WO2023135652A1 - Abnormality determination device, abnormality determination method, and abnormality determination program - Google Patents

Abnormality determination device, abnormality determination method, and abnormality determination program Download PDF

Info

Publication number
WO2023135652A1
WO2023135652A1 PCT/JP2022/000591 JP2022000591W WO2023135652A1 WO 2023135652 A1 WO2023135652 A1 WO 2023135652A1 JP 2022000591 W JP2022000591 W JP 2022000591W WO 2023135652 A1 WO2023135652 A1 WO 2023135652A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
abnormality determination
predetermined parameter
abnormality
charge
Prior art date
Application number
PCT/JP2022/000591
Other languages
French (fr)
Japanese (ja)
Inventor
弘樹 長山
幸雄 永渕
麻美 宮島
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/000591 priority Critical patent/WO2023135652A1/en
Priority to JP2023573523A priority patent/JPWO2023135652A1/ja
Publication of WO2023135652A1 publication Critical patent/WO2023135652A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/60Monitoring or controlling charging stations
    • B60L53/66Data transfer between charging stations and vehicles
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J7/00Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J7/00Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
    • H02J7/02Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries for charging batteries from ac mains by converters

Definitions

  • the present invention relates to an abnormality determination device, an abnormality determination method, and an abnormality determination program.
  • the charging process of an electric vehicle is carried out between the electric vehicle and the charger through two types of lines: a power line and a digital communication line. That is, charging via the power line is controlled by charge control communication via the digital communication line.
  • intrusion detection technology for charging control communication is expected.
  • rule-based intrusion detection technology with less over-detection is expected more than learning-based intrusion detection technology with more over-detection.
  • Non-Patent Document 1 In addition, in in-vehicle networks (CAN, Control Area Network), intrusion detection technology that uses detection rules created based on application layer protocol specifications that support general CAN applications is known (see Non-Patent Document 1). .
  • the present invention has been made in view of the above, and it is an object of the present invention to perform intrusion detection using detection rules for charging control communication.
  • an abnormality determination device includes a storage unit that stores a rule for a predetermined parameter in charge control communication during normal operation, and a predetermined parameter based on a message of the charge control communication.
  • the present invention is characterized by comprising an extraction unit for extracting parameter values, and a determination unit for determining abnormality when the extracted parameters deviate from the rules.
  • FIG. 1 is a diagram for explaining an outline of an abnormality determination device according to this embodiment.
  • FIG. 2 is a diagram for explaining the connection form of the abnormality determination device.
  • FIG. 3 is a schematic diagram illustrating a schematic configuration of the abnormality determination device.
  • FIG. 4 is a flowchart showing an abnormality determination processing procedure.
  • FIG. 5 is a diagram showing an example of a computer that executes an abnormality determination program.
  • FIG. 1 is a diagram for explaining an outline of an abnormality determination device according to this embodiment.
  • an electric vehicle (EV) 1 and a charger 2 are interconnected by a power line and a digital communication line. charging is controlled by
  • the abnormality determination device 10 of the present embodiment is based on specifications related to the state of charge such as "initialization”, “connection confirmation”, “charging”, and “end processing” in the charging control protocol of the charging control communication. is extracted and preset as a detection rule. For example, as exemplified in FIG. 1, detection rules such as “in 'initialization', the current request must be 0 or less", and 'in 'charging', the physical connection flag must be 'connected'' are set.
  • the abnormality determination device 10 interprets and observes the charging control communication between the charging control units of the EV 1 and the charger 2 up to the application layer of the charging control protocol, detects communication that deviates from the detection rule, and determines that it is abnormal. do. As a result, the abnormality determination device 10 can detect an attack by inserting an unauthorized message into charging control communication, and prevent forced interruption of the charging process, control malfunction, and the like.
  • FIG. 2 is a diagram for explaining the connection form of the abnormality determination device.
  • the abnormality determination device 10 may be connected to the CAN bus on the EV1 side as illustrated in FIG. 2(1) as an IDS (Intrusion Detection System) that only detects attacks. As illustrated in (2), it may be connected to the CAN bus on the charger 2 side.
  • IDS Intrusion Detection System
  • the abnormality determination device 10 may be installed on the CAN bus on the EV1 side as an IPS (Intrusion Prevention System) that detects and defends against attacks, as illustrated in FIG. 2(3).
  • IPS Intrusion Prevention System
  • FIG. 2(4) it may be installed on the CAN bus on the charger 2 side.
  • FIG. 3 is a schematic diagram illustrating a schematic configuration of the abnormality determination device.
  • the abnormality determination device 10 of the present embodiment is implemented by a general-purpose computer such as a personal computer, and includes an input unit 11, an output unit 12, a communication control unit 13, a storage unit 14, and a control unit 15. .
  • the input unit 11 is implemented using input devices such as a keyboard and a mouse, and inputs various instruction information such as processing start to the control unit 15 in response to input operations by the operator.
  • the output unit 12 is implemented by a display device such as a liquid crystal display, a printer, or the like. For example, the output unit 12 displays the result of abnormality determination processing, which will be described later.
  • the communication control unit 13 is realized by a NIC (Network Interface Card) or the like, and controls communication between an external device and the control unit 15 via an electrical communication line such as a LAN (Local Area Network) or the Internet.
  • the communication control unit 13 controls communication between the control unit 15 and the EV 1, the charger 2, a management device of the security operation center, and the like in the abnormality determination process to be described later.
  • the storage unit 14 is implemented by semiconductor memory devices such as RAM (Random Access Memory) and flash memory, or storage devices such as hard disks and optical disks.
  • the storage unit 14 pre-stores a processing program for operating the abnormality determination device 10, data used during execution of the processing program, or the like, or temporarily stores each processing.
  • the storage unit 14 may be configured to communicate with the control unit 15 via the communication control unit 13 .
  • the storage unit 14 stores a rule 14a, a state determination table 14b, and the like, which are used in the abnormality determination process described later.
  • the rule 14a is a normal rule regarding a predetermined parameter in charge control communication, and corresponds to the detection rule described above.
  • the rule 14a is defined by the relationship between the latest predetermined parameter value and the past predetermined parameter value.
  • the rule 14a is defined by the range of possible values of a predetermined parameter defined for each state of charge.
  • the control unit 15 is implemented using a CPU (Central Processing Unit) or the like, and executes a processing program stored in memory. Thereby, the control unit 15 functions as an extraction unit 15a, a state determination unit 15b, a determination unit 15c, and a handling unit 15d, as illustrated in FIG.
  • a CPU Central Processing Unit
  • the control unit 15 functions as an extraction unit 15a, a state determination unit 15b, a determination unit 15c, and a handling unit 15d, as illustrated in FIG.
  • these functional units may be implemented in different hardware, respectively or partially.
  • the state determination unit 15b may be implemented in a device different from other functional units.
  • the control unit 15 may include other functional units.
  • the extraction unit 15a extracts the value of a predetermined parameter from the charging control communication message. Specifically, the extraction unit 15a monitors the charging control communication message and extracts the value of a predetermined parameter.
  • the extraction unit 15a monitors messages conforming to the CHAdeMO (IEC61851-23, 24) protocol or messages conforming to the COMBO (ISO15118) protocol as charging control communication messages.
  • the extraction unit 15a extracts at least one of the spec value, the control value, and the state flag as a predetermined parameter. For example, the extraction unit 15a extracts a spec value, a control value, a state flag, etc. from the fields of the charge control message based on the specifications of CHAdeMO, COMBO, or the like.
  • the specification value is a parameter indicating the performance of the EV 1 and charger 2 exchanged to determine charging settings.
  • the spec values are the battery capacity value of the EV 1, the maximum battery voltage value, and the like, and the outputtable voltage value and the outputtable current value of the charger 2, and the like.
  • a control value is a parameter indicating a command value or a response value for controlling voltage, current, etc. related to charging.
  • the control values are the required voltage value, required current value, remaining battery capacity, etc. on the EV 1 side, and the voltage response value, current response value, remaining charging time, etc. on the charger 2 side.
  • the state flag is a parameter that indicates the state of charge and is used to transition the state of charge.
  • the status flags include a charging permission status flag, a shift lever status flag, a charging connector connection status flag, etc. on the EV1 side, and an output voltage compatibility flag between the EV battery and the charger on the charger 2 side.
  • the charging state includes, for example, "CAN communication started”, “chargeable flag received”, “insulation test, connector locked”, “charging plug connection completed”, “charging started”, “charging stop request received”. , “Wait for current drop”, “Unlock connector”, and the like.
  • the state determination unit 15b refers to the state flag among the extracted parameters to determine the state of charge.
  • the storage unit 14 stores a state determination table 14b in advance.
  • the state determination table 14b is information indicating combinations of charging states such as charging plug connection completion and charging start described in protocol specifications such as CHAdeMO and COMBO, and values of state flags for transitioning to the charging states. is. Then, the state determination unit 15b identifies the state of charge corresponding to the value of the extracted state flag in the state determination table 14b, and determines that the state at the time point is the identified state of charge.
  • the state determination unit 15b determines, for example, the charging state of the message to be monitored. Further, the determining unit 15c associates the charging state with the parameter values such as the specification value, the control value, and the state flag, and accumulates them in the storage unit 14 for the past normal charging control communication messages.
  • the rule 14a expresses the relationship between the latest predetermined parameter value and the past parameter value
  • the accumulated past parameter value is referred to by the later-described determination unit 15c.
  • the determination unit 15c determines that there is an abnormality when the value of the extracted predetermined parameter deviates from the rule 14a. Specifically, the determination unit 15c determines, as the rule 14a, the relationship between the latest predetermined parameter value and the past predetermined parameter value, or the range of possible values of the predetermined parameter defined for each state of charge. to determine whether the extracted parameter value is abnormal.
  • the determination unit 15c determines whether or not at least one of the spec value, control value, and state flag is abnormal. Further, the determination unit 15c may identify the cause of abnormality including the parameter determined to be abnormal, its value, and the rule used as the basis for the determination of abnormality among the rules 14a.
  • the determination unit 15c may determine whether or not charging should be interrupted. For example, the determination unit 15c determines that charging interruption is necessary when an input of a control value significantly larger than the specification value is detected, such as input of a required current value of 20A for an outputtable current value of 10A. do.
