, or the like that includes an integration of one or more available media.
  • the usable medium may be a magnetic medium (such as a floppy disk, a hard disk, and a magnetic tape, etc.), an optical medium (such as a digital video disk (Digital Video Disk, DVD), etc.), or a semiconductor medium (such as a solid-state disk, etc.).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in the present application are a method and an apparatus for determining a protection plan of an attack path, relating to the technical field of Internet of Vehicles security. The method comprises: determining attack path protection plans that meet information security conditions from amongst multiple attack path protection plans of an attack path; and determining an attack path protection plan that meets protection cost conditions from amongst the attack path protection plans that meet information security conditions as a protection plan to be used of the attack path. The present method enables the finally selected protection plan to be used to meet certain information security requirements to achieve better protection effects and save investment costs of protection to a certain degree.

Description

确定攻击路径的防护方案的方法和装置Method and device for determining protection scheme of attack path 技术领域technical field
本申请涉及网联汽车安全技术领域,特别涉及一种确定攻击路径的防护方案的方法和装置。The present application relates to the technical field of network-connected vehicle security, and in particular, to a method and device for determining a protection scheme for an attack path.
背景技术Background technique
随着网联汽车的不断普及,网联汽车的信息安全也越来越被人们所重视。目前,针对网联汽车的信息安全攻击,通常是按照攻击路径进行攻击,使网联汽车产生较大的信息安全风险。其中,攻击路径由至少一个主体组成,主体可以为网联汽车中的车载通信盒子(telematics box,T-Box、网关(gateway,GW)、电子控制单元(electronic control unit,ECU)等节点中的应用程序、操作系统等。With the continuous popularization of connected cars, the information security of connected cars has been paid more and more attention by people. At present, the information security attacks against connected vehicles are usually based on attack paths, which cause the connected vehicles to generate greater information security risks. Among them, the attack path is composed of at least one subject, and the subject can be the in-vehicle communication box (telematics box, T-Box, gateway (GW), electronic control unit (electronic control unit, ECU) and other nodes in the connected car. applications, operating systems, etc.
目前,攻击路径一般有较多的防护方案,在选择防护方案时,通常由技术人员任意选择一种防护方案实施,这样选择的防护方案防护效果可能较差。At present, there are generally many protection schemes for attack paths. When selecting a protection scheme, technicians usually arbitrarily select a protection scheme for implementation, and the protection effect of the selected protection scheme may be poor.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种确定攻击路径的防护方案的方法和装置,可以更加高效地在多个攻击路径防护方案中选择出同时满足信息安全需求和防护成本需求的防护方案,技术方案如下:The embodiments of the present application provide a method and device for determining a protection scheme for an attack path, which can more efficiently select a protection scheme that meets both information security requirements and protection cost requirements from multiple attack path protection schemes. The technical scheme is as follows:
第一方面,提供了一种确定攻击路径的防护方案的方法,方法包括:In a first aspect, a method for determining a protection scheme of an attack path is provided, the method comprising:
在攻击路径的多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案。在满足信息安全条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为攻击路径的待使用防护方案。Among the multiple attack path protection schemes of the attack path, the attack path protection scheme that satisfies the information security conditions is determined. In the attack path protection scheme that satisfies the information security condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
在本申请实施例所示的方案中,攻击路径可以为高危攻击路径,即受到攻击后可能会对人身安全造成威胁的攻击路径。防护成本为实施防护方案所要付出的人力、物力等的量化值。In the solutions shown in the embodiments of the present application, the attack path may be a high-risk attack path, that is, an attack path that may threaten personal safety after being attacked. The protection cost is the quantitative value of manpower and material resources to implement the protection plan.
攻击路径的每个主体可以对应至少一个主体防护措施,对攻击路径中各主体的主体防护措施进行组合,可以得到多个攻击路径防护方案。对于攻击路径的多个攻击路径防护方案可以在无需人工参与的情况下,由计算机设备直接选择出满足信息安全条件的攻击路径防护方案,保证了最终选择出的待使用防护方案的防护效果。另外,本申请中在选择出满足信息安全条件的攻击路径防护方案后,继续在满足信息安全条件的攻击路径防护方案中,自动选择满足防护成本条件的攻击路径防护方案,作为攻击路径最终的待使用防护方案。这样,无需人工参与,可以高效地通过计算机设备直接选择出待使用防护方案,且选择的待使用防护方案既可以满足一定的信息安全要求达到较好的防护效果,又可以一定程度上节省投入的防护成本。Each subject of the attack path may correspond to at least one subject protection measure, and by combining the subject protection measures of each subject in the attack path, multiple attack path protection schemes may be obtained. For the multiple attack path protection schemes of the attack path, the computer equipment can directly select the attack path protection scheme that meets the information security conditions without manual participation, which ensures the protection effect of the finally selected protection scheme to be used. In addition, in this application, after selecting the attack path protection scheme that satisfies the information security conditions, the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path. Use protective schemes. In this way, without manual participation, the protection scheme to be used can be directly selected by computer equipment efficiently, and the selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save investment to a certain extent. cost of protection.
在一种可能的实现方式中,在选择攻击路径的待使用防护方案时,还可以考虑攻击路径防护方案对于报文传输产生的时延。相应的,可以先确定出既满足信息安全条件又满足时间成本条件的攻击路径防护方案。然后,在既满足信息安全条件又满足时间成本条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为攻击路径的待使用防护方 案。In a possible implementation manner, when selecting the protection scheme to be used for the attack path, the delay caused by the attack path protection scheme for packet transmission may also be considered. Correspondingly, an attack path protection scheme that satisfies both the information security condition and the time cost condition can be determined first. Then, in the attack path protection scheme that satisfies both the information security condition and the time cost condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
在本申请实施例所示的方案中,攻击路径防护方案的时间成本为该攻击路径防护方案所包括的防护措施对应的时间成本之和。防护措施对应的时间成本用于表示对主体实施该防护措施的情况下报文通过该主体所属节点的时间与该主体所属节点不实施防护措施的情况下报文通过该主体所属节点的时间之间的差值。防护措施对应的时间成本可以由技术人员通过实验测得。In the solutions shown in the embodiments of the present application, the time cost of the attack path protection solution is the sum of the time costs corresponding to the protection measures included in the attack path protection solution. The time cost corresponding to the protection measure is used to indicate the time between the time when the message passes through the node to which the subject belongs when the protection measure is implemented on the subject and the time when the packet passes through the node to which the subject belongs when the node to which the subject belongs does not implement the protection measure. difference value. The time cost corresponding to the protective measures can be measured by technicians through experiments.
在一种可能的实现方式中,时间成本条件为攻击路径防护方案对应的时间成本小于预设时间成本阈值。In a possible implementation manner, the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
在一种可能的实现方式中,信息安全条件为攻击路径防护方案对应的攻击概率小于预设攻击概率阈值。In a possible implementation manner, the information security condition is that the attack probability corresponding to the attack path protection scheme is less than a preset attack probability threshold.
在本申请实施例所示的方案中,使用攻击路径防护方案对应的攻击概率来量化攻击路径防护方案的防护效果,攻击路径防护方案对应的攻击概率表示攻击路径实施该攻击路径防护方案后被攻击成功的可能性,对应的攻击概率越小表示被攻击成功的可能性越小,反之,对应的攻击概率越大表示被攻击成功的可能性越大。这样,对于每个攻击路径防护方案均可以对应一个攻击概率,如果一个攻击路径防护方案对应的攻击概率小于预设攻击概率阈值,便可以确定该攻击路径防护方案满足信息安全条件达到需要的防护效果,而不用和相关方案一样在选择待使用防护方案时需要对攻击路径防护方案实施测试才能知道其防护效果,可以有效节省选择待使用防护方案的时间。In the scheme shown in the embodiment of the present application, the attack probability corresponding to the attack path protection scheme is used to quantify the protection effect of the attack path protection scheme, and the attack probability corresponding to the attack path protection scheme indicates that the attack path is attacked after implementing the attack path protection scheme The probability of success, the smaller the corresponding attack probability, the lower the probability of being attacked successfully, on the contrary, the higher the corresponding attack probability, the higher the probability of being attacked successfully. In this way, each attack path protection scheme can correspond to an attack probability. If the attack probability corresponding to an attack path protection scheme is less than the preset attack probability threshold, it can be determined that the attack path protection scheme satisfies the information security conditions and achieves the required protection effect. , instead of testing the attack path protection scheme to know its protection effect when selecting the protection scheme to be used like the related schemes, which can effectively save the time for selecting the protection scheme to be used.
在一种可能的实现方式中,在同时有信息安全条件、时间成本条件以及防护成本条件的情况下,在确定出同时满足信息安全条件和时间成本条件的攻击路径防护方案后,在这些攻击路径防护方案中选择满足防护成本条件的攻击路径防护方案的方法可以如下:In a possible implementation, when there are information security conditions, time cost conditions, and protection cost conditions at the same time, after determining an attack path protection scheme that satisfies both information security conditions and time cost conditions, these attack paths The method for selecting an attack path protection scheme that satisfies the protection cost condition in the protection scheme can be as follows:
确定对应的防护成本最小的攻击路径防护方案。在对应的防护成本最小的攻击路径防护方案的数量为1的情况下,将对应的防护成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。在对应的防护成本最小的攻击路径防护方案的数量大于1的情况下,在多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案。在对应的攻击概率最小的攻击路径防护方案的数量为1的情况下,将对应的攻击概率最小的攻击路径防护方案,作为攻击路径的待使用防护方案。在对应的攻击概率最小的攻击路径防护方案的数量大于1的情况下,在对应的攻击概率最小的攻击路径防护方案中,确定对应的时间成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。Determine the corresponding attack path protection scheme with the least protection cost. When the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path. When the number of corresponding attack path protection schemes with the smallest protection cost is greater than 1, among the multiple attack path protection schemes with the smallest protection cost, the corresponding attack path protection scheme with the smallest attack probability is determined. In the case where the number of corresponding attack path protection schemes with the smallest attack probability is 1, the corresponding attack path protection scheme with the smallest attack probability is used as the to-be-used protection scheme for the attack path. When the number of the corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the attack path to be used. protection plan.
