Vehicle-mounted CAN bus network abnormity detection method and system

Abstract

The invention, which belongs to the technical field of vehicle-mounted network, discloses a vehicle-mounted CAN bus network abnormity detection method and system. CAN bus abnormity detection based on a relative entropy is performed on an identifier ID; a sliding window with a fixed message number is employed; messages are paired based on a relationship between a message sensing sequence and a sending number, relative entropies of the paired messages and relative entropies of all IDs and normal distribution are calculated, and whether abnormity occurs is determined based on the two kinds of relative entropies; a replay attack and a denial of service attack are detected; CAN bus network abnormity detection based on a message data domain is performed on a data domain; features, including a constant value feature, a cyclic value feature, and a multi-value feature, of the message data domain are extracted; and a normal message model is established based on the extracted features and the message abnormity is detected. Therefore, the replay attack, the denial of service attack, the tampering attack and the forgery attack can be detected effectively and efficiently; more abnormal information is provided; and thus subsequent protection can be performed well.

Description

technical field [0001] The invention belongs to the technical field of vehicle-mounted networks, and in particular relates to a method and system for detecting abnormality of a vehicle-mounted CAN bus network. Background technique [0002] At present, the closest existing technology: With the rapid development of technologies such as the Internet of Things and mobile communications, the degree of informatization and networking of automobiles continues to increase, and gradually enters the era of Internet of Vehicles (IoV). It is estimated that by 2020, the sales volume of passenger cars in my country will reach 27.733 million units, and the market size of intelligent networked vehicles will reach more than 100 billion yuan. However, existing research and frequent automotive information security incidents in recent years show that connected vehicles are facing serious information security issues. Attackers can obtain private information and location information of cars and c...

AI Technical Summary

Problems solved by technology

[0009] (1) The CAN bus anomaly detection scheme based on the statistical method does not take into account the impact of non-periodic messages on the message interval value, and cannot detect the abnormality of non-periodic messages; there are certain false positives and false positives; there is no use of messages The connection between them, the ID of the abnormal message cannot be given; if the attacker injects the message at the natural frequency of the bus, the anomaly detection scheme based on information entropy will fail

[0010] (2) The CAN bus anomaly detection scheme based on machine learning can only detect the anomaly after the attacker has changed the state of the vehicle, which is less practical; generally, the amount of calculation is large, but the essence of the vehicle ECU is a single-chip microcomputer, and its computing power and The storage cap

Images