  • the determination unit 15c uses the relationship between the latest predetermined parameter value and the past predetermined parameter value as the rule 14a to determine that the spec value included in the latest message is one before. If it differs from the specification value of , it is judged to be abnormal. This is because the specification value is unique to the hardware or set at the start of charging, and therefore, a change in the value during charging is highly likely to be an attack or a failure.
  • the rule 14a in this case may, for example, stipulate that the latest spec value and the spec value one before are the same.
  • the determination unit 15c refers to the range of possible values of a predetermined parameter defined for each state of charge as the rule 14a, and determines that the latest control value is a value that the current state of charge can take. If it deviates from the range of , it is judged to be abnormal. For example, if an input of a required current value greater than 0 is detected before entering the "charging start” state, it is determined to be abnormal.
  • the rule 14a includes, for example, "charging status” such as "CAN communication start”, “chargeable flag received”, “insulation test, connector locked”, “charging plug connection complete”, “charging start”. It is sufficient if the range of possible values of the required current value is defined as 0 or less for each state of charge before "start”.
  • the determination unit 15c determines whether or not the control value is abnormal by referring to the relationship between the latest predetermined parameter value and the past predetermined parameter value as the rule 14a. For example, the determination unit 15c determines that there is an abnormality when the difference between the latest control value and the previous predetermined spec value is greater than or equal to a predetermined threshold value.
  • the predetermined threshold can be appropriately set as a percentage, an absolute value, or the like.
  • the determination unit 15c may refer to a plurality of types of specification values such as the upper limit value of the output current, the maximum value of the output voltage, and the battery capacity as the previous specification value to determine whether or not there is an abnormality. good.
  • the rule 14a stipulates that the difference between the latest requested current value from the EV 1 side and the output possible current value of the charger 2 immediately before is less than 50%, the output of the charger 2 is possible.
  • the determination unit 15c determines that the current value (the spec value one before) is 10 A, and the determination unit 15c determines that the current value is abnormal. .
  • the determination unit 15c refers to the range of possible values of the charge flag defined for each state of charge as the rule 14a, and determines whether the latest state flag is within the range of values that the current state of charge can take. If it deviates from the range, it is judged to be abnormal. For example, when the charging permission flag in the message from the EV 1 side is set to "impossible" in the "charging start” state, the determining unit 15c determines that there is an abnormality.
  • the rule 14a may stipulate, for example, that the charging permission flag in the "charging start” state is other than "permitted” or "impossible.”
  • the handling unit 15d issues at least one of an alert notification or a charge interruption instruction when an abnormality is determined. For example, when the determination unit 15c determines that there is an abnormality, the handling unit 15d outputs alert information including an abnormality type indicating which of the spec value, control value, and state flag is determined to be abnormal. For example, the handling unit 15d outputs the alert information to a preset notification destination such as the charger 2 or the management device of the security operation center via the output unit 12 or the communication control unit 13.
  • a preset notification destination such as the charger 2 or the management device of the security operation center via the output unit 12 or the communication control unit 13.
  • the handling unit 15d identifies the cause of abnormality including the parameter and its value determined to be abnormal by the determination unit 15c and the rule that is the basis of the determination of the abnormality among the rules 14a, the alert information may be output.
  • the coping unit 15d may output as alert information when the determination unit 15c determines whether charging is interrupted.
  • the handling unit 15d may output a charging interruption instruction when it is determined that charging interruption is necessary.
  • the handling unit 15d instructs the charging control unit of the EV 1 or the charger 2 to suspend charging.
  • the handling unit 15d interrupts the charging process by transmitting an error flag used in the charging control protocol to the CAN bus and outputting a shutdown control command.
  • the error flag is a flag that is sent to end the charging process when some kind of abnormality is detected in the operation of the charging control protocol. Examples include a flag indicating an overvoltage state, a flag indicating a low voltage state, a flag indicating a battery high temperature state, a flag indicating that the difference between the required current and the output current is too large, and the like.
  • the abnormality determination device 10 can perform intrusion detection using detection rules for charging control communication.
  • FIG. 4 is a flowchart showing an abnormality determination processing procedure.
  • the flowchart of FIG. 4 is started, for example, at the timing when the user performs an operation input instructing the start.
  • the extraction unit 15a extracts the value of a predetermined parameter from the charging control communication message (step S1). For example, the extraction unit 15a monitors messages conforming to the CHAdeMO protocol or the COMBO protocol as charge control communication messages, and extracts at least one of a spec value, a control value, and a state flag as a predetermined parameter. do.
  • the determination unit 15c checks whether the value of the extracted predetermined parameter deviates from the rule 14a (step S2). For example, the determination unit 15c refers to, as the rule 14a, the relationship between the latest predetermined parameter value and the past predetermined parameter value, or the range of possible values of the predetermined parameter defined for each state of charge. , to determine whether the rule 14a is violated.
  • step S2 If there is no deviation from the rule 14a (step S2, No), the determination unit 15c returns the process to step S1.
  • the determination unit 15c determines that there is an abnormality (step S3). For example, the determination unit 15c determines which of the abnormality type, that is, the spec value, the control value, and the state flag, is abnormal. Further, the determination unit 15c identifies the cause of abnormality including the parameter determined to be abnormal, its value, and the rule used as the basis for the determination of abnormality among the rules 14a. Alternatively, the determination unit 15c determines that charging interruption is necessary.
  • the coping unit 15d issues at least one of an alert notification and a charge interruption instruction (step S4).
  • the handling unit 15d sends alert information including an abnormality type such as which one of the specification value, the control value, and the state flag is determined to be abnormal to the charger 2, the management device of the security operation center, or the like. Output to preset notification destinations.
  • the handling unit 15d identifies the cause of abnormality including the parameter and its value determined to be abnormal by the determination unit 15c and the rule that is the basis of the determination of the abnormality among the rules 14a
  • the alert information to output Alternatively, the coping unit 15d outputs a charging interruption instruction when the determination unit 15c determines that charging interruption is necessary. This completes a series of abnormality determination processes.
  • the storage unit 14 stores the normal rule 14a regarding a predetermined parameter in charge control communication. Also, the extraction unit 15a extracts the value of a predetermined parameter from the charge control communication message. Moreover, the determination unit 15c determines that an abnormality occurs when the value of the extracted predetermined parameter deviates from the rule 14a.
  • the extraction unit 15a extracts at least one of the spec value, the control value, and the state flag as a predetermined parameter.
  • the abnormality determination device 10 can perform intrusion detection using detection rules for charging control communication.
  • the abnormality determination device 10 can detect an attack by inserting an unauthorized message into charging control communication with less over-detection and with higher accuracy than learning-based intrusion detection with more over-detection.
  • the abnormality determination device 10 can defend against attacks and prevent forced interruption of the charging process, malfunction of control, and the like.
  • the rule 14a represents the relationship between the latest predetermined parameter value and the past predetermined parameter value.
  • the rule 14a includes the relationship between the spec value included in the latest message and the past spec value, or the relationship between the latest control value and the past predetermined spec value.
  • the rule 14a is the range of possible values of a predetermined parameter defined for each state of charge.
  • the rule 14a includes a range of possible values of the control value defined for each state of charge or a range of possible values of the charge flag defined for each state of charge.
  • the handling unit 15d determines that there is an abnormality
  • at least one of an alert notification and a charging interruption instruction is performed.
  • the abnormality determination device 10 can quickly take countermeasures against attacks on charging control communication.
  • the abnormality determination device 10 can be implemented by installing an abnormality determination program for executing the above-described abnormality determination process as package software or online software in a desired computer.
  • the information processing device can function as the abnormality determination device 10 by causing the information processing device to execute the abnormality determination program.
  • the information processing apparatus referred to here includes a desktop or notebook personal computer.
  • information processing devices include smart phones, mobile communication terminals such as mobile phones and PHSs (Personal Handyphone Systems), and slate terminals such as PDAs (Personal Digital Assistants).
  • the functions of the abnormality determination device 10 may be implemented in a cloud server.
  • FIG. 5 is a diagram showing an example of a computer that executes an abnormality determination program.
  • Computer 1000 includes, for example, memory 1010 , CPU 1020 , hard disk drive interface 1030 , disk drive interface 1040 , serial port interface 1050 , video adapter 1060 and network interface 1070 . These units are connected by a bus 1080 .
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 .
  • the ROM 1011 stores a boot program such as BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • Hard disk drive interface 1030 is connected to hard disk drive 1031 .
  • Disk drive interface 1040 is connected to disk drive 1041 .
  • a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041, for example.
  • a mouse 1051 and a keyboard 1052 are connected to the serial port interface 1050, for example.
  • a display 1061 is connected to the video adapter 1060 .
  • the hard disk drive 1031 stores an OS 1091, application programs 1092, program modules 1093 and program data 1094, for example. Each piece of information described in the above embodiment is stored in the hard disk drive 1031 or the memory 1010, for example.
  • the abnormality determination program is stored in the hard disk drive 1031, for example, as a program module 1093 in which commands to be executed by the computer 1000 are described.
  • the hard disk drive 1031 stores a program module 1093 in which each process executed by the abnormality determination device 10 described in the above embodiment is described.
  • Data used for information processing by the abnormality determination program is stored as program data 1094 in the hard disk drive 1031, for example. Then, the CPU 1020 reads out the program module 1093 and the program data 1094 stored in the hard disk drive 1031 to the RAM 1012 as necessary, and executes each procedure described above.
  • program module 1093 and program data 1094 related to the abnormality determination program are not limited to being stored in the hard disk drive 1031.
  • they may be stored in a removable storage medium and read by the CPU 1020 via the disk drive 1041 or the like. may be issued.
  • the program module 1093 and program data 1094 related to the abnormality determination program are stored in another computer connected via a network such as LAN or WAN (Wide Area Network), and are read out by the CPU 1020 via the network interface 1070. may be