在本申请实施例所示的方案中,对信息安全条件和时间成本条件做了优先级排序,信息安全条件的优先级要高于时间成本条件的优先级,这样,对于同时满足信息安全条件和时间成本条件,且防护成本相同的攻击路径防护方案,优先选择攻击概率小的攻击路径防护方案,在攻击概率也相同时,再选择时间成本最小的攻击路径防护方案。In the solution shown in the embodiment of the present application, the information security condition and the time cost condition are prioritized, and the priority of the information security condition is higher than that of the time cost condition. Time cost condition, and the attack path protection scheme with the same protection cost, the attack path protection scheme with the smaller attack probability is preferentially selected, and when the attack probability is also the same, the attack path protection scheme with the smallest time cost is selected.
在一种可能的实现方式中,本申请实施例提供的技术方案应用于网联汽车领域。In a possible implementation manner, the technical solutions provided in the embodiments of the present application are applied to the field of connected vehicles.
在网联汽车开发阶段,或者在网联汽车投入使用后,出于网联汽车安全的考虑,需要对网联汽车中存在的威胁网联汽车安全的攻击路径进行防护。此时,可以采用本申请实施例提供的方法针对威胁网联汽车安全的攻击路径,选择待使用防护方案。具体的,在网联汽车的攻击路径对应的多个攻击路径防护方案中,确定满足网联汽车的信息安全条件的攻击路径防护方案。然后,在满足网联汽车的信息安全条件的攻击路径防护方案中,确定满足网联汽车 的防护成本条件的攻击路径防护方案,作为网联汽车的攻击路径的待使用防护方案。In the development stage of the connected car, or after the connected car is put into use, for the consideration of the security of the connected car, it is necessary to protect the attack path in the connected car that threatens the security of the connected car. At this time, the method provided by the embodiment of the present application may be used to select a protection scheme to be used against the attack path that threatens the security of the connected car. Specifically, among the multiple attack path protection schemes corresponding to the attack path of the connected vehicle, an attack path protection scheme that satisfies the information security conditions of the connected vehicle is determined. Then, in the attack path protection scheme that satisfies the information security conditions of the connected vehicle, the attack path protection scheme that satisfies the protection cost condition of the connected vehicle is determined as the protection scheme to be used for the attack path of the connected vehicle.
此外,在选择出网联汽车的攻击路径的待使用防护方案后,可以将确定出待使用防护方案的相关信息进行显示。其中,相关信息可以包括待使用防护方案的具体实施步骤、预计防护效果、防护成本、注意事项等等。这样,技术人员可以清晰地获知待使用防护方案的相关信息,进而技术人员可以基于待使用防护方案的相关信息在网联汽车中实施该待使用防护方案,以对网联汽车的攻击路径进行防护。In addition, after the protection scheme to be used for the attack path of the connected car is selected, the relevant information of the determined protection scheme to be used may be displayed. The relevant information may include specific implementation steps of the protection scheme to be used, expected protection effects, protection costs, precautions, and the like. In this way, technicians can clearly know the relevant information of the protection scheme to be used, and then the technicians can implement the protection scheme to be used in the connected car based on the relevant information of the protection scheme to be used to protect the attack path of the connected car .
第二方面,提供了一种确定攻击路径的防护方案的装置,用于执行上述第一方面以及第一方面中任意一种可能的实现方式所描述的方法。具体地,所述装置包括用于执行上述第一方面以及第一方面中任意一种可能的实现方式中所述的方法的模块。In a second aspect, an apparatus for determining a protection solution for an attack path is provided, which is used to execute the method described in the first aspect and any possible implementation manner of the first aspect. Specifically, the apparatus includes a module for performing the method described in the first aspect and any possible implementation manner of the first aspect.
第三方面,提供了一种计算机设备,计算机设备包括处理器和存储器,其中:In a third aspect, a computer device is provided, the computer device includes a processor and a memory, wherein:
所述存储器存储指令,所述处理器执行所述指令,以实现如上述第一方面以及第一方面中任意一种可能的实现方式中所述的确定攻击路径的防护方案的方法。The memory stores instructions, and the processor executes the instructions to implement the method for determining a protection solution for an attack path as described in the first aspect and any possible implementation manner of the first aspect.
第四方面,提供了一种计算机可读存储介质,计算机可读存储介质中存储有指令,所述指令由处理器加载并执行,以实现如上述第一方面以及第一方面中任意一种可能的实现方式中所述的确定攻击路径的防护方案的方法。In a fourth aspect, a computer-readable storage medium is provided, where instructions are stored in the computer-readable storage medium, and the instructions are loaded and executed by a processor to implement the first aspect and any one of the first aspects. The method for determining the protection scheme of the attack path described in the implementation manner of .
第五方面,提供了一种计算机程序产品,计算机程序产品中包括指令,指令由处理器加载并执行,以实现如上述第一方面以及第一方面中任意一种可能的实现方式中所述的确定攻击路径的防护方案的方法。In a fifth aspect, a computer program product is provided, the computer program product includes instructions, and the instructions are loaded and executed by a processor, so as to realize the above-mentioned first aspect and any one of the possible implementations of the first aspect. A method for determining protection schemes for attack paths.
第六方面,提供了一种芯片系统,该芯片系统包括至少一个处理器,用于支持实现上述第一方面以及第一方面中任意一种可能的实现方式中所涉及的功能,例如,接收或处理上述方法中所涉及的数据和/或信息。In a sixth aspect, a chip system is provided, the chip system includes at least one processor, and is configured to support implementing the functions involved in the first aspect and any possible implementation manner of the first aspect, for example, receiving or Process the data and/or information involved in the above methods.
在一种可能的设计中,该芯片系统还包括存储器,该存储器用于保存程序指令和数据,存储器位于处理器之内或处理器之外。该芯片系统,可以由芯片构成,也可以包含芯片和其他分立器件。In one possible design, the system-on-a-chip further includes a memory for storing program instructions and data, and the memory is located inside the processor or outside the processor. The chip system may be composed of chips, or may include chips and other discrete devices.
第七方面,提供了一种确定攻击路径的防护方案的装置,所述装置包括至少一个处理器和通信接口,所述通信接口用于发送和/或接收数据,所述至少一个处理器用于调用至少一个存储器中存储的计算机程序,以使得所述装置实现如第一方面以及第一方面中任意一种可能的实现方式中任意一种可能的实施方式所描述的方法。In a seventh aspect, an apparatus for determining a protection scheme of an attack path is provided, the apparatus includes at least one processor and a communication interface, the communication interface is used for sending and/or receiving data, and the at least one processor is used for calling A computer program stored in at least one memory to cause the apparatus to implement the method described in the first aspect and any one of the possible implementations of the first aspect.
附图说明Description of drawings
图1是本申请实施例提供的一种网联汽车电子电气架构图;FIG. 1 is an electronic and electrical architecture diagram of a connected vehicle provided by an embodiment of the present application;
图2是本申请实施例提供的一种节点级攻击路径示意图;FIG. 2 is a schematic diagram of a node-level attack path provided by an embodiment of the present application;
图3是本申请实施例提供的一种主体级攻击路径和节点级攻击路径之间的关系示意图;3 is a schematic diagram of the relationship between a subject-level attack path and a node-level attack path provided by an embodiment of the present application;
图4是本申请实施例提供的一种确定攻击路径的防护方案的方法流程图;4 is a flowchart of a method for determining a protection solution for an attack path provided by an embodiment of the present application;
图5是本申请实施例提供的一种确定攻击路径的防护方案的装置结构示意图;5 is a schematic structural diagram of an apparatus for a protection solution for determining an attack path provided by an embodiment of the present application;
图6是本申请实施例提供的一种计算机设备的结构示意图。FIG. 6 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
具体实施方式Detailed ways
本申请实施例提供了一种确定攻击路径的防护方案的方法,该方法可以由计算机设备实现,其中,计算机设备可以为笔记本电脑(Laptop)、台式电脑、平板电脑(pad)、服务器等。在本申请实施例中,计算机设备可以自动选择出满足信息安全条件的攻击路径防护方案,保证了最终选择出的待使用防护方案的防护效果。另外,在选择出满足信息安全条件的攻击路径防护方案后,继续在满足信息安全条件的攻击路径防护方案中,自动选择满足防护成本条件的攻击路径防护方案,作为攻击路径最终的待使用防护方案。这样,最后选择出的待使用防护方案既可以满足一定的信息安全要求达到较好的防护效果,又可以一定程度上节省投入的防护成本。An embodiment of the present application provides a method for determining a protection solution for an attack path, and the method can be implemented by a computer device, where the computer device can be a laptop computer (Laptop), desktop computer, tablet computer (pad), server, or the like. In the embodiment of the present application, the computer device can automatically select an attack path protection scheme that satisfies the information security conditions, which ensures the protection effect of the finally selected protection scheme to be used. In addition, after selecting the attack path protection scheme that satisfies the information security conditions, continue to automatically select the attack path protection scheme that satisfies the protection cost condition among the attack path protection schemes that meet the information security conditions, as the final attack path protection scheme to be used . In this way, the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
上述攻击路径防护方案可以部署在网联汽车中,图1中示例性的示出了一种网联汽车电子电气架构图。在图1中,车载通信盒子(telematics box,T-Box)用于和外界进行通信,网关(gateway,GW)用于执行协议转换、数据交换等。除T-Box和GW以外的部分,可以包括动力域、底盘域、车身域、信息娱乐域和高级驾驶辅助系统(Advanced Driver Assistance System,ADAS)。每个域包括相应的域控制器(Domain Controller,DC)、控制器局域网络(Controller Area Network,CAN)以及至少一个电子控制单元(Electronic Control Unit,ECU)。The above attack path protection solution can be deployed in a connected car, and FIG. 1 exemplarily shows an electrical and electronic architecture diagram of a connected car. In Figure 1, a telematics box (T-Box) is used to communicate with the outside world, and a gateway (GW) is used to perform protocol conversion, data exchange, and the like. Parts other than T-Box and GW can include power domain, chassis domain, body domain, infotainment domain and advanced driver assistance system (Advanced Driver Assistance System, ADAS). Each domain includes a corresponding domain controller (Domain Controller, DC), a controller area network (Controller Area Network, CAN), and at least one electronic control unit (Electronic Control Unit, ECU).
