An emergency response system and method of vehicle-road-cloud integration cooperation

The integrated vehicle-road-cloud collaborative emergency response system solves the problems of vulnerability of vehicle perception systems to attacks and information silos, realizes collaborative protection between vehicles, roadside and cloud, and improves the security protection capabilities of vehicles and road networks.

CN122269286APending Publication Date: 2026-06-23NEUSOFT REACH AUTOMOBILE TECH (SHENYANG) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NEUSOFT REACH AUTOMOBILE TECH (SHENYANG) CO LTD
Filing Date
2026-03-31
Publication Date
2026-06-23

Smart Images

  • Figure CN122269286A_ABST
    Figure CN122269286A_ABST
Patent Text Reader

Abstract

The application provides a vehicle-road-cloud integrated cooperative emergency response system and method. In the system, after local anomaly detection, each vehicle end synchronously sends vehicle anomaly logs to roadside units and the cloud, and no longer relies on a single vehicle to independently complete perception and emergency response control. At the same time, the roadside unit fuses vehicle anomaly logs and operation data of all vehicle ends in the target monitoring area to carry out safety event analysis, so that the risks perceived by a single vehicle can be quickly transmitted to other vehicles in the area, avoiding the problem that a single vehicle anomaly cannot be timely perceived by surrounding vehicles. Further, the cloud combines the safety event analysis results of the roadside unit and the vehicle anomaly logs to complete emergency response analysis and generate a target emergency response strategy, and then broadcasts an emergency response signal to the target vehicles in the monitoring area through the roadside unit, realizing vehicle-road-cloud integrated cooperative emergency response and achieving all-round protection of vehicle safety.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of intelligent connected vehicle technology, and in particular to an emergency response system and method that integrates vehicle, road and cloud technologies. Background Technology

[0002] Currently, vehicle driver assistance and autonomous driving systems primarily rely on onboard sensors and the vehicle's computing power to perceive the surrounding environment and respond to emergencies. This reliance on the vehicle's own safety response mechanisms makes it difficult to provide comprehensive vehicle-specific safety protection. In this vehicle-dependent model, when faced with malicious cyberattacks targeting onboard sensors, such as GPS spoofing, camera interference, or LiDAR data tampering, the reliability of the vehicle's perception and decision-making systems drops sharply, directly resulting in a loss of effective safety protection capabilities. Simultaneously, the lack of efficient information sharing mechanisms between vehicles and between vehicles and road infrastructure creates information silos. Road risks perceived by the vehicle cannot be promptly transmitted to surrounding vehicles, leaving the emergency defense capabilities of a single vehicle in a perpetually reactive state.

[0003] Therefore, how to improve the protection capabilities for vehicle driving safety and road network operation safety has become a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0004] In view of the above problems, in order to achieve comprehensive protection of vehicle safety, this application provides an emergency response system and method that integrates vehicle, road and cloud technologies.

[0005] The embodiments of this application disclose the following technical solutions: In a first aspect, embodiments of this application provide an integrated vehicle-road-cloud emergency response system, the system comprising: multiple vehicle terminals, roadside units, and a cloud platform; each vehicle terminal is located within a target monitoring area corresponding to the roadside unit; The vehicle terminal is used to perform anomaly detection based on real-time acquired vehicle operation data, and when an anomaly is detected in the local vehicle, it sends vehicle anomaly logs to the roadside unit and the cloud. The roadside unit is used to perform safety event analysis based on the vehicle anomaly log and the vehicle operation data of each vehicle terminal to obtain the safety event analysis results for the target monitoring area. The cloud platform is used to perform emergency response analysis based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy, and broadcast an emergency response signal to the target vehicle in the monitoring area through the roadside unit; the emergency response signal is generated based on the target emergency response strategy.

[0006] In one possible implementation, the cloud includes: an emergency response analysis module; the emergency response analysis module is specifically used for: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, a security incident risk assessment is performed to obtain the security incident risk attributes. Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

[0007] In one possible implementation, the security event risk attributes include: local risk events, regional risk events, and persistent risk events; the emergency response analysis module includes: a response strategy determination unit, which is specifically used for: When the safety event risk attribute is the local risk event, the corresponding preset emergency response strategy is determined to be the vehicle-side autonomous response strategy, and the vehicle-side autonomous response strategy is used as the target emergency response strategy. When the safety event risk attribute is the regional risk event, the corresponding preset emergency response strategy is determined to be the roadside collaborative response strategy, and the roadside collaborative response strategy is used as the target emergency response strategy. When the security event risk attribute is the persistent risk event, the corresponding preset emergency response strategy is determined to be the cloud-based global response strategy, and the cloud-based global response strategy is used as the target emergency response strategy.

[0008] In one possible implementation, the vehicle-side autonomous response strategy is a local handling strategy executed by the vehicle-side in response to local risk events; the local handling strategy includes at least one of: controlled electronic control unit isolation, abnormal communication blocking, autonomous driving function downgrade, and driver alarm; The roadside collaborative response strategy is a regional collaborative handling strategy executed by the roadside unit in response to regional-level risk events; the regional collaborative handling strategy includes at least one of the following: V2X broadcast of emergency commands for the target area, positioning-assisted correction, and joint early warning by adjacent roadside units; The cloud-based global response strategy is a comprehensive collaborative handling strategy implemented by the cloud for persistent risk events, including at least one of the following: global security policy updates, vehicle vulnerability patch distribution, cross-regional traffic scheduling, and security event intelligence database optimization.