Landscapes

  • Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Charge And Discharge Circuits For Batteries Or The Like (AREA)

Abstract

A storage unit (14) stores a normal rule (14a) regarding a predetermined parameter pertaining to charging control communication. An extraction unit (15a) extracts the value of the predetermined parameter from a message for the charging control communication. A determination unit (15c) determines an abnormality, when the extracted value of the predetermined parameter deviates from the rule (14a).

Description

異常判定装置、異常判定方法および異常判定プログラムAbnormality determination device, abnormality determination method, and abnormality determination program
 本発明は、異常判定装置、異常判定方法および異常判定プログラムに関する。 The present invention relates to an abnormality determination device, an abnormality determination method, and an abnormality determination program.
 一般に、電気自動車の充電処理は、電気自動車と充電器との間で、電力線とデジタル通信線との2種類の線により実施される。つまり、電力線による充電は、デジタル通信線を介した充電制御通信により制御される。 In general, the charging process of an electric vehicle is carried out between the electric vehicle and the charger through two types of lines: a power line and a digital communication line. That is, charging via the power line is controlled by charge control communication via the digital communication line.
 充電制御通信に対する不正メッセージ挿入による攻撃は、充電処理の強制中断、制御の誤動作等の被害を発生させるため、充電制御通信に対する侵入検知技術が期待されている。特に、過検知の多い学習ベースの侵入検知技術より、過検知の少ないルールベースの侵入検知技術が期待されている。  Attacks by inserting unauthorized messages into charging control communication cause damage such as forced interruption of charging process and control malfunction, so intrusion detection technology for charging control communication is expected. In particular, rule-based intrusion detection technology with less over-detection is expected more than learning-based intrusion detection technology with more over-detection.
 なお、車載ネットワーク(CAN、Control Area Network)において、CAN一般のアプリケーションに対応したアプリケーション層プロトコルの仕様に基づいて作成した検知ルールを利用した侵入検知技術が知られている(非特許文献1参照)。 In addition, in in-vehicle networks (CAN, Control Area Network), intrusion detection technology that uses detection rules created based on application layer protocol specifications that support general CAN applications is known (see Non-Patent Document 1). .
 しかしながら、従来技術では、充電制御通信に対して検知ルールを利用した侵入検知を行うことはできない。すなわち、充電通信のための特有のアプリケーション層を利用する充電制御通信は、CAN一般のアプリケーションに対応したアプリケーション層プロトコルに基づいていない。したがって、CAN一般のアプリケーション仕様に基づいた検知ルールを利用して侵入検知を行うことはできない。 However, with conventional technology, it is not possible to perform intrusion detection using detection rules for charging control communication. In other words, the charging control communication that utilizes the specific application layer for charging communication is not based on an application layer protocol compatible with general CAN applications. Therefore, intrusion detection cannot be performed using detection rules based on CAN general application specifications.
 本発明は、上記に鑑みてなされたものであって、充電制御通信に対して検知ルールを利用した侵入検知を行うことを目的とする。 The present invention has been made in view of the above, and it is an object of the present invention to perform intrusion detection using detection rules for charging control communication.
 上述した課題を解決し、目的を達成するために、本発明に係る異常判定装置は、充電制御通信における所定のパラメータに関する正常時のルールを記憶する記憶部と、充電制御通信のメッセージから所定のパラメータ値を抽出する抽出部と、抽出されたパラメータが、前記ルールを逸脱した場合に、異常と判定する判定部と、を有することを特徴とする。 In order to solve the above-described problems and achieve the object, an abnormality determination device according to the present invention includes a storage unit that stores a rule for a predetermined parameter in charge control communication during normal operation, and a predetermined parameter based on a message of the charge control communication. The present invention is characterized by comprising an extraction unit for extracting parameter values, and a determination unit for determining abnormality when the extracted parameters deviate from the rules.
 本発明によれば、充電制御通信に対して検知ルールを利用した侵入検知を行うことが可能となる。 According to the present invention, it is possible to perform intrusion detection using detection rules for charging control communication.
図1は、本実施形態に係る異常判定装置の概要を説明するための図である。FIG. 1 is a diagram for explaining an outline of an abnormality determination device according to this embodiment. 図2は、異常判定装置の接続形態を説明するための図である。FIG. 2 is a diagram for explaining the connection form of the abnormality determination device. 図3は、異常判定装置の概略構成を例示する模式図である。FIG. 3 is a schematic diagram illustrating a schematic configuration of the abnormality determination device. 図4は、異常判定処理手順を示すフローチャートである。FIG. 4 is a flowchart showing an abnormality determination processing procedure. 図5は、異常判定プログラムを実行するコンピュータの一例を示す図である。FIG. 5 is a diagram showing an example of a computer that executes an abnormality determination program.
 以下、図面を参照して、本発明の一実施形態を詳細に説明する。なお、この実施形態により本発明が限定されるものではない。また、図面の記載において、同一部分には同一の符号を付して示している。 An embodiment of the present invention will be described in detail below with reference to the drawings. It should be noted that the present invention is not limited by this embodiment. Moreover, in the description of the drawings, the same parts are denoted by the same reference numerals.
[異常判定装置の概要]
 図1は、本実施形態に係る異常判定装置の概要を説明するための図である。図1に例示するように、電気自動車(EV、Electric Vehicle)1と充電器2との間は、電力線とデジタル通信線とで相互に接続され、デジタル通信線を介した充電制御通信により、電力線による充電が制御される。 [Overview of abnormality determination device]
FIG. 1 is a diagram for explaining an outline of an abnormality determination device according to this embodiment. As illustrated in FIG. 1, an electric vehicle (EV) 1 and a charger 2 are interconnected by a power line and a digital communication line. charging is controlled by
 本実施形態の異常判定装置10は、充電制御通信の充電制御プロトコルにおける、「初期化」、「接続確認」、「充電」、「終了処理」等の充電状態に関する仕様から、正常時の動作ルールを抽出して、検知ルールとして予め設定しておく。例えば、図1に例示するように、『「初期化」では電流要求は0以下』、『「充電」では物理接続フラグは「接続」でないといけない』等の検知ルールが設定される。 The abnormality determination device 10 of the present embodiment is based on specifications related to the state of charge such as "initialization", "connection confirmation", "charging", and "end processing" in the charging control protocol of the charging control communication. is extracted and preset as a detection rule. For example, as exemplified in FIG. 1, detection rules such as "in 'initialization', the current request must be 0 or less", and 'in 'charging', the physical connection flag must be 'connected'' are set.
 そして、異常判定装置10は、EV1と充電器2との充電制御ユニット間の充電制御通信を充電制御プロトコルのアプリケーション層まで解釈して観測し、検知ルールから逸脱した通信を検知して異常と判定する。これにより、異常判定装置10は、充電制御通信に対する不正メッセージ挿入による攻撃を検知して、充電処理の強制中断、制御の誤動作等を防止することを可能とする。 Then, the abnormality determination device 10 interprets and observes the charging control communication between the charging control units of the EV 1 and the charger 2 up to the application layer of the charging control protocol, detects communication that deviates from the detection rule, and determines that it is abnormal. do. As a result, the abnormality determination device 10 can detect an attack by inserting an unauthorized message into charging control communication, and prevent forced interruption of the charging process, control malfunction, and the like.
 また、図2は、異常判定装置の接続形態を説明するための図である。異常判定装置10は、攻撃の検知のみを行うIDS(Intrusion Detection System、侵入検知システム)として、図2(1)に例示するように、EV1側のCANバスに接続されてもよいし、図2(2)に例示するように、充電器2側のCANバスに接続されてもよい。 Also, FIG. 2 is a diagram for explaining the connection form of the abnormality determination device. The abnormality determination device 10 may be connected to the CAN bus on the EV1 side as illustrated in FIG. 2(1) as an IDS (Intrusion Detection System) that only detects attacks. As illustrated in (2), it may be connected to the CAN bus on the charger 2 side.
 あるいは、異常判定装置10は、攻撃を検知して防御を行うIPS(Intrusion Prevention System、侵入防御システム)として、図2(3)に例示するように、EV1側のCANバス上に設置されてもよいし、図2(4)に例示するように、充電器2側のCANバス上に設置されてもよい。 Alternatively, the abnormality determination device 10 may be installed on the CAN bus on the EV1 side as an IPS (Intrusion Prevention System) that detects and defends against attacks, as illustrated in FIG. 2(3). Alternatively, as illustrated in FIG. 2(4), it may be installed on the CAN bus on the charger 2 side.
[異常判定装置の構成]
 次に、図3は、異常判定装置の概略構成を例示する模式図である。図3に例示するように、本実施形態の異常判定装置10は、パソコン等の汎用コンピュータで実現され、入力部11、出力部12、通信制御部13、記憶部14、および制御部15を備える。 [Configuration of abnormality determination device]
Next, FIG. 3 is a schematic diagram illustrating a schematic configuration of the abnormality determination device. As illustrated in FIG. 3, the abnormality determination device 10 of the present embodiment is implemented by a general-purpose computer such as a personal computer, and includes an input unit 11, an output unit 12, a communication control unit 13, a storage unit 14, and a control unit 15. .
 入力部11は、キーボードやマウス等の入力デバイスを用いて実現され、操作者による入力操作に対応して、制御部15に対する処理開始などの各種指示情報を入力する。出力部12は、液晶ディスプレイなどの表示装置、プリンター等によって実現される。例えば、出力部12には、後述する異常判定処理の結果が表示される。 The input unit 11 is implemented using input devices such as a keyboard and a mouse, and inputs various instruction information such as processing start to the control unit 15 in response to input operations by the operator. The output unit 12 is implemented by a display device such as a liquid crystal display, a printer, or the like. For example, the output unit 12 displays the result of abnormality determination processing, which will be described later.
 通信制御部13は、NIC(Network Interface Card)等で実現され、LAN(Local Area Network)やインターネットなどの電気通信回線を介した外部の装置と制御部15との通信を制御する。例えば、通信制御部13は、後述する異常判定処理において、EV1や充電器2、セキュリティオペレーションセンタの管理装置等と、制御部15との通信を制御する。 The communication control unit 13 is realized by a NIC (Network Interface Card) or the like, and controls communication between an external device and the control unit 15 via an electrical communication line such as a LAN (Local Area Network) or the Internet. For example, the communication control unit 13 controls communication between the control unit 15 and the EV 1, the charger 2, a management device of the security operation center, and the like in the abnormality determination process to be described later.