在图1中,动力域包括DC1、动力总成控制器局域网络(Powertrain CAN,PT CAN)、ECU1、ECU2等,其中,ECU可以为发动机控制模块(Engine Control Module,ECM)、电池管理系统(Battery Management System,BMS)等。底盘域包括DC2、底盘控制器局域网络(Chassis CAN,CH CAN)、ECU3、ECU4等,其中,ECU可以为防抱死制动系统(Antilock Brake System,ABS)、车身电子稳定系统(Electronic Stability Program,ESP)等。车身域包括DC3、车身控制器局域网络(Body CAN)、车身控制模块(Body Control Module,BCM)ECU5、ECU6等,其中,ECU可以为胎压监测系统(Tire Pressure Monitoring System,TPMS)、全景式监控影像系统(Around View Monitor,AVM)等。信息娱乐域包括DC4、信息娱乐控制器局域网络(information CAN,info CAN)、ECU7、车载信息娱乐(In-Vehicle Infotainment,IVI)系统等,其中,ECU可以为组合仪表(Instrument Pack,IPK)等。In Figure 1, the power domain includes DC1, powertrain controller area network (Powertrain CAN, PT CAN), ECU1, ECU2, etc., where the ECU can be an engine control module (Engine Control Module, ECM), a battery management system ( Battery Management System, BMS), etc. The chassis domain includes DC2, chassis controller area network (Chassis CAN, CH CAN), ECU3, ECU4, etc. Among them, ECU can be anti-lock braking system (Antilock Brake System, ABS), body electronic stability system (Electronic Stability Program) , ESP) etc. The body domain includes DC3, body controller area network (Body CAN), body control module (Body Control Module, BCM) ECU5, ECU6, etc. Among them, the ECU can be a tire pressure monitoring system (Tire Pressure Monitoring System, TPMS), panoramic Surveillance imaging system (Around View Monitor, AVM), etc. The infotainment domain includes DC4, infotainment controller area network (information CAN, info CAN), ECU7, in-vehicle infotainment (In-Vehicle Infotainment, IVI) system, etc., where the ECU can be a combination instrument (Instrument Pack, IPK), etc. .
为了便于对本申请实施例理解,下面先对本申请中的攻击路径进行说明。To facilitate understanding of the embodiments of the present application, the attack paths in the present application are first described below.
从硬件层面来说,攻击路径为节点级攻击路径,从硬件中具体被攻击的主体来说,攻击路径为主体级攻击路径。From the hardware level, the attack path is the node-level attack path, and from the specific attacked subject in the hardware, the attack path is the subject-level attack path.
每个节点级攻击路径中包括至少一个节点,节点可以为网联汽车中的硬件模块,如T-Box、GW、DC、ECU等。例如,攻击目的是使车辆的远光灯开启,则对应的节点级攻击路径可以如图2所示,即先攻击T-Box,再攻击GW,再攻击车身域的DC,最后攻击控制远光灯的ECU。Each node-level attack path includes at least one node, and the node can be a hardware module in a connected car, such as T-Box, GW, DC, ECU, etc. For example, if the purpose of the attack is to turn on the high beam of the vehicle, the corresponding node-level attack path can be shown in Figure 2, that is, first attack the T-Box, then attack the GW, then attack the DC in the body domain, and finally attack the control high beam light ECU.
每个主体级攻击路径中包括至少一个主体,主体可以为节点中安装的应用程序、固件等。 攻击节点的本质为攻击节点中的主体。一个节点级攻击路径可能对应多个主体级攻击路径。Each subject-level attack path includes at least one subject, and the subject may be an application program, firmware, etc. installed in the node. The essence of the attack node is the subject in the attack node. A node-level attack path may correspond to multiple subject-level attack paths.
参见图3,示出了一种可能的节点级攻击路径和主体级攻击路径之间的关系。在图3中,示出了一个节点级攻击路径,该节点级攻击路径包括的节点依次为T-Box、GW、DC1、ECU1,其中,T-Box包括多个主体,在这多个主体中主体1和主体2为被攻击的主体,GW包括多个主体,在这多个主体中主体3和主体4为被攻击的主体,DC1包括多个主体,主体5和主体6为被攻击的主体,ECU1包括多个主体,在这多个主体中主体7为被攻击的主体。对应于该节点级攻击路径,图3还示出了三个主体级攻击路径,其中,第一个主体级攻击路径包括的主体依次为主体2、主体1、主体3、主体5、主体7,第二个主体级攻击路径包括的主体依次为主体1、主体4、主体6、主体7,第三个主体级攻击路径包括的主体依次为主体2、主体3、主体5、主体7。Referring to Figure 3, a relationship between a possible node-level attack path and an agent-level attack path is shown. In Figure 3, a node-level attack path is shown, and the nodes included in the node-level attack path are T-Box, GW, DC1, and ECU1 in sequence, wherein the T-Box includes multiple subjects, and among the multiple subjects Subject 1 and subject 2 are attacked subjects. GW includes multiple subjects. Among these multiple subjects, subject 3 and subject 4 are attacked subjects. DC1 includes multiple subjects, and subject 5 and subject 6 are attacked subjects. , ECU1 includes multiple subjects, among which subject 7 is the subject to be attacked. Corresponding to the node-level attack path, Figure 3 also shows three subject-level attack paths, wherein the first subject-level attack path includes subjects in sequence: subject 2, subject 1, subject 3, subject 5, and subject 7, The subjects included in the second subject-level attack path are subject 1, subject 4, subject 6, and subject 7, and the subjects included in the third subject-level attack path are subject 2, subject 3, subject 5, and subject 7 in order.
参见图4,本申请实施例提供了一种确定攻击路径防护方案的方法,该方法的处理流程可以包括如下步骤:Referring to FIG. 4 , an embodiment of the present application provides a method for determining an attack path protection scheme, and the processing flow of the method may include the following steps:
步骤401、在攻击路径的多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案。 Step 401 , among multiple attack path protection schemes of the attack path, determine an attack path protection scheme that satisfies the information security condition.
其中,攻击路径为高危攻击路径,即受到攻击后可能会对人身安全造成威胁的攻击路径。The attack path is a high-risk attack path, that is, an attack path that may threaten personal safety after being attacked.
在实施中,技术人员对于攻击路径可以给出多个攻击路径防护方案,每个攻击路径防护方案由至少一个主体防护措施组成。In implementation, the technician can provide multiple attack path protection schemes for the attack path, and each attack path protection scheme consists of at least one main protection measure.
对于攻击路径的每个主体可以对应至少一个主体防护措施,对攻击路径中各主体的主体防护措施进行组合,可以得到多个攻击路径防护方案。Each subject of the attack path may correspond to at least one subject protection measure, and by combining the subject protection measures of each subject in the attack path, multiple attack path protection schemes may be obtained.
如果一个攻击路径包括k个主体,第一个主体对应有n 1个主体防护措施,第二个主体对应有n 2-n 1个主体防护措施,第三个主体对应n 3-n 2个主体防护措施……第k个主体对应有n k-n k-1个主体防护措施。计算机设备可以建立一个待求解向量M,
Figure PCTCN2021084561-appb-000001
Figure PCTCN2021084561-appb-000002
If an attack path includes k subjects, the first subject corresponds to n 1 subject protection measures, the second subject corresponds to n 2 -n 1 subject protection measures, and the third subject corresponds to n 3 -n 2 subjects Protective measures... The k-th subject corresponds to n k -n k-1 subject protective measures. The computer equipment can establish a vector M to be solved,
Figure PCTCN2021084561-appb-000001
Figure PCTCN2021084561-appb-000002
在向量M中每个元素对应一个主体防护措施,其中,M 1
Figure PCTCN2021084561-appb-000003
的n 1个元素依次对应第一个主体的n 1个主体防护措施,
Figure PCTCN2021084561-appb-000004
Figure PCTCN2021084561-appb-000005
的n 2-n 1个元素依次对应第二个主体的n 2-n 1个主体防护措施,以此类推,
Figure PCTCN2021084561-appb-000006
Figure PCTCN2021084561-appb-000007
的n k-n k-1个元素依次对应第k个主体的n k-n k-1个主体防护措施。该向量M中的每个元素均为未知量,取值为0或1,当元素取值为0时,表示不实施该元素对应的主体防护措施,当元素取值为1时,表示实施该元素对应的主体防护措施,向量M的不同取值组合对应不同的攻击路径防护方案。下面通过举例对向量M和攻击路径防护方案之间的关系进行说明: Each element in vector M corresponds to a subject protection measure, where M 1 to
Figure PCTCN2021084561-appb-000003
The n 1 elements of , in turn, correspond to the n 1 subject protection measures of the first subject,
Figure PCTCN2021084561-appb-000004
arrive
Figure PCTCN2021084561-appb-000005
The n 2 -n 1 elements in turn correspond to the n 2 -n 1 body guards of the second body, and so on,
Figure PCTCN2021084561-appb-000006
arrive
Figure PCTCN2021084561-appb-000007
The n k -n k-1 elements of , in turn, correspond to the n k -n k-1 subject protection measures of the kth subject. Each element in the vector M is an unknown quantity and takes a value of 0 or 1. When the value of the element is 0, it means that the main protective measure corresponding to the element is not implemented. The main protection measures corresponding to the elements, and different value combinations of the vector M correspond to different attack path protection schemes. The relationship between the vector M and the attack path protection scheme is described below with an example:
例如,攻击路径包括两个主体,主体1和主体2,相应的,可以建立的待求解向量为:M=(M 1,M 2,M 3)。其中,第一个元素M 1和第二个元素M 2分别对应主体1的主体防护措施1和主体防护措施2,第三个元素M 3对应主体2的主体防护措施3。向量M所有可能的取值组合包括(0,0,0)、(0,0,1)、(0,1,0)、(0,1,1)、(1,0,0)、(1,0,1)、(1,1,0)和(1,1,1)。其中,取值组合(0,0,0)表示不对攻击路径实施攻击路径防护方案,取值组合(0,0,1)对应的攻击路径防护方案由主体防护措施3组成;取值组合(0,1,0)对应的攻击路径防护方案由主体防护措施2组成;取值组合(0,1,1)对应的攻击路径防护 方案由主体防护措施2和主体防护措施3组成;取值组合(1,0,0)对应的攻击路径防护方案仅由主体防护措施1组成;取值组合(1,0,1)对应的攻击路径防护方案由主体防护措施1和主体防护措施3组成;取值组合(1,1,0)对应的攻击路径防护方案由主体防护措施1和主体防护措施2组成;取值组合(1,1,1)对应的攻击路径防护方案由主体防护措施1、主体防护措施2和主体防护措施3组成。 For example, the attack path includes two subjects, subject 1 and subject 2. Correspondingly, the vector to be solved that can be established is: M=(M 1 , M 2 , M 3 ). The first element M 1 and the second element M 2 correspond to the main body protection measure 1 and the main body protection measure 2 of the main body 1 respectively, and the third element M 3 corresponds to the main body protection measure 3 of the main body 2 . All possible value combinations of vector M include (0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), ( 1, 0, 1), (1, 1, 0) and (1, 1, 1). Among them, the value combination (0, 0, 0) indicates that the attack path protection scheme is not implemented for the attack path, and the attack path protection scheme corresponding to the value combination (0, 0, 1) consists of the main protection measures 3; , 1, 0) corresponding to the attack path protection scheme consists of the main protection measure 2; the attack path protection scheme corresponding to the value combination (0, 1, 1) consists of the main protection measure 2 and the main protection measure 3; the value combination ( The attack path protection scheme corresponding to 1, 0, 0) consists only of the main protection measure 1; the attack path protection scheme corresponding to the value combination (1, 0, 1) is composed of the main protection measure 1 and the main protection measure 3; The attack path protection scheme corresponding to the combination (1, 1, 0) consists of the main protection measure 1 and the main protection measure 2; the attack path protection scheme corresponding to the value combination (1, 1, 1) consists of the main protection measure 1, the main protection measure Measure 2 and main body protection measure 3 are composed.
为了得到满足一定信息安全条件的攻击路径防护方案,基于每个主体防护措施对应的攻击概率和上述待求解的向量M,建立信息安全约束函数。具体的,信息安全约束函数可以如下:In order to obtain an attack path protection scheme that satisfies certain information security conditions, an information security constraint function is established based on the attack probability corresponding to each main protection measure and the vector M to be solved. Specifically, the information security constraint function can be as follows:
Figure PCTCN2021084561-appb-000008
Figure PCTCN2021084561-appb-000008
其中,k为待确定防护方案的攻击路径所包括的主体数量,P j为该攻击路径中的第j个主体对应的攻击概率,P max为技术人员给出的攻击概率阈值。此处需要说明的是,信息安全约束函数除上述形式外,还可以有其他形式,如
Figure PCTCN2021084561-appb-000009
其中,N为常数。 Among them, k is the number of subjects included in the attack path of the protection scheme to be determined, P j is the attack probability corresponding to the jth subject in the attack path, and P max is the attack probability threshold given by the technician. It should be noted here that the information security constraint function can have other forms besides the above forms, such as
Figure PCTCN2021084561-appb-000009
where N is a constant.
P j的计算方法可以如下: The calculation method of P j can be as follows:
如果
Figure PCTCN2021084561-appb-000010
则表示
Figure PCTCN2021084561-appb-000011
Figure PCTCN2021084561-appb-000012
取值均为0,即不对该第j个主体实施主体防护措施。在此情况下,P j=P j(*)。其中,P j(*)为该第j个主体不实施任何主体防护措施时的攻击概率,P j(*)取值可以由技术人员在确定出攻击路径后,根据风险评估计算得出。其中,攻击概率用于表示被攻击的可能性大小。 if
Figure PCTCN2021084561-appb-000010
means
Figure PCTCN2021084561-appb-000011
arrive
Figure PCTCN2021084561-appb-000012
The value is all 0, that is, the j-th subject is not subject to subject protection measures. In this case, P j =P j (*). Among them, P j (*) is the attack probability when the j th subject does not implement any subject protection measures, and the value of P j (*) can be calculated by the technical personnel according to the risk assessment after determining the attack path. Among them, the attack probability is used to represent the possibility of being attacked.
如果
Figure PCTCN2021084561-appb-000013
则表示
Figure PCTCN2021084561-appb-000014
Figure PCTCN2021084561-appb-000015
中有一个元素取值为1,其余元素取值均为0,即对该第j个主体实施取值为1的元素所对应的主体防护措施。在此情况下,P j等于
Figure PCTCN2021084561-appb-000016
中的最大值。其中,
Figure PCTCN2021084561-appb-000017
为第j个主体实施元素
Figure PCTCN2021084561-appb-000018
对应的主体防护措施后的攻击概率,以此类推,
Figure PCTCN2021084561-appb-000019
为第j个主体实施元素
Figure PCTCN2021084561-appb-000020
对应的主体防护措施后的攻击概率。 if
Figure PCTCN2021084561-appb-000013
means
Figure PCTCN2021084561-appb-000014
arrive
Figure PCTCN2021084561-appb-000015
One of the elements takes the value of 1, and the other elements take the value of 0, that is, the subject protection measures corresponding to the element with the value of 1 are implemented for the j-th subject. In this case, P j is equal to
Figure PCTCN2021084561-appb-000016
the maximum value in . in,
Figure PCTCN2021084561-appb-000017
implement element for the jth subject
Figure PCTCN2021084561-appb-000018
The attack probability after the corresponding subject protection measures, and so on,
Figure PCTCN2021084561-appb-000019
implement element for the jth subject
Figure PCTCN2021084561-appb-000020
The attack probability after the corresponding subject protection measures.
如果
Figure PCTCN2021084561-appb-000021
则表示
Figure PCTCN2021084561-appb-000022
Figure PCTCN2021084561-appb-000023
中有多个元素取值为1,则P j等于
Figure PCTCN2021084561-appb-000024
中的最小非零值。其中,
Figure PCTCN2021084561-appb-000025
为第j个主体实施元素
Figure PCTCN2021084561-appb-000026
对应的主体防护措施后的攻击概率,以此类推,
Figure PCTCN2021084561-appb-000027
为第j个主体实施元素
Figure PCTCN2021084561-appb-000028
对应的主体防护措施后的攻击概率。下面对
Figure PCTCN2021084561-appb-000029
的计算方法进行说明,其他主体防护措施的攻击概率计算方法与此相同在此不做赘述。 if
Figure PCTCN2021084561-appb-000021
means
Figure PCTCN2021084561-appb-000022
arrive
Figure PCTCN2021084561-appb-000023
If there are multiple elements with the value 1, then P j is equal to
Figure PCTCN2021084561-appb-000024
The smallest nonzero value in . in,
Figure PCTCN2021084561-appb-000025
implement element for the jth subject
Figure PCTCN2021084561-appb-000026
The attack probability after the corresponding subject protection measures, and so on,
Figure PCTCN2021084561-appb-000027
implement element for the jth subject
Figure PCTCN2021084561-appb-000028
The attack probability after the corresponding subject protection measures. the following pair
Figure PCTCN2021084561-appb-000029
The calculation method of the main body protection measures will be explained, and the attack probability calculation methods of other main protection measures are the same as this, and will not be repeated here.
Figure PCTCN2021084561-appb-000030
Figure PCTCN2021084561-appb-000030
其中,
Figure PCTCN2021084561-appb-000031
为第j个主体实施元素
Figure PCTCN2021084561-appb-000032
对应的主体防护措施后的攻击潜力因素量化值之和,F j max为攻击潜力因素量化值之和的最大值。
Figure PCTCN2021084561-appb-000033
和F j max由技术人员根据实验测试得到。 in,
Figure PCTCN2021084561-appb-000031
implement element for the jth subject
Figure PCTCN2021084561-appb-000032
The sum of the quantified values of the attack potential factors after the corresponding main protection measures, F j max is the maximum value of the sum of the quantified values of the attack potential factors.
Figure PCTCN2021084561-appb-000033
and F j max are obtained by technicians according to experimental tests.
此处还需要说明的是,在本申请中对同一主体实施多个不同主体防护措施时,所产生的防护效果仅为实施的多个主体防护措施中防护效果最好的主体防护措施的防护效果。It should also be noted here that when multiple different body protection measures are implemented on the same body in this application, the resulting protection effect is only the protection effect of the body protection measure with the best protection effect among the multiple body protection measures implemented. .
上述
Figure PCTCN2021084561-appb-000034
的计算方法可以由如下公式表示: the above
Figure PCTCN2021084561-appb-000034
The calculation method can be expressed by the following formula:
Figure PCTCN2021084561-appb-000035
Figure PCTCN2021084561-appb-000035
向上述信息安全约束函数中依次代入待求解的向量M的所有可能取值组合,并获取向量M的取值组合中使P(M)小于P max的目标取值组合。然后,获取目标取值组合中1对应的主体防护措施组成攻击路径防护方案,并将该攻击路径防护方案作为满足信息安全条件的攻击路径防护方案。下面列举一例进行说明: Substitute all possible value combinations of the vector M to be solved into the above information security constraint function in turn, and obtain the target value combination in which P(M) is less than Pmax among the value combinations of the vector M. Then, the main protection measures corresponding to 1 in the target value combination are obtained to form an attack path protection scheme, and the attack path protection scheme is used as an attack path protection scheme that satisfies the information security conditions. The following is an example to illustrate:
例如,攻击路径包括两个主体,主体1和主体2,向量M=(M 1,M 2,M 3)。其中,第一个元素M 1和第二个元素M 2分别对应主体1的主体防护措施1和主体防护措施2,第三个元素M 3对应主体2的主体防护措施3。向量M所有可能的取值组合包括(0,0,0)、(0,0,1)、(0,1,0)、(0,1,1)、(1,0,0)、(1,0,1)、(1,1,0)和(1,1,1)。将这八种取值组合依次代入信息安全约束函数中得到相应的P(M)。当取值组合(1,0,1)和(1,0,0)代入信息安全约束函数时,得到的P(M)均小于P max,那么,可以分别获取(1,0,1)和(1,0,0)对应的主体防护措施,组成两个攻击路径防护方案。具体的,对于取值组合(1,0,1),获取主体防护措施1和主体防护措施3,组成攻击路径防护方案,作为满足信息安全条件的攻击路径防护方案。对于取值组合(1,0,0),获取主体防护措施1,组成攻击路径防护方案,作为满足信息安全条件的攻击路径防护方案。 For example, the attack path includes two subjects, subject 1 and subject 2, and the vector M=(M 1 , M 2 , M 3 ). The first element M 1 and the second element M 2 correspond to the main body protection measure 1 and the main body protection measure 2 of the main body 1 respectively, and the third element M 3 corresponds to the main body protection measure 3 of the main body 2 . All possible value combinations of vector M include (0, 0, 0), (0, 0, 1), (0, 1, 0), (0, 1, 1), (1, 0, 0), ( 1, 0, 1), (1, 1, 0) and (1, 1, 1). Substitute these eight value combinations into the information security constraint function in turn to obtain the corresponding P(M). When the value combinations (1, 0, 1) and (1, 0, 0) are substituted into the information security constraint function, the obtained P(M) is all less than P max , then, (1, 0, 1) and (1, 0, 1) and The main protection measures corresponding to (1, 0, 0) constitute two attack path protection schemes. Specifically, for the value combination (1, 0, 1), the main protection measure 1 and the main protection measure 3 are obtained to form an attack path protection scheme as an attack path protection scheme that satisfies the information security conditions. For the value combination (1, 0, 0), the main protection measure 1 is obtained, and an attack path protection scheme is formed as an attack path protection scheme that satisfies the information security conditions.
步骤402、在满足信息安全条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为攻击路径的待使用防护方案。 Step 402 , in the attack path protection scheme satisfying the information security condition, determine the attack path protection scheme that satisfies the protection cost condition as the to-be-used protection scheme of the attack path.
在实施中,对于步骤401中确定出的满足信息安全条件的攻击路径防护方案,可以分别计算每个攻击路径防护方案对应的防护成本,并在其中选择满足防护成本条件的攻击路径防护方案。In implementation, for the attack path protection schemes that satisfy the information security conditions determined in step 401, the protection cost corresponding to each attack path protection scheme can be calculated separately, and an attack path protection scheme that satisfies the protection cost conditions can be selected among them.
在计算攻击路径防护方案对应的防护成本时,可以采用如下防护成本计算公式:When calculating the protection cost corresponding to the attack path protection scheme, the following protection cost calculation formula can be used:
Figure PCTCN2021084561-appb-000036
Figure PCTCN2021084561-appb-000036
其中,C(M)为攻击路径防护方案的防护成本,m为待确定防护方案的攻击路径的主体对应的主体防护措施的数量,m=n 1+n 2+n 3,M i为上述向量M的第i个元素,C i为M i对应的主体防护措施的防护成本,C i为已知量,可以由技术人员根据实际情况进行设置。 Among them, C(M) is the protection cost of the attack path protection scheme, m is the number of subject protection measures corresponding to the subject of the attack path of the protection scheme to be determined, m=n 1 +n 2 +n 3 , M i is the above vector The i-th element of M, C i is the protection cost of the main protection measures corresponding to M i , and C i is a known quantity, which can be set by technicians according to the actual situation.
将攻击路径防护方案对应的向量M的取值集合代入上述防护成本计算公式中,即可以得到该攻击路径防护方案的防护成本。By substituting the value set of the vector M corresponding to the attack path protection scheme into the above protection cost calculation formula, the protection cost of the attack path protection scheme can be obtained.
在计算出每个满足信息安全条件的攻击路径防护方案的防护成本后,确定对应的防护成本最小的攻击路径防护方案。如果对应的防护成本最小的攻击路径防护方案的数量为1,则将对应的防护成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。如果对应的防护成本最小的攻击路径防护方案的数量大于1,则在多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案,作为攻击路径的待使用防护方案。After calculating the protection cost of each attack path protection scheme that satisfies the information security conditions, the corresponding attack path protection scheme with the smallest protection cost is determined. If the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the smallest protection cost is greater than 1, among the multiple attack path protection schemes with the smallest protection cost, the corresponding attack path protection scheme with the smallest attack probability is determined as the protection scheme to be used for the attack path. .