 記憶部14は、RAM(Random Access Memory)、フラッシュメモリ(Flash Memory)等の半導体メモリ素子、または、ハードディスク、光ディスク等の記憶装置によって実現される。記憶部14には、異常判定装置10を動作させる処理プログラムや、処理プログラムの実行中に使用されるデータなどが予め記憶され、あるいは処理の都度一時的に記憶される。なお、記憶部14は、通信制御部13を介して制御部15と通信する構成でもよい。 The storage unit 14 is implemented by semiconductor memory devices such as RAM (Random Access Memory) and flash memory, or storage devices such as hard disks and optical disks. The storage unit 14 pre-stores a processing program for operating the abnormality determination device 10, data used during execution of the processing program, or the like, or temporarily stores each processing. Note that the storage unit 14 may be configured to communicate with the control unit 15 via the communication control unit 13 .
 本実施形態において、記憶部14は、後述する異常判定処理において用いられるルール14a、状態判定表14b等を記憶する。ルール14aは、充電制御通信における所定のパラメータに関する正常時のルールであって、上記の検知ルールに相当する。後述するように、例えば、ルール14aは、最新の所定のパラメータの値と過去の所定のパラメータの値との関係で規定される。あるいは、ルール14aは、充電状態ごとに規定された所定のパラメータの取り得る値の範囲で規定される。 In this embodiment, the storage unit 14 stores a rule 14a, a state determination table 14b, and the like, which are used in the abnormality determination process described later. The rule 14a is a normal rule regarding a predetermined parameter in charge control communication, and corresponds to the detection rule described above. As will be described later, for example, the rule 14a is defined by the relationship between the latest predetermined parameter value and the past predetermined parameter value. Alternatively, the rule 14a is defined by the range of possible values of a predetermined parameter defined for each state of charge.
 制御部15は、CPU(Central Processing Unit)等を用いて実現され、メモリに記憶された処理プログラムを実行する。これにより、制御部15は、図3に例示するように、抽出部15a、状態判定部15b、判定部15c、および対処部15dとして機能する。 The control unit 15 is implemented using a CPU (Central Processing Unit) or the like, and executes a processing program stored in memory. Thereby, the control unit 15 functions as an extraction unit 15a, a state determination unit 15b, a determination unit 15c, and a handling unit 15d, as illustrated in FIG.
 なお、これらの機能部は、それぞれ、あるいは一部が異なるハードウェアに実装されてもよい。例えば、状態判定部15bは、他の機能部とは異なる装置に実装されてもよい。また、制御部15は、その他の機能部を備えてもよい。 It should be noted that these functional units may be implemented in different hardware, respectively or partially. For example, the state determination unit 15b may be implemented in a device different from other functional units. Also, the control unit 15 may include other functional units.
 抽出部15aは、充電制御通信のメッセージから所定のパラメータの値を抽出する。具体的には、抽出部15aは、充電制御通信のメッセージを監視して、所定のパラメータの値を抽出する。 The extraction unit 15a extracts the value of a predetermined parameter from the charging control communication message. Specifically, the extraction unit 15a monitors the charging control communication message and extracts the value of a predetermined parameter.
 例えば、抽出部15aは、充電制御通信のメッセージとして、CHAdeMO(IEC61851-23,24)プロトコルに準拠したメッセージ、あるいは、COMBO(ISO15118)プロトコルに準拠したメッセーを監視する。 For example, the extraction unit 15a monitors messages conforming to the CHAdeMO (IEC61851-23, 24) protocol or messages conforming to the COMBO (ISO15118) protocol as charging control communication messages.
 そして、抽出部15aは、スペック値、制御値、状態フラグのうちの少なくともいずれかを所定のパラメータとして抽出する。例えば、抽出部15aは、CHAdeMO、あるいはCOMBO等の仕様に基づいて、充電制御メッセージのフィールドから、スペック値、制御値、状態フラグ等を抽出する。 Then, the extraction unit 15a extracts at least one of the spec value, the control value, and the state flag as a predetermined parameter. For example, the extraction unit 15a extracts a spec value, a control value, a state flag, etc. from the fields of the charge control message based on the specifications of CHAdeMO, COMBO, or the like.
 ここで、スペック値とは、充電設定を決定するためにやりとりされるEV1や充電器2の性能を示すパラメータである。例えば、スペック値とは、EV1のバッテリ容量値やバッテリ最大電圧値等、充電器2の出力可能電圧値や出力可能電流値等である。 Here, the specification value is a parameter indicating the performance of the EV 1 and charger 2 exchanged to determine charging settings. For example, the spec values are the battery capacity value of the EV 1, the maximum battery voltage value, and the like, and the outputtable voltage value and the outputtable current value of the charger 2, and the like.
 また、制御値とは、充電に関わる電圧や電流等を制御するための指令値、または応答値を示すパラメータである。例えば、制御値とは、EV1側における要求電圧値、要求電流値、電池残容量等や、充電器2側の電圧応答値、電流応答値、残り充電時間等である。 A control value is a parameter indicating a command value or a response value for controlling voltage, current, etc. related to charging. For example, the control values are the required voltage value, required current value, remaining battery capacity, etc. on the EV 1 side, and the voltage response value, current response value, remaining charging time, etc. on the charger 2 side.
 また、状態フラグとは、充電状態を表し、充電状態を遷移させるためのパラメータである。例えば、状態フラグとは、EV1側における充電許可状態フラグ、シフトレバー状態フラグ、充電コネクタ接続状態フラグ等や、充電器2側における、EVバッテリと充電器の出力電圧互換性フラグ等である。 Also, the state flag is a parameter that indicates the state of charge and is used to transition the state of charge. For example, the status flags include a charging permission status flag, a shift lever status flag, a charging connector connection status flag, etc. on the EV1 side, and an output voltage compatibility flag between the EV battery and the charger on the charger 2 side.
 また、充電状態とは、例えば、「CAN通信開始」、「充電可能フラグ受信済み」、「絶縁テスト、コネクタロック済み」、「充電プラグ接続完了」、「充電開始」、「充電停止要求受信済み」、「電流低下待ち」、「コネクタロック解除」等である。 Further, the charging state includes, for example, "CAN communication started", "chargeable flag received", "insulation test, connector locked", "charging plug connection completed", "charging started", "charging stop request received". , "Wait for current drop", "Unlock connector", and the like.
 状態判定部15bは、抽出されたパラメータのうち、状態フラグを参照して充電状態を判定する。例えば、予め記憶部14には、状態判定表14bが記憶されている。状態判定表14bは、CHAdeMO、あるいはCOMBO等のプロトコル仕様に記載されている充電プラグ接続完了、充電開始等の充電状態と、当該充電状態に遷移するための状態フラグの値との組み合わせを示す情報である。そして、状態判定部15bは、状態判定表14bにおいて、抽出された状態フラグの値に対応する充電状態を特定し、当該時点での状態は特定したこの充電状態であると判定する。 The state determination unit 15b refers to the state flag among the extracted parameters to determine the state of charge. For example, the storage unit 14 stores a state determination table 14b in advance. The state determination table 14b is information indicating combinations of charging states such as charging plug connection completion and charging start described in protocol specifications such as CHAdeMO and COMBO, and values of state flags for transitioning to the charging states. is. Then, the state determination unit 15b identifies the state of charge corresponding to the value of the extracted state flag in the state determination table 14b, and determines that the state at the time point is the identified state of charge.
 状態判定部15bは、例えば、監視対象のメッセージの充電状態を判定する。また、判定部15cは、過去の正常な充電制御通信のメッセージについて、充電状態とスペック値、制御値、状態フラグ等のパラメータの値とを対応付けて、記憶部14に蓄積する。蓄積された過去のパラメータの値は、ルール14aが、最新の所定のパラメータの値と過去のパラメータの値との関係を表す場合に、後述する判定部15cに参照される。 The state determination unit 15b determines, for example, the charging state of the message to be monitored. Further, the determining unit 15c associates the charging state with the parameter values such as the specification value, the control value, and the state flag, and accumulates them in the storage unit 14 for the past normal charging control communication messages. When the rule 14a expresses the relationship between the latest predetermined parameter value and the past parameter value, the accumulated past parameter value is referred to by the later-described determination unit 15c.
 判定部15cは、抽出された所定のパラメータの値が、ルール14aを逸脱した場合に、異常と判定する。具体的には、判定部15cは、ルール14aとして、最新の所定のパラメータの値と過去の所定のパラメータの値との関係、または充電状態ごとに規定された所定のパラメータの取り得る値の範囲を参照し、抽出されたパラメータ値が異常か否かを判定する。 The determination unit 15c determines that there is an abnormality when the value of the extracted predetermined parameter deviates from the rule 14a. Specifically, the determination unit 15c determines, as the rule 14a, the relationship between the latest predetermined parameter value and the past predetermined parameter value, or the range of possible values of the predetermined parameter defined for each state of charge. to determine whether the extracted parameter value is abnormal.
 例えば、判定部15cは、スペック値、制御値、状態フラグのうちの少なくともいずれかについて、異常か否かを判定する。また、判定部15cは、異常と判定したパラメータとその値と、ルール14aのうち、異常判定の根拠となったルールとを含む異常原因を特定してもよい。 For example, the determination unit 15c determines whether or not at least one of the spec value, control value, and state flag is abnormal. Further, the determination unit 15c may identify the cause of abnormality including the parameter determined to be abnormal, its value, and the rule used as the basis for the determination of abnormality among the rules 14a.
 また、判定部15cは、充電中断の要否を判定してもよい。例えば、判定部15cは、出力可能電流値10Aに対し、要求電流値20Aが入力されたというように、スペック値より大幅に大きな制御値の入力が検知された場合に、充電中断が必要と判定する。 In addition, the determination unit 15c may determine whether or not charging should be interrupted. For example, the determination unit 15c determines that charging interruption is necessary when an input of a control value significantly larger than the specification value is detected, such as input of a required current value of 20A for an outputtable current value of 10A. do.
 具体的には、スペック値について、判定部15cは、ルール14aとして最新の所定のパラメータの値と過去の所定のパラメータの値との関係を用いて、最新のメッセージに含まれるスペック値がひとつ前のスペック値と異なる場合に、異常と判定する。これは、スペック値が、ハードウェア固有、あるいは充電開始時の設定値であるため、充電途中の値の変化は、攻撃や故障の可能性が高いと考えられるためである。この場合のルール14aには、例えば、最新のスペック値とひとつ前のスペック値とが同一と規定されていればよい。 Specifically, regarding the spec value, the determination unit 15c uses the relationship between the latest predetermined parameter value and the past predetermined parameter value as the rule 14a to determine that the spec value included in the latest message is one before. If it differs from the specification value of , it is judged to be abnormal. This is because the specification value is unique to the hardware or set at the start of charging, and therefore, a change in the value during charging is highly likely to be an attack or a failure. The rule 14a in this case may, for example, stipulate that the latest spec value and the spec value one before are the same.