在一种可能的实现方式中,在选择主体级攻击路径的待使用防护方案时,还可以将攻击路径防护方案的时间成本也作为约束条件。相应的,可以先确定出既满足信息安全条件又满 足时间成本条件的攻击路径防护方案。然后,在既满足信息安全条件又满足时间成本条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为攻击路径的待使用防护方案。In a possible implementation manner, when selecting the protection scheme to be used for the subject-level attack path, the time cost of the attack path protection scheme may also be used as a constraint condition. Correspondingly, an attack path protection scheme that satisfies both information security conditions and time cost conditions can be determined first. Then, among the attack path protection schemes that satisfy both the information security condition and the time cost condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
在实施中,在选择待使用防护方案时,可以基于每个主体防护措施对应的时间成本和上述待求解的向量M,建立时间成本约束函数,以实现对攻击路径的时间成本约束。具体的,时间成本约束函数可以如下:In implementation, when selecting the protection scheme to be used, a time cost constraint function can be established based on the time cost corresponding to each main protection measure and the vector M to be solved to realize the time cost constraint on the attack path. Specifically, the time cost constraint function can be as follows:
Figure PCTCN2021084561-appb-000037
Figure PCTCN2021084561-appb-000037
其中,m为待确定防护方案的攻击路径的主体对应的主体防护措施的数量,M i为上述向量M的第i个元素,D i为M i对应的主体防护措施的时间成本,D i为已知量,可以由技术人员通过实验测得,D max为时间成本阈值,D max为已知量,可以由技术人员根据实际需求进行设置。此处需要说明的是,时间成本约束函数除上述形式外,还可以有其他形式,如
Figure PCTCN2021084561-appb-000038
其中,N为常数。 Among them, m is the number of main body protection measures corresponding to the main body of the attack path of the protection scheme to be determined, M i is the ith element of the above vector M, D i is the time cost of the main body protection measures corresponding to M i , and D i is The known quantity can be measured by the technician through experiments, D max is the time cost threshold value, and D max is the known quantity, which can be set by the technician according to actual needs. It should be noted here that the time cost constraint function can have other forms besides the above forms, such as
Figure PCTCN2021084561-appb-000038
where N is a constant.
上述主体防护措施的时间成本用于表示对主体实施该主体防护措施的情况下报文通过该主体所属节点的时间,与该主体所属节点不实施主体防护措施的情况下报文通过该主体所属节点的时间之间的差值。The time cost of the above-mentioned subject protection measures is used to indicate the time for the packets to pass through the node to which the subject belongs when the subject protection measures are implemented on the subject, and the time for the packets to pass through the node to which the subject belongs when the subject protection measures are not implemented on the node to which the subject belongs. difference between the times.
向上述时间成本约束函数中依次代入待求解的向量M的所有可能取值组合,并获取向量M的取值组合中使D(M)小于D max的目标取值组合。然后,获取目标取值组合中1对应的主体防护措施组成攻击路径防护方案,并将该攻击路径防护方案作为满足时间成本条件的攻击路径防护方案。 Substitute all possible value combinations of the vector M to be solved into the above time cost constraint function in turn, and obtain the target value combination in which D(M) is less than Dmax among the value combinations of the vector M. Then, the main protection measures corresponding to 1 in the target value combination are obtained to form an attack path protection scheme, and the attack path protection scheme is used as an attack path protection scheme that satisfies the time cost condition.
在确定出满足信息安全条件的攻击路径防护方案,以及满足时间成本条件的攻击路径防护方案后,获取既满足信息安全条件又满足时间成本条件的攻击路径防护方案。After determining the attack path protection scheme that satisfies the information security condition and the attack path protection scheme that satisfies the time cost condition, the attack path protection scheme that satisfies both the information security condition and the time cost condition is obtained.
然后,通过上述防护成本计算公式计算既满足信息安全条件又满足时间成本条件的攻击路径防护方案的防护成本。Then, the protection cost of the attack path protection scheme satisfying both the information security condition and the time cost condition is calculated by the above protection cost calculation formula.
最后,在既满足信息安全条件又满足时间成本条件的攻击路径防护方案中,确定对应的防护成本最小的攻击路径防护方案。如果对应的防护成本最小的攻击路径防护方案的数量为1,则将对应的防护成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。如果对应的防护成本最小的攻击路径防护方案的数量大于1,则在多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案。Finally, among the attack path protection schemes that satisfy both the information security condition and the time cost condition, the corresponding attack path protection scheme with the smallest protection cost is determined. If the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the minimum protection cost is greater than 1, among the multiple attack path protection schemes with the minimum protection cost, the corresponding attack path protection scheme with the minimum attack probability is determined.
如果对应的攻击概率最小的攻击路径防护方案的数量为1,则将对应的攻击概率最小的攻击路径防护方案,作为攻击路径的待使用防护方案。如果对应的攻击概率最小的攻击路径防护方案的数量大于1,则在对应的攻击概率最小的攻击路径防护方案中,确定对应的时间成本最小的攻击路径防护方案。If the number of the corresponding attack path protection schemes with the smallest attack probability is 1, the corresponding attack path protection scheme with the smallest attack probability is used as the to-be-used protection scheme for the attack path. If the number of corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined.
如果上述对应的时间成本最小的攻击路径防护方案的数量为1,则将对应的时间成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。如果上述对应的时间成本最小的攻击路径防护方案的数量大于1,则可以向技术人员显示上述对应的时间成本最小的攻击路径防护方案,由技术人员选择其中一个攻击路径防护方案作为攻击路径的待使用防护方案。If the number of the corresponding attack path protection schemes with the minimum time cost is 1, the corresponding attack path protection scheme with the minimum time cost is used as the protection scheme to be used for the attack path. If the number of the corresponding attack path protection schemes with the minimum time cost is greater than 1, the above corresponding attack path protection schemes with the minimum time cost can be displayed to the technician, and the technician selects one of the attack path protection schemes as the waiting path of the attack path. Use protective schemes.
当然,如果上述对应的时间成本最小的攻击路径防护方案的数量大于1,还可以在上述 对应的时间成本最小的攻击路径防护方案中,随机选择出一个攻击路径防护方案作为攻击路径的待使用防护方案。Of course, if the number of the corresponding attack path protection schemes with the least time cost above is greater than 1, it is also possible to randomly select an attack path protection scheme from the above corresponding attack path protection schemes with the minimum time cost as the to-be-used protection scheme for the attack path. Program.
在选择出待使用防护方案后,技术人员可以将该待使用防护方案部署到指定车辆。另外,计算机设备还可以按照预设周期重新选择待使用防护方案,或者在技术人员更新信息安全条件或者防护成本条件后,重新选择待使用防护方案。After selecting the protection solution to be used, the technician can deploy the protection solution to be used to the designated vehicle. In addition, the computer device can also reselect the protection scheme to be used according to a preset cycle, or reselect the protection scheme to be used after the technician updates the information security conditions or protection cost conditions.
在本申请实施例中,对于攻击路径的多个攻击路径防护方案可以自动选择出满足信息安全条件的攻击路径防护方案,保证了最终选择出的待使用防护方案的防护效果。另外,本申请中在选择出满足信息安全条件的攻击路径防护方案后,继续在满足信息安全条件的攻击路径防护方案中,自动选择满足防护成本条件的攻击路径防护方案,作为攻击路径最终的待使用防护方案。这样,最后选择出的待使用防护方案既可以满足一定的信息安全要求达到较好的防护效果,又可以一定程度上节省投入的防护成本。In this embodiment of the present application, an attack path protection scheme that satisfies information security conditions can be automatically selected for multiple attack path protection schemes of an attack path, which ensures the protection effect of the finally selected protection scheme to be used. In addition, in this application, after selecting the attack path protection scheme that satisfies the information security conditions, the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path. Use protective schemes. In this way, the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
基于相同的技术构思,本申请实施例还提供了一种确定攻击路径的防护方案的装置,该装置可以为计算机设备,如图5所示,该装置包括组合模块510和计算模块520。Based on the same technical concept, an embodiment of the present application also provides an apparatus for determining a protection solution for an attack path. The apparatus may be computer equipment. As shown in FIG. 5 , the apparatus includes a combination module 510 and a calculation module 520 .
计算模块510,用于在多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案;具体的,该计算模块510用于执行上述步骤401和步骤402。The calculation module 510 is used for determining an attack path protection scheme that satisfies the information security conditions among the multiple attack path protection schemes; specifically, the calculation module 510 is used for executing the above steps 401 and 402 .
选择模块520,用于在满足信息安全条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为攻击路径的待使用防护方案。具体的,该选择模块520用于执行上述步骤403。The selection module 520 is configured to, among the attack path protection schemes satisfying the information security condition, determine the attack path protection scheme that satisfies the protection cost condition as the to-be-used protection scheme of the attack path. Specifically, the selection module 520 is configured to execute the above step 403 .
在一种可能的实现方式中,计算模块510,用于:In a possible implementation manner, the computing module 510 is used for:
在多个攻击路径防护方案中,确定满足信息安全条件且满足时间成本条件的攻击路径防护方案。Among the multiple attack path protection schemes, determine the attack path protection scheme that satisfies the information security conditions and satisfies the time cost conditions.
在一种可能的实现方式中,时间成本条件为攻击路径防护方案对应的时间成本小于预设时间成本阈值。In a possible implementation manner, the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
在一种可能的实现方式中,攻击路径防护方案对应的信息安全条件为对应的攻击概率小于预设攻击概率阈值。In a possible implementation manner, the information security condition corresponding to the attack path protection scheme is that the corresponding attack probability is less than a preset attack probability threshold.
在一种可能的实现方式中,选择模块520,用于:In a possible implementation, the selection module 520 is used to:
确定对应的防护成本最小的攻击路径防护方案;Determine the corresponding attack path protection scheme with the least protection cost;
在对应的防护成本最小的攻击路径防护方案的数量为1的情况下,将对应的防护成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案;或者,In the case where the number of corresponding attack path protection schemes with the smallest protection cost is 1, the corresponding attack path protection scheme with the smallest protection cost is used as the protection scheme to be used for the attack path; or,
在对应的防护成本最小的攻击路径防护方案的数量大于1的情况下,在多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案;When the number of the corresponding attack path protection schemes with the smallest protection cost is greater than 1, among the multiple attack path protection schemes with the smallest protection cost, determine the corresponding attack path protection scheme with the smallest attack probability;
在对应的攻击概率最小的攻击路径防护方案的数量为1的情况下,将对应的攻击概率最小的攻击路径防护方案,作为攻击路径的待使用防护方案;或者,When the number of corresponding attack path protection schemes with the smallest attack probability is 1, the corresponding attack path protection scheme with the smallest attack probability is used as the protection scheme to be used for the attack path; or,
在对应的攻击概率最小的攻击路径防护方案的数量大于1的情况下,在对应的攻击概率最小的攻击路径防护方案中,确定对应的时间成本最小的攻击路径防护方案,作为攻击路径的待使用防护方案。When the number of the corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the attack path to be used. protection plan.
在本申请实施例中,对于攻击路径的多个攻击路径防护方案可以自动选择出满足信息安全条件的攻击路径防护方案,保证了最终选择出的待使用防护方案的防护效果。另外,本申 请中在选择出满足信息安全条件的攻击路径防护方案后,继续在满足信息安全条件的攻击路径防护方案中,自动选择满足防护成本条件的攻击路径防护方案,作为攻击路径最终的待使用防护方案。这样,最后选择出的待使用防护方案既可以满足一定的信息安全要求达到较好的防护效果,又可以一定程度上节省投入的防护成本。In this embodiment of the present application, an attack path protection scheme that satisfies information security conditions can be automatically selected for multiple attack path protection schemes of an attack path, which ensures the protection effect of the finally selected protection scheme to be used. In addition, in this application, after selecting the attack path protection scheme that satisfies the information security conditions, the attack path protection scheme that satisfies the information security conditions is automatically selected from the attack path protection schemes that satisfy the information security conditions, and the attack path protection scheme that satisfies the protection cost condition is automatically selected as the final pending attack path. Use protective schemes. In this way, the finally selected protection scheme to be used can not only meet certain information security requirements to achieve a better protection effect, but also save the input protection cost to a certain extent.
需要说明的是:上述实施例提供的确定攻击路径的防护方案的装置在确定攻击路径的防护方案时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将计算机设备的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的确定攻击路径的防护方案的装置与确定攻击路径的防护方案的方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: when the device for determining the protection scheme of the attack path provided in the above embodiment determines the protection scheme of the attack path, only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be used as required. The allocation is completed by different functional modules, that is, the internal structure of the computer device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the apparatus for determining a protection solution for an attack path provided in the above embodiment and the method embodiment for determining a protection solution for an attack path belong to the same concept, and the specific implementation process is detailed in the method embodiment, which will not be repeated here.
参见图6,本申请实施例提供了一种计算机设备600示意图。该计算机设备600包括至少一个处理器601,内部连接602,存储器603以及至少一个收发器604。Referring to FIG. 6 , an embodiment of the present application provides a schematic diagram of a computer device 600 . The computer device 600 includes at least one processor 601 , internal connections 602 , memory 603 and at least one transceiver 604 .
该计算机设备600是一种硬件结构的装置,可以用于实现图5所示的装置中的功能模块。例如,本领域技术人员可以想到图5所示的装置中的计算模块510可以通过该至少一个处理器601调用存储器603中的代码来实现,选择模块520也可以通过该至少一个处理器601调用存储器603中的代码来实现。The computer device 600 is an apparatus with a hardware structure, which can be used to implement the functional modules in the apparatus shown in FIG. 5 . For example, those skilled in the art can think that the computing module 510 in the apparatus shown in FIG. 5 can be implemented by calling the code in the memory 603 through the at least one processor 601, and the selection module 520 can also call the memory through the at least one processor 601. 603 code to achieve.
可选的,上述处理器601可以是一个通用中央处理器(central processing unit,CPU),网络处理器(network processor,NP),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),或一个或多个用于控制本申请方案程序执行的集成电路。Optionally, the above-mentioned processor 601 may be a general-purpose central processing unit (central processing unit, CPU), network processor (network processor, NP), microprocessor, application-specific integrated circuit (application-specific integrated circuit, ASIC) , or one or more integrated circuits used to control the execution of the program of this application.
上述内部连接602可包括一通路,在上述组件之间传送信息。可选的,内部连接602为单板或总线等。The internal connection 602 described above may include a path to transfer information between the above described components. Optionally, the internal connection 602 is a single board or a bus or the like.
上述收发器604,用于与其他设备或通信网络通信。The above transceiver 604 is used to communicate with other devices or communication networks.
上述存储器603可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。存储器可以是独立存在,通过总线与处理器相连接。存储器也可以和处理器集成在一起。The above-mentioned memory 603 can be a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, a random access memory (random access memory, RAM) or other types of storage devices that can store information and instructions. Types of dynamic storage devices, which can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM), or other optical storage, CD-ROM storage (including compact discs, laser discs, compact discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being accessed by Any other medium accessed by the computer, but not limited to this. The memory can exist independently and be connected to the processor through a bus. The memory can also be integrated with the processor.
其中,存储器603用于存储执行本申请方案的应用程序代码,并由处理器601来控制执行。处理器601用于执行存储器603中存储的应用程序代码,以及配合至少一个收发器604,从而使得该计算机设备600实现本申请中的功能。Wherein, the memory 603 is used for storing the application code for executing the solution of the present application, and the execution is controlled by the processor 601 . The processor 601 is configured to execute the application program code stored in the memory 603, and cooperate with at least one transceiver 604, so that the computer device 600 realizes the functions in the present application.
在具体实现中,作为一种实施例,处理器601可以包括一个或多个CPU,例如图6中的CPU0和CPU1。In a specific implementation, as an embodiment, the processor 601 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 6 .
在具体实现中,作为一种实施例,该计算机设备600可以包括多个处理器。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的 处理核。In a specific implementation, as an embodiment, the computer device 600 may include multiple processors. Each of these processors can be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data, such as computer program instructions.
本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令或程序,指令或程序由处理器加载并执行,以实现本申请实施例提供的确定攻击路径的防护方案的方法。Embodiments of the present application further provide a computer-readable storage medium, where instructions or programs are stored in the computer-readable storage medium, and the instructions or programs are loaded and executed by a processor to implement the attack path determination method provided by the embodiments of the present application. method of protection.
本申请实施例还提供了一种计算机程序产品,该计算机程序产品中包括指令,指令由处理器加载并执行,以实现本申请实施例提供的确定攻击路径的防护方案的方法。Embodiments of the present application also provide a computer program product, the computer program product includes instructions, and the instructions are loaded and executed by a processor to implement the method for determining a protection solution for an attack path provided by the embodiments of the present application.
本申请实施例还提供了一种芯片系统,该芯片系统包括至少一个处理器,用于支持实现上述确定攻击路径的防护方案的方法所涉及的功能,例如处理上述方法中所涉及的数据和/或信息。An embodiment of the present application further provides a chip system, where the chip system includes at least one processor for supporting the functions involved in implementing the above method for determining a protection solution for an attack path, such as processing data involved in the above method and/or or information.
在一种可能的设计中,芯片系统还包括存储器,存储器用于保存程序指令和数据,存储器位于处理器之内或处理器之外。该芯片系统,可以由芯片构成,也可以包含芯片和其他分立器件。In one possible design, the system-on-a-chip further includes a memory for storing program instructions and data, and the memory is located inside the processor or outside the processor. The chip system may be composed of chips, or may include chips and other discrete devices.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现,当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。计算机程序产品包括一个或多个计算机指令,在设备上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴光缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是设备能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(如软盘、硬盘和磁带等),也可以是光介质(如数字视盘(Digital Video Disk,DVD)等),或者半导体介质(如固态硬盘等)。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof, and when implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions, and when the computer program instructions are loaded and executed on a device, all or part of the processes or functions described in the embodiments of the present application are generated. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, from a website site, computer, server, or data center over a wired connection. (eg coaxial cable, optical fiber, digital subscriber line) or wireless (eg infrared, wireless, microwave, etc.) means to another website site, computer, server or data center. The computer-readable storage medium may be any available medium that the device can access, or a data storage device such as a server, data center, or the like that includes an integration of one or more available media. The usable medium may be a magnetic medium (such as a floppy disk, a hard disk, and a magnetic tape, etc.), an optical medium (such as a digital video disk (Digital Video Disk, DVD), etc.), or a semiconductor medium (such as a solid-state disk, etc.).
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above embodiments can be completed by hardware, or can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium. The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, etc.
以上所述仅为本申请的实施例,并不用以限制本申请,凡在本申请原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only examples of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the principles of the present application should be included within the protection scope of the present application.