 また、制御値について、判定部15cは、ルール14aとして、充電状態ごとに規定された所定のパラメータの取り得る値の範囲を参照して、最新の制御値が、現在の充電状態で取り得る値の範囲を逸脱している場合に、異常と判定する。例えば、「充電開始」状態になる前に0より大きな要求電流値の入力が検知された場合に、異常と判定する。この場合には、ルール14aには、例えば、「CAN通信開始」、「充電可能フラグ受信済み」、「絶縁テスト、コネクタロック済み」、「充電プラグ接続完了」、「充電開始」等の「充電開始」以前の各充電状態について、要求電流値の取り得る値の範囲が0以下と規定されていればよい。 Regarding the control value, the determination unit 15c refers to the range of possible values of a predetermined parameter defined for each state of charge as the rule 14a, and determines that the latest control value is a value that the current state of charge can take. If it deviates from the range of , it is judged to be abnormal. For example, if an input of a required current value greater than 0 is detected before entering the "charging start" state, it is determined to be abnormal. In this case, the rule 14a includes, for example, "charging status" such as "CAN communication start", "chargeable flag received", "insulation test, connector locked", "charging plug connection complete", "charging start". It is sufficient if the range of possible values of the required current value is defined as 0 or less for each state of charge before "start".
 または、判定部15cは、制御値について、ルール14aとして、最新の所定のパラメータの値と過去の所定のパラメータの値との関係を参照して、異常か否かを判定する。例えば、判定部15cは、最新の制御値とひとつ前の所定のスペック値との差が所定の閾値以上に大きく乖離している場合に、異常と判定する。ここで、所定の閾値は、割合、あるいは絶対値等、適宜に設定可能である。なお、判定部15cは、ひとつ前のスペック値として、出力電流上限値、出力電圧最大値、およびバッテリ容量等というように、複数種類のスペック値を参照して異常か否かを判定してもよい。 Alternatively, the determination unit 15c determines whether or not the control value is abnormal by referring to the relationship between the latest predetermined parameter value and the past predetermined parameter value as the rule 14a. For example, the determination unit 15c determines that there is an abnormality when the difference between the latest control value and the previous predetermined spec value is greater than or equal to a predetermined threshold value. Here, the predetermined threshold can be appropriately set as a percentage, an absolute value, or the like. Note that the determination unit 15c may refer to a plurality of types of specification values such as the upper limit value of the output current, the maximum value of the output voltage, and the battery capacity as the previous specification value to determine whether or not there is an abnormality. good.
 例えば、ルール14aに、最新のEV1側からの要求電流値と、ひとつ前の充電器2の出力可能電流値との差が50%未満と規定されている場合には、充電器2の出力可能電流値(ひとつ前のスペック値)10Aに対して、EV1側からの要求電流値(最新の制御値)が5Aである場合、20Aである場合のいずれについても、判定部15cは異常と判定する。 For example, if the rule 14a stipulates that the difference between the latest requested current value from the EV 1 side and the output possible current value of the charger 2 immediately before is less than 50%, the output of the charger 2 is possible. When the current value (the latest control value) from the EV 1 side is 5 A or 20 A, the determination unit 15c determines that the current value (the spec value one before) is 10 A, and the determination unit 15c determines that the current value is abnormal. .
 なお、バッテリ残量が満充電に近づくと、正常処理中でも要求電流値を低下させる処理を行う場合があることから、例えば「バッテリ残量が90%以下の場合」というように、ルール14aの適用にバッテリ残量に応じた条件が設定されてもよい。 Note that when the remaining battery level approaches full charge, there are cases where the process of lowering the required current value is performed even during normal processing. may be set according to the remaining battery level.
 また、状態フラグについて、判定部15cは、ルール14aとして、充電状態ごとに規定された充電フラグの取り得る値の範囲を参照して、最新の状態フラグが、現在の充電状態で取り得る値の範囲を逸脱している場合に、異常と判定する。例えば、「充電開始」の状態で、EV1側からのメッセージの充電許可フラグが「不可」に設定されている場合には、判定部15cは異常と判定する。この場合のルール14aには、例えば、「充電開始」状態における充電許可フラグは「可」、あるいは「不可」以外というように規定されていればよい。 Regarding the state flag, the determination unit 15c refers to the range of possible values of the charge flag defined for each state of charge as the rule 14a, and determines whether the latest state flag is within the range of values that the current state of charge can take. If it deviates from the range, it is judged to be abnormal. For example, when the charging permission flag in the message from the EV 1 side is set to "impossible" in the "charging start" state, the determining unit 15c determines that there is an abnormality. In this case, the rule 14a may stipulate, for example, that the charging permission flag in the "charging start" state is other than "permitted" or "impossible."
 対処部15dは、異常と判定された場合に、アラート通知、または充電中断指示の少なくともいずれかを行う。例えば、対処部15dは、判定部15cが異常と判定した場合に、スペック値、制御値、状態フラグのうちのいずれが異常と判定されたかの異常種別を含むアラート情報を、外部に出力する。例えば、対処部15dは、出力部12あるいは通信制御部13を介して、充電器2やセキュリティオペレーションセンタの管理装置等の予め設定された通知先に、アラート情報を出力する。 The handling unit 15d issues at least one of an alert notification or a charge interruption instruction when an abnormality is determined. For example, when the determination unit 15c determines that there is an abnormality, the handling unit 15d outputs alert information including an abnormality type indicating which of the spec value, control value, and state flag is determined to be abnormal. For example, the handling unit 15d outputs the alert information to a preset notification destination such as the charger 2 or the management device of the security operation center via the output unit 12 or the communication control unit 13. FIG.
 また、対処部15dは、判定部15cが異常と判定したパラメータとその値と、ルール14aのうち、異常判定の根拠となったルールとを含む異常原因を特定した場合には、これらのアラート情報を出力してもよい。 In addition, when the handling unit 15d identifies the cause of abnormality including the parameter and its value determined to be abnormal by the determination unit 15c and the rule that is the basis of the determination of the abnormality among the rules 14a, the alert information may be output.
 また、対処部15dは、判定部15cが充電中断の要否を判定した場合には、アラート情報として出力してもよい。特に、対処部15dは、充電中断が必要と判定された場合には、充電中断指示を出力してもよい。 In addition, the coping unit 15d may output as alert information when the determination unit 15c determines whether charging is interrupted. In particular, the handling unit 15d may output a charging interruption instruction when it is determined that charging interruption is necessary.
 その場合には、対処部15dは、EV1または充電器2の充電制御ユニットに対して、充電中断を指示する。例えば、対処部15dは、CANバスに対して充電制御プロトコルで利用されるエラーフラグを送信して遮断制御命令を出力することにより、充電処理を中断させる。 In that case, the handling unit 15d instructs the charging control unit of the EV 1 or the charger 2 to suspend charging. For example, the handling unit 15d interrupts the charging process by transmitting an error flag used in the charging control protocol to the CAN bus and outputting a shutdown control command.
 ここで、エラーフラグとは、充電制御プロトコルの動作において、何等かの異常が検出された場合に充電処理を終了させるために送信されるフラグである。例えば、過電圧状態を示すフラグ、低電圧状態を示すフラグ、バッテリ高温状態を示すフラグ、要求電流と出力電流の差が大き過ぎることを示すフラグ等が例示される。 Here, the error flag is a flag that is sent to end the charging process when some kind of abnormality is detected in the operation of the charging control protocol. Examples include a flag indicating an overvoltage state, a flag indicating a low voltage state, a flag indicating a battery high temperature state, a flag indicating that the difference between the required current and the output current is too large, and the like.
 このように、異常判定装置10では、充電制御通信に対して検知ルールを利用した侵入検知を行うことが可能となる。 In this way, the abnormality determination device 10 can perform intrusion detection using detection rules for charging control communication.
[異常判定処理]
 次に、図4を参照して、本実施形態に係る異常判定装置10による異常判定処理について説明する。図4は、異常判定処理手順を示すフローチャートである。図4のフローチャートは、例えば、ユーザが開始を指示する操作入力を行ったタイミングで開始される。 [Abnormality judgment processing]
Next, abnormality determination processing by the abnormality determination device 10 according to the present embodiment will be described with reference to FIG. FIG. 4 is a flowchart showing an abnormality determination processing procedure. The flowchart of FIG. 4 is started, for example, at the timing when the user performs an operation input instructing the start.
 まず、抽出部15aが、充電制御通信のメッセージから所定のパラメータの値を抽出する(ステップS1)。例えば、抽出部15aは、充電制御通信のメッセージとして、CHAdeMOプロトコルあるいは、COMBOプロトコルに準拠したメッセーを監視して、所定のパラメータとして、スペック値、制御値、状態フラグのうちの少なくともいずれかを抽出する。 First, the extraction unit 15a extracts the value of a predetermined parameter from the charging control communication message (step S1). For example, the extraction unit 15a monitors messages conforming to the CHAdeMO protocol or the COMBO protocol as charge control communication messages, and extracts at least one of a spec value, a control value, and a state flag as a predetermined parameter. do.
 次に、判定部15cが、抽出された所定のパラメータの値が、ルール14aを逸脱したか否かを確認する(ステップS2)。例えば、判定部15cは、ルール14aとして、最新の所定のパラメータの値と過去の所定のパラメータの値との関係、または充電状態ごとに規定された所定のパラメータの取り得る値の範囲を参照し、ルール14aを逸脱したか否かを確認する。 Next, the determination unit 15c checks whether the value of the extracted predetermined parameter deviates from the rule 14a (step S2). For example, the determination unit 15c refers to, as the rule 14a, the relationship between the latest predetermined parameter value and the past predetermined parameter value, or the range of possible values of the predetermined parameter defined for each state of charge. , to determine whether the rule 14a is violated.
 ルール14aを逸脱していない場合には(ステップS2、No)、判定部15cは、ステップS1に処理を戻す。一方、ルール14aを逸脱した場合に(ステップS2,Yes)、判定部15cは、異常と判定する(ステップS3)。例えば、判定部15cは、異常種別すなわち、スペック値、制御値、状態フラグのうちのいずれが異常かを判定する。また、判定部15cは、異常と判定したパラメータとその値と、ルール14aのうち、異常判定の根拠となったルールとを含む異常原因を特定する。または、判定部15cは、充電中断が必要と判定する。 If there is no deviation from the rule 14a (step S2, No), the determination unit 15c returns the process to step S1. On the other hand, when the rule 14a is deviated (step S2, Yes), the determination unit 15c determines that there is an abnormality (step S3). For example, the determination unit 15c determines which of the abnormality type, that is, the spec value, the control value, and the state flag, is abnormal. Further, the determination unit 15c identifies the cause of abnormality including the parameter determined to be abnormal, its value, and the rule used as the basis for the determination of abnormality among the rules 14a. Alternatively, the determination unit 15c determines that charging interruption is necessary.
 そして、判定部15cが異常と判定した場合に、対処部15dが、アラート通知、または充電中断指示の少なくともいずれかを行う(ステップS4)。例えば、対処部15dは、例えば、スペック値、制御値、状態フラグのうちのいずれが異常と判定されたかというような異常種別を含むアラート情報を、充電器2やセキュリティオペレーションセンタの管理装置等の予め設定された通知先に出力する。 Then, when the determination unit 15c determines that there is an abnormality, the coping unit 15d issues at least one of an alert notification and a charge interruption instruction (step S4). For example, the handling unit 15d sends alert information including an abnormality type such as which one of the specification value, the control value, and the state flag is determined to be abnormal to the charger 2, the management device of the security operation center, or the like. Output to preset notification destinations.
 また、対処部15dは、判定部15cが異常と判定したパラメータとその値と、ルール14aのうち、異常判定の根拠となったルールとを含む異常原因を特定した場合には、これらのアラート情報を出力する。あるいは、対処部15dは、判定部15cが、充電中断が必要と判定した場合には、充電中断指示を出力する。これにより、一連の異常判定処理が終了する。 In addition, when the handling unit 15d identifies the cause of abnormality including the parameter and its value determined to be abnormal by the determination unit 15c and the rule that is the basis of the determination of the abnormality among the rules 14a, the alert information to output Alternatively, the coping unit 15d outputs a charging interruption instruction when the determination unit 15c determines that charging interruption is necessary. This completes a series of abnormality determination processes.
[効果]
 以上、説明したように、本実施形態の異常判定装置10において、記憶部14が、充電制御通信における所定のパラメータに関する正常時のルール14aを記憶する。また、抽出部15aが、充電制御通信のメッセージから所定のパラメータの値を抽出する。また、判定部15cが、抽出された所定のパラメータの値が、ルール14aを逸脱した場合に、異常と判定する。 [effect]
As described above, in the abnormality determination device 10 of the present embodiment, the storage unit 14 stores the normal rule 14a regarding a predetermined parameter in charge control communication. Also, the extraction unit 15a extracts the value of a predetermined parameter from the charge control communication message. Moreover, the determination unit 15c determines that an abnormality occurs when the value of the extracted predetermined parameter deviates from the rule 14a.
 具体的には、抽出部15aは、スペック値、制御値、状態フラグのうちの少なくともいずれかを所定のパラメータとして抽出する。 Specifically, the extraction unit 15a extracts at least one of the spec value, the control value, and the state flag as a predetermined parameter.
 このように、異常判定装置10は、充電制御通信に対して、検知ルールを利用した侵入検知を行うことが可能となる。これにより、異常判定装置10は、過検知の多い学習ベースの侵入検知より、過検知が少なく高精度に、充電制御通信に対する不正メッセージ挿入による攻撃を検知することが可能となる。また、異常判定装置10は、攻撃を防御して、充電処理の強制中断、制御の誤動作等を防止することが可能となる。 In this way, the abnormality determination device 10 can perform intrusion detection using detection rules for charging control communication. As a result, the abnormality determination device 10 can detect an attack by inserting an unauthorized message into charging control communication with less over-detection and with higher accuracy than learning-based intrusion detection with more over-detection. In addition, the abnormality determination device 10 can defend against attacks and prevent forced interruption of the charging process, malfunction of control, and the like.
 また、ルール14aは、最新の所定のパラメータの値と過去の所定のパラメータの値との関係を表す。例えば、ルール14aは、最新のメッセージに含まれるスペック値と過去の該スペック値との関係、または最新の制御値と過去の所定のスペック値との関係を含む。これにより、異常判定装置10は、過去の正常な充電制御通信から逸脱した異常な通信を容易に検知することが可能となる。 Also, the rule 14a represents the relationship between the latest predetermined parameter value and the past predetermined parameter value. For example, the rule 14a includes the relationship between the spec value included in the latest message and the past spec value, or the relationship between the latest control value and the past predetermined spec value. As a result, the abnormality determination device 10 can easily detect abnormal communication that deviates from past normal charging control communication.
 また、ルール14aは、充電状態ごとに規定された所定のパラメータの取り得る値の範囲とする。例えば、ルール14aは、充電状態ごとに規定された制御値の取り得る値の範囲、または充電状態ごとに規定された充電フラグの取り得る値の範囲を含む。これにより、異常判定装置10は、想定される正常な充電制御通信から逸脱した異常な通信を容易に検知することが可能となる。 Also, the rule 14a is the range of possible values of a predetermined parameter defined for each state of charge. For example, the rule 14a includes a range of possible values of the control value defined for each state of charge or a range of possible values of the charge flag defined for each state of charge. As a result, the abnormality determination device 10 can easily detect abnormal communication that deviates from assumed normal charging control communication.
 また、対処部15dが、異常と判定された場合に、アラート通知、または充電中断指示の少なくともいずれかを行う。これにより、異常判定装置10は、充電制御通信に対する攻撃に対して、迅速に対策を行うことが可能となる。 In addition, when the handling unit 15d determines that there is an abnormality, at least one of an alert notification and a charging interruption instruction is performed. As a result, the abnormality determination device 10 can quickly take countermeasures against attacks on charging control communication.
[プログラム]
 上記実施形態に係る異常判定装置10が実行する処理をコンピュータが実行可能な言語で記述したプログラムを作成することもできる。一実施形態として、異常判定装置10は、パッケージソフトウェアやオンラインソフトウェアとして上記の異常判定処理を実行する異常判定プログラムを所望のコンピュータにインストールさせることによって実装できる。例えば、上記の異常判定プログラムを情報処理装置に実行させることにより、情報処理装置を異常判定装置10として機能させることができる。ここで言う情報処理装置には、デスクトップ型またはノート型のパーソナルコンピュータが含まれる。また、その他にも、情報処理装置にはスマートフォン、携帯電話機やPHS(Personal Handyphone System)などの移動体通信端末、さらには、PDA(Personal Digital Assistant)などのスレート端末などがその範疇に含まれる。また、異常判定装置10の機能を、クラウドサーバに実装してもよい。 [program]
It is also possible to create a program in which the processing executed by the abnormality determination device 10 according to the above embodiment is described in a computer-executable language. As one embodiment, the abnormality determination device 10 can be implemented by installing an abnormality determination program for executing the above-described abnormality determination process as package software or online software in a desired computer. For example, the information processing device can function as the abnormality determination device 10 by causing the information processing device to execute the abnormality determination program. The information processing apparatus referred to here includes a desktop or notebook personal computer. In addition, information processing devices include smart phones, mobile communication terminals such as mobile phones and PHSs (Personal Handyphone Systems), and slate terminals such as PDAs (Personal Digital Assistants). Also, the functions of the abnormality determination device 10 may be implemented in a cloud server.
 図5は、異常判定プログラムを実行するコンピュータの一例を示す図である。コンピュータ1000は、例えば、メモリ1010と、CPU1020と、ハードディスクドライブインタフェース1030と、ディスクドライブインタフェース1040と、シリアルポートインタフェース1050と、ビデオアダプタ1060と、ネットワークインタフェース1070とを有する。これらの各部は、バス1080によって接続される。 FIG. 5 is a diagram showing an example of a computer that executes an abnormality determination program. Computer 1000 includes, for example, memory 1010 , CPU 1020 , hard disk drive interface 1030 , disk drive interface 1040 , serial port interface 1050 , video adapter 1060 and network interface 1070 . These units are connected by a bus 1080 .
 メモリ1010は、ROM(Read Only Memory)1011およびRAM1012を含む。ROM1011は、例えば、BIOS(Basic Input Output System)等のブートプログラムを記憶する。ハードディスクドライブインタフェース1030は、ハードディスクドライブ1031に接続される。ディスクドライブインタフェース1040は、ディスクドライブ1041に接続される。ディスクドライブ1041には、例えば、磁気ディスクや光ディスク等の着脱可能な記憶媒体が挿入される。シリアルポートインタフェース1050には、例えば、マウス1051およびキーボード1052が接続される。ビデオアダプタ1060には、例えば、ディスプレイ1061が接続される。 The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 . The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). Hard disk drive interface 1030 is connected to hard disk drive 1031 . Disk drive interface 1040 is connected to disk drive 1041 . A removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041, for example. A mouse 1051 and a keyboard 1052 are connected to the serial port interface 1050, for example. For example, a display 1061 is connected to the video adapter 1060 .
 ここで、ハードディスクドライブ1031は、例えば、OS1091、アプリケーションプログラム1092、プログラムモジュール1093およびプログラムデータ1094を記憶する。上記実施形態で説明した各情報は、例えばハードディスクドライブ1031やメモリ1010に記憶される。 Here, the hard disk drive 1031 stores an OS 1091, application programs 1092, program modules 1093 and program data 1094, for example. Each piece of information described in the above embodiment is stored in the hard disk drive 1031 or the memory 1010, for example.
 また、異常判定プログラムは、例えば、コンピュータ1000によって実行される指令が記述されたプログラムモジュール1093として、ハードディスクドライブ1031に記憶される。具体的には、上記実施形態で説明した異常判定装置10が実行する各処理が記述されたプログラムモジュール1093が、ハードディスクドライブ1031に記憶される。 Also, the abnormality determination program is stored in the hard disk drive 1031, for example, as a program module 1093 in which commands to be executed by the computer 1000 are described. Specifically, the hard disk drive 1031 stores a program module 1093 in which each process executed by the abnormality determination device 10 described in the above embodiment is described.
 また、異常判定プログラムによる情報処理に用いられるデータは、プログラムデータ1094として、例えば、ハードディスクドライブ1031に記憶される。そして、CPU1020が、ハードディスクドライブ1031に記憶されたプログラムモジュール1093やプログラムデータ1094を必要に応じてRAM1012に読み出して、上述した各手順を実行する。 Data used for information processing by the abnormality determination program is stored as program data 1094 in the hard disk drive 1031, for example. Then, the CPU 1020 reads out the program module 1093 and the program data 1094 stored in the hard disk drive 1031 to the RAM 1012 as necessary, and executes each procedure described above.
 なお、異常判定プログラムに係るプログラムモジュール1093やプログラムデータ1094は、ハードディスクドライブ1031に記憶される場合に限られず、例えば、着脱可能な記憶媒体に記憶されて、ディスクドライブ1041等を介してCPU1020によって読み出されてもよい。あるいは、異常判定プログラムに係るプログラムモジュール1093やプログラムデータ1094は、LANやWAN(Wide Area Network)等のネットワークを介して接続された他のコンピュータに記憶され、ネットワークインタフェース1070を介してCPU1020によって読み出されてもよい。 Note that the program module 1093 and program data 1094 related to the abnormality determination program are not limited to being stored in the hard disk drive 1031. For example, they may be stored in a removable storage medium and read by the CPU 1020 via the disk drive 1041 or the like. may be issued. Alternatively, the program module 1093 and program data 1094 related to the abnormality determination program are stored in another computer connected via a network such as LAN or WAN (Wide Area Network), and are read out by the CPU 1020 via the network interface 1070. may be
 以上、本発明者によってなされた発明を適用した実施形態について説明したが、本実施形態による本発明の開示の一部をなす記述および図面により本発明は限定されることはない。すなわち、本実施形態に基づいて当業者等によりなされる他の実施形態、実施例および運用技術等は全て本発明の範疇に含まれる。 Although the embodiment to which the invention made by the present inventor is applied has been described above, the present invention is not limited by the description and drawings forming part of the disclosure of the present invention according to the present embodiment. That is, other embodiments, examples, operation techniques, etc. made by those skilled in the art based on this embodiment are all included in the scope of the present invention.
 10 異常判定装置
 11 入力部
 12 出力部
 13 通信制御部
 14 記憶部
 14a ルール
 15 制御部
 15a 抽出部
 15b 状態判定部
 15c 判定部
 15d 対処部 REFERENCE SIGNS LIST 10 abnormality determination device 11 input unit 12 output unit 13 communication control unit 14 storage unit 14a rule 15 control unit 15a extraction unit 15b state determination unit 15c determination unit 15d handling unit