Claims (15)

  1. 一种确定攻击路径的防护方案的方法,其特征在于,所述方法包括:A method for determining a protection scheme for an attack path, characterized in that the method comprises:
    在攻击路径对应的多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案;Among the multiple attack path protection schemes corresponding to the attack path, determine the attack path protection scheme that satisfies the information security conditions;
    在满足所述信息安全条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为所述攻击路径的待使用防护方案。In the attack path protection scheme that satisfies the information security condition, the attack path protection scheme that satisfies the protection cost condition is determined as the to-be-used protection scheme of the attack path.
  2. 根据权利要求1所述的方法,其特征在于,所述在攻击路径对应的多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案,包括:The method according to claim 1, wherein, among the multiple attack path protection schemes corresponding to the attack path, determining the attack path protection scheme that satisfies the information security conditions, comprising:
    在攻击路径对应的多个攻击路径防护方案中,确定满足信息安全条件且满足时间成本条件的攻击路径防护方案。Among the multiple attack path protection schemes corresponding to the attack path, an attack path protection scheme that satisfies the information security condition and the time cost condition is determined.
  3. 根据权利要求2所述的方法,其特征在于,所述时间成本条件为攻击路径防护方案对应的时间成本小于预设时间成本阈值。The method according to claim 2, wherein the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
  4. 根据权利要求1-3中任一项所述的方法,其特征在于,所述信息安全条件为攻击路径防护方案对应的攻击概率小于预设攻击概率阈值。The method according to any one of claims 1-3, wherein the information security condition is that the attack probability corresponding to the attack path protection scheme is less than a preset attack probability threshold.
  5. 根据权利要求1-4中任一项所述的方法,其特征在于,所述确定满足防护成本条件的攻击路径防护方案,作为所述攻击路径的待使用防护方案,包括:The method according to any one of claims 1-4, wherein the determining the attack path protection scheme that satisfies the protection cost condition, as the to-be-used protection scheme of the attack path, comprises:
    确定对应的防护成本最小的攻击路径防护方案;Determine the corresponding attack path protection scheme with the least protection cost;
    在所述对应的防护成本最小的攻击路径防护方案的数量为1的情况下,将所述对应的防护成本最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案;或者,In the case where the number of the corresponding attack path protection schemes with the minimum protection cost is 1, the corresponding attack path protection scheme with the minimum protection cost is used as the protection scheme to be used for the attack path; or,
    在所述对应的防护成本最小的攻击路径防护方案的数量大于1的情况下,在所述多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案;In the case where the number of the corresponding attack path protection schemes with the minimum protection cost is greater than 1, among the plurality of attack path protection schemes with the minimum protection cost, determine the corresponding attack path protection scheme with the minimum attack probability;
    在所述对应的攻击概率最小的攻击路径防护方案的数量为1的情况下,将所述对应的攻击概率最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案;或者,When the number of the corresponding attack path protection schemes with the smallest attack probability is 1, the corresponding attack path protection scheme with the smallest attack probability is used as the protection scheme to be used for the attack path; or,
    在所述对应的攻击概率最小的攻击路径防护方案的数量大于1的情况下,在所述对应的攻击概率最小的攻击路径防护方案中,确定对应的时间成本最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案。When the number of the corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the The protection scheme to be used for the attack path described above.
  6. 一种确定攻击路径的防护方案的装置,其特征在于,所述装置包括:A device for determining a protection scheme for an attack path, characterized in that the device comprises:
    计算模块,用于在所述多个攻击路径防护方案中,确定满足信息安全条件的攻击路径防护方案;a computing module, configured to determine, among the multiple attack path protection schemes, an attack path protection scheme that satisfies information security conditions;
    选择模块,用于在满足所述信息安全条件的攻击路径防护方案中,确定满足防护成本条件的攻击路径防护方案,作为所述攻击路径的待使用防护方案。The selection module is configured to determine, among the attack path protection schemes that satisfy the information security condition, an attack path protection scheme that satisfies the protection cost condition, as the to-be-used protection scheme of the attack path.
  7. 根据权利要求6所述的装置,其特征在于,所述计算模块,用于:The device according to claim 6, wherein the computing module is configured to:
    在所述多个攻击路径防护方案中,确定满足信息安全条件且满足时间成本条件的攻击路径防护方案。Among the multiple attack path protection schemes, an attack path protection scheme that satisfies the information security condition and satisfies the time cost condition is determined.
  8. 根据权利要求7所述的装置,其特征在于,所述时间成本条件为攻击路径防护方案对应的时间成本小于预设时间成本阈值。The device according to claim 7, wherein the time cost condition is that the time cost corresponding to the attack path protection scheme is less than a preset time cost threshold.
  9. 根据权利要求6-8中任一项所述的装置,其特征在于,所述信息安全条件为攻击路径防护方案对应的攻击概率小于预设攻击概率阈值。The device according to any one of claims 6-8, wherein the information security condition is that the attack probability corresponding to the attack path protection scheme is less than a preset attack probability threshold.
  10. 根据权利要求6-9中任一项所述的装置,其特征在于,所述选择模块,用于:The device according to any one of claims 6-9, wherein the selection module is configured to:
    确定对应的防护成本最小的攻击路径防护方案;Determine the corresponding attack path protection scheme with the least protection cost;
    在所述对应的防护成本最小的攻击路径防护方案的数量为1的情况下,将所述对应的防护成本最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案;或者,In the case where the number of the corresponding attack path protection schemes with the minimum protection cost is 1, the corresponding attack path protection scheme with the minimum protection cost is used as the protection scheme to be used for the attack path; or,
    在所述对应的防护成本最小的攻击路径防护方案的数量大于1的情况下,在所述多个防护成本最小的攻击路径防护方案中,确定对应的攻击概率最小的攻击路径防护方案;In the case where the number of the corresponding attack path protection schemes with the minimum protection cost is greater than 1, among the plurality of attack path protection schemes with the minimum protection cost, determine the corresponding attack path protection scheme with the minimum attack probability;
    在所述对应的攻击概率最小的攻击路径防护方案的数量为1的情况下,将所述对应的攻击概率最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案;或者,When the number of the corresponding attack path protection schemes with the smallest attack probability is 1, the corresponding attack path protection scheme with the smallest attack probability is used as the protection scheme to be used for the attack path; or,
    在所述对应的攻击概率最小的攻击路径防护方案的数量大于1的情况下,在所述对应的攻击概率最小的攻击路径防护方案中,确定对应的时间成本最小的攻击路径防护方案,作为所述攻击路径的待使用防护方案。In the case where the number of the corresponding attack path protection schemes with the smallest attack probability is greater than 1, among the corresponding attack path protection schemes with the smallest attack probability, the corresponding attack path protection scheme with the smallest time cost is determined as the The protection scheme to be used for the attack path described above.
  11. 一种计算机设备,其特征在于,所述计算机设备包括处理器和存储器,其中:A computer device, characterized in that the computer device includes a processor and a memory, wherein:
    所述存储器存储指令,所述处理器执行所述指令,以实现如权利要求1至5中任一项所述的确定攻击路径的防护方案的方法。The memory stores instructions that are executed by the processor to implement the method of determining a protection scheme for an attack path as claimed in any one of claims 1 to 5.
  12. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,所述指令由处理器加载并执行,以实现如权利要求1至5中任一项所述的确定攻击路径的防护方案的方法。A computer-readable storage medium, wherein instructions are stored in the computer-readable storage medium, and the instructions are loaded and executed by a processor to realize the determination according to any one of claims 1 to 5 Method of attack path protection scheme.
  13. 一种芯片系统,其特征在于,所述芯片系统包括至少一个处理器,所述处理器用于支持实现如权利要求1至5中任一项所述的确定攻击路径的防护方案的方法。A chip system, characterized in that, the chip system includes at least one processor, and the processor is configured to support the method for implementing the protection scheme for determining an attack path according to any one of claims 1 to 5.
  14. 根据权利要求13所述的芯片系统,其特征在于,所述芯片系统还包括存储器,所述存储器用于保存程序指令和数据,所述存储器位于所述处理器之内或所述处理器之外。The chip system according to claim 13, wherein the chip system further comprises a memory for storing program instructions and data, and the memory is located inside the processor or outside the processor .
  15. 一种计算机程序产品,其特征在于,所述计算机程序产品中包括有指令,所述指令由处理器加载并执行,以实现如权利要求1至5中任一项所述的确定攻击路径的防护方案的方法。A computer program product, characterized in that the computer program product includes instructions, and the instructions are loaded and executed by a processor, so as to realize the protection for determining an attack path according to any one of claims 1 to 5 method of the program.
PCT/CN2021/084561 2021-03-31 2021-03-31 Method and apparatus for determining protection plan of attack path WO2022205132A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202180001195.XA CN113228713B (en) 2021-03-31 2021-03-31 Method and device for determining protection scheme of attack path
PCT/CN2021/084561 WO2022205132A1 (en) 2021-03-31 2021-03-31 Method and apparatus for determining protection plan of attack path