Claims (8)

  1.  充電制御通信における所定のパラメータに関する正常時のルールを記憶する記憶部と、
     充電制御通信のメッセージから所定のパラメータの値を抽出する抽出部と、
     抽出された前記所定のパラメータの値が、前記ルールを逸脱した場合に、異常と判定する判定部と、
     を有することを特徴とする異常判定装置。     a storage unit that stores normal rules regarding predetermined parameters in charge control communication;
    an extraction unit that extracts a value of a predetermined parameter from a charge control communication message;
    a determination unit that determines an abnormality when the value of the extracted predetermined parameter deviates from the rule;
    An abnormality determination device comprising:
  2.  前記抽出部は、スペック値、制御値、状態フラグのうちの少なくともいずれかを前記所定のパラメータとして抽出することを特徴とする請求項1に記載の異常判定装置。 The abnormality determination device according to claim 1, wherein the extraction unit extracts at least one of a spec value, a control value, and a state flag as the predetermined parameter.
  3.  前記ルールは、最新の前記所定のパラメータの値と過去の前記所定のパラメータの値との関係を表すことを特徴とする請求項1に記載の異常判定装置。 The abnormality determination device according to claim 1, wherein the rule expresses a relationship between a latest value of the predetermined parameter and a past value of the predetermined parameter.
  4.  前記ルールは、充電状態ごとに規定された前記所定のパラメータの取り得る値の範囲であることを特徴とする請求項1に記載の異常判定装置。 The abnormality determination device according to claim 1, wherein the rule is a range of possible values of the predetermined parameter defined for each state of charge.
  5.  前記ルールは、最新のメッセージに含まれるスペック値と過去の該スペック値との関係、充電状態ごとに規定された制御値の取り得る値の範囲、最新の制御値と過去の所定のスペック値との関係、または充電状態ごとに規定された充電フラグの取り得る値の範囲の少なくともいずれかを含むことを特徴とする請求項2に記載の異常判定装置。 The rules include the relationship between the spec value included in the latest message and the past spec value, the range of possible values of the control value specified for each state of charge, the latest control value and the past specified spec value. or a range of possible values of the charge flag defined for each state of charge.
  6.  異常と判定された場合に、アラート通知、または充電中断指示の少なくともいずれかを行う対処部をさらに含むことを特徴とする請求項1に記載の異常判定装置。 The abnormality determination device according to claim 1, further comprising a coping unit that issues at least one of an alert notification and a charge interruption instruction when an abnormality is determined.
  7.  異常判定装置が実行する異常判定方法であって、
     前記異常判定装置は、充電制御通信における所定のパラメータに関する正常時のルールを記憶する記憶部を有し、
     充電制御通信のメッセージから所定のパラメータの値を抽出する抽出工程と、
     抽出された前記所定のパラメータの値が、前記ルールを逸脱した場合に、異常と判定する判定工程と、
     を含むことを特徴とする異常判定方法。     An abnormality determination method executed by an abnormality determination device,
    The abnormality determination device has a storage unit that stores a normal rule regarding a predetermined parameter in charge control communication,
    an extracting step of extracting the value of the predetermined parameter from the charging control communication message;
    a determination step of determining an abnormality when the value of the extracted predetermined parameter deviates from the rule;
    An abnormality determination method comprising:
  8.  コンピュータを請求項1~6のいずれか1項に記載の異常判定装置として機能させるための異常判定プログラム。 An abnormality determination program for causing a computer to function as the abnormality determination device according to any one of claims 1 to 6.
PCT/JP2022/000591 2022-01-11 2022-01-11 Abnormality determination device, abnormality determination method, and abnormality determination program WO2023135652A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2022/000591 WO2023135652A1 (en) 2022-01-11 2022-01-11 Abnormality determination device, abnormality determination method, and abnormality determination program
JP2023573523A JPWO2023135652A1 (en) 2022-01-11 2022-01-11

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/000591 WO2023135652A1 (en) 2022-01-11 2022-01-11 Abnormality determination device, abnormality determination method, and abnormality determination program

Publications (1)

Publication Number Publication Date
WO2023135652A1 true WO2023135652A1 (en) 2023-07-20

Family

ID=87278582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/000591 WO2023135652A1 (en) 2022-01-11 2022-01-11 Abnormality determination device, abnormality determination method, and abnormality determination program

Country Status (2)

Country Link
JP (1) JPWO2023135652A1 (en)
WO (1) WO2023135652A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012065378A (en) * 2010-09-14 2012-03-29 Nichicon Corp Charge control unit
JP2018073521A (en) * 2016-10-26 2018-05-10 株式会社マキタ Battery pack and charging system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012065378A (en) * 2010-09-14 2012-03-29 Nichicon Corp Charge control unit
JP2018073521A (en) * 2016-10-26 2018-05-10 株式会社マキタ Battery pack and charging system

Also Published As

Publication number Publication date
JPWO2023135652A1 (en) 2023-07-20

Similar Documents

Publication Publication Date Title
AU2015264456B2 (en) Power management contracts for accessory devices
US10200259B1 (en) Systems and methods for detecting obscure cyclic application-layer message sequences in transport-layer message sequences
CN104662517A (en) Techniques for detecting a security vulnerability
EP3014515B1 (en) Systems and methods for directing application updates
EP3380901A1 (en) Systems and methods for identifiying compromised devices within industrial control systems
CN102436559B (en) A kind of state switching method and system
WO2016113911A1 (en) Data assessment device, data assessment method, and program
CN106371540B (en) System power management method, chip and electronic equipment
JP7144544B2 (en) System and method for controlling access to peripheral devices
WO2023193351A1 (en) Server starting method and apparatus, device, and storage medium
WO2023098407A1 (en) Communication control method and apparatus for usb device and protected device, and electronic device
WO2024021703A1 (en) Server control method, server, and storage medium
US10204036B2 (en) System and method for altering application functionality
EP2953050A1 (en) System and method for full disk encryption with a check for compatibility of the boot disk
EP2980697B1 (en) System and method for altering a functionality of an application
CN100485582C (en) Control method of server fan
WO2023135652A1 (en) Abnormality determination device, abnormality determination method, and abnormality determination program
US20190157816A1 (en) Safe Charging Interface
CN111353150B (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
CN104424403A (en) Information processing method and electronic device
JP7111803B2 (en) Charging method, terminal and computer storage medium
JP2012155712A (en) Remote maintenance management method and system for information processing apparatus and personal digital assistant and program used therefor
CN115694946A (en) IDV cloud terminal security management and resource scheduling system and method
CN111479273B (en) Method, device, equipment and storage medium for detecting network access security
CN115237673A (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22920178

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2023573523

Country of ref document: JP

Kind code of ref document: A