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/084561 WO2022205132A1 (en) 2021-03-31 2021-03-31 Method and apparatus for determining protection plan of attack path

Publications (1)

Publication Number Publication Date
WO2022205132A1 true WO2022205132A1 (en) 2022-10-06

Family

ID=77081259

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/084561 WO2022205132A1 (en) 2021-03-31 2021-03-31 Method and apparatus for determining protection plan of attack path

Country Status (2)

Country Link
CN (1) CN113228713B (en)
WO (1) WO2022205132A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681338A (en) * 2016-03-04 2016-06-15 西北大学 Vulnerability exploiting success probability calculation method and network security risk management method
CN109146240A (en) * 2018-07-03 2019-01-04 北京航空航天大学 A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle
CN109302380A (en) * 2018-08-15 2019-02-01 全球能源互联网研究院有限公司 A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system
CN110233845A (en) * 2019-06-13 2019-09-13 中国科学院信息工程研究所 Intrusion response measure determines method and device
US20200097663A1 (en) * 2018-09-26 2020-03-26 Clarion Co., Ltd. Vulnerability evaluation apparatus, vulnerability evaluation system, and vulnerability evaluation method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3490223B1 (en) * 2017-11-24 2020-04-15 Bayerische Motoren Werke Aktiengesellschaft System and method for simulating and foiling attacks on a vehicle on-board network
CN109117637A (en) * 2018-07-03 2019-01-01 北京航空航天大学 Intelligent network connection information of vehicles security incident probability of happening appraisal procedure and system based on Attack Tree
CN110191083B (en) * 2019-03-20 2020-09-25 中国科学院信息工程研究所 Security defense method and device for advanced persistent threat and electronic equipment
EP3783514A1 (en) * 2019-08-21 2021-02-24 Seculting SA A system and a method for automated cyber-security risk control
CN111277561B (en) * 2019-12-27 2022-05-24 北京威努特技术有限公司 Network attack path prediction method and device and security management platform

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681338A (en) * 2016-03-04 2016-06-15 西北大学 Vulnerability exploiting success probability calculation method and network security risk management method
CN109146240A (en) * 2018-07-03 2019-01-04 北京航空航天大学 A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle
CN109302380A (en) * 2018-08-15 2019-02-01 全球能源互联网研究院有限公司 A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system
US20200097663A1 (en) * 2018-09-26 2020-03-26 Clarion Co., Ltd. Vulnerability evaluation apparatus, vulnerability evaluation system, and vulnerability evaluation method
CN110233845A (en) * 2019-06-13 2019-09-13 中国科学院信息工程研究所 Intrusion response measure determines method and device

Also Published As

Publication number Publication date
CN113228713B (en) 2022-09-16
CN113228713A (en) 2021-08-06

Similar Documents

Publication Publication Date Title
WO2022061843A1 (en) Vehicle upgrading method and apparatus
US10127093B1 (en) Method and apparatus for monitoring a message transmission frequency in a robot operating system
WO2020098663A1 (en) Method and device for internet of vehicles message notification
CN109361547B (en) Network slice link deployment method and device
CN105991596A (en) Access control method and system
WO2022267725A1 (en) Debugging method and apparatus for vehicle controller
WO2022205132A1 (en) Method and apparatus for determining protection plan of attack path
CN113612839A (en) Method and device for determining driving task calculation terminal and computer equipment
CN112711468B (en) Method and system for monitoring fog computing network resources and managing tasks based on block chain
US20220278944A1 (en) Method for allocating resources of a network infrastructure
CN112019382B (en) Health assessment method, system and device of cloud computing management platform
CN113329053A (en) 5G network virtual mapping method and device based on power service characteristics
CN115794423B (en) Intelligent machine room management method and device, electronic equipment and storage medium
WO2022205122A1 (en) Method and apparatus for determining defense scheme, device, and computer-readable storage medium
CN112217634A (en) Authentication method, equipment and system applied to intelligent vehicle
CN111833608B (en) Road condition information processing method and device
CN115436825A (en) Method, device and equipment for detecting abnormal state of single battery cell and storage medium
CN113778685A (en) Unloading method for urban gas pipe network edge computing system
CN110677466A (en) Application program downloading method, device, gateway and storage medium
CN113300966A (en) Flow control method, device and system and electronic equipment
CN111414200A (en) Method and device for installing operating system, electronic equipment and computer readable medium
CN112118275A (en) Overload processing method, Internet of things platform and computer readable storage medium
CN111126667B (en) Vehicle task unloading and resource allocation method and system based on active topology optimization
CN110808894B (en) Data transmission method and device based on CAN bus
CN116033021B (en) Containerized application network access method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21933800

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21933800

Country of ref document: EP

Kind code of ref document: A1