[0009] In one possible implementation, the emergency response analysis module includes: a risk attribute analysis unit; the risk attribute analysis unit is specifically used for: Based on the vehicle operation data from each of the vehicle terminals, a traffic situation map for the target monitoring area is constructed; as well as, The vehicle operation data, vehicle anomaly logs, and security event analysis results of each vehicle terminal are subjected to feature fusion processing to obtain security event fusion features; Dynamic risk assessment is performed based on the fusion characteristics of the safety incident and the traffic situation map to obtain the risk attributes of the safety incident.

[0010] In one possible implementation, the safety incident analysis results include a safety incident risk level; the roadside unit further includes a risk level adjustment module, which is specifically used for: When multiple vehicle-side abnormal logs are received simultaneously, based on the multiple vehicle-side abnormal logs and the vehicle operation data of each vehicle-side, it is determined whether each vehicle-side abnormal log is caused by a regional coordinated attack targeting the target monitoring area. If it is determined that all the abnormal logs of the vehicles were caused by the regional coordinated attack, the risk level of the security incident will be upgraded.

[0011] In one possible implementation, the cloud platform further includes: an emergency response assessment module; the emergency response assessment module is specifically used for: Acquire emergency response feedback data from the vehicle terminal; the emergency response feedback data is used to characterize the vehicle's operating status after the target emergency response strategy is executed. The target emergency response strategy is evaluated based on the emergency response feedback data.

[0012] Secondly, embodiments of this application provide an emergency response method integrating vehicle, road, and cloud technologies, applicable to any possible vehicle-road-cloud integrated emergency response system as described in the first aspect; the method includes: The vehicle terminal performs anomaly detection based on real-time acquired vehicle operation data, and sends vehicle anomaly logs to the roadside unit and the cloud when anomalies are detected in the local vehicle. The roadside unit performs safety event analysis based on the vehicle anomaly log and the vehicle operation data from each vehicle terminal to obtain the safety event analysis results for the target monitoring area. Based on the security event analysis results and vehicle anomaly logs, emergency response analysis is performed in the cloud to obtain a target emergency response strategy. The emergency response signal is then broadcast to the target vehicles in the monitoring area through the roadside unit. The emergency response signal is generated based on the target emergency response strategy.

[0013] In one possible implementation, the step of performing emergency response analysis via the cloud based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy includes: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, a security incident risk assessment is performed to obtain the security incident risk attributes. Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

[0014] In one possible implementation, the security event risk attributes include: local risk events, regional risk events, and persistent risk events; the step of determining the preset emergency response strategy corresponding to the security event risk attribute, and using the determined preset emergency response strategy as the target emergency response strategy, includes: When the safety event risk attribute is the local risk event, the corresponding preset emergency response strategy is determined to be the vehicle-side autonomous response strategy, and the vehicle-side autonomous response strategy is used as the target emergency response strategy. When the safety event risk attribute is the regional risk event, the corresponding preset emergency response strategy is determined to be the roadside collaborative response strategy, and the roadside collaborative response strategy is used as the target emergency response strategy. When the security event risk attribute is the persistent risk event, the corresponding preset emergency response strategy is determined to be the cloud-based global response strategy, and the cloud-based global response strategy is used as the target emergency response strategy.

[0015] Compared to existing technologies, this application offers the following advantages: This application provides a vehicle-road-cloud integrated collaborative emergency response system and method. In this system, after each vehicle completes local anomaly detection, it synchronously sends vehicle anomaly logs to the roadside unit and the cloud. It no longer relies on a single vehicle to independently complete perception and emergency response control, effectively avoiding the problem of a sharp decline in the reliability of the perception and decision-making system when a single vehicle encounters a malicious network attack. Simultaneously, the roadside unit integrates vehicle anomaly logs and operational data from all vehicles within the target monitoring area to conduct security event analysis, achieving the sharing of vehicle operation and anomaly information within the area. This allows risks perceived by a single vehicle to be quickly transmitted to other vehicles within the area, avoiding the problem of a single vehicle's anomaly not being detected by surrounding vehicles in a timely manner. Furthermore, the cloud combines the security event analysis results from the roadside unit and the vehicle anomaly logs to complete emergency response analysis and generate a target emergency response strategy. Then, the roadside unit broadcasts emergency response signals to target vehicles within the monitoring area, constructing a vehicle-road-cloud integrated collaborative emergency response system. This allows vehicle safety protection to break through the limitations of a single vehicle level, forming a multi-level collaborative protection network covering a single vehicle, a local area, and the global area, effectively improving the protection capabilities for vehicle driving safety and road network operation safety. Attached Figure Description

[0016] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0017] Figure 1 A schematic diagram of the structure of an emergency response system integrating vehicle, road, and cloud technologies, provided in an embodiment of this application; Figure 2 A signaling interaction diagram of an integrated vehicle-road-cloud emergency response system provided in this application embodiment; Figure 3 This is a flowchart illustrating an emergency response method integrating vehicle, road, and cloud technologies, provided as an embodiment of this application. Detailed Implementation

[0018] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with specific embodiments and accompanying drawings. It should be particularly noted that the embodiments described in this application are only a part of the embodiments of this application, and not all of them. All other embodiments obtained by those skilled in the art based on the embodiments of this application without creative effort are within the scope of protection of this application.

[0019] It should be noted that, unless otherwise defined, the technical or scientific terms used in the embodiments of this application should have the ordinary meaning understood by one of ordinary skill in the art to which this application pertains. The terms "first," "second," and similar terms used in the embodiments of this application do not indicate any order, quantity, or importance, but are merely used to distinguish different components. Terms such as "comprising" or "including" mean that the element or object preceding the word encompasses the elements or objects listed after the word and their equivalents, without excluding other elements or objects. Terms such as "connected" or "linked" are not limited to physical or mechanical connections, but can include electrical connections, whether direct or indirect. Terms such as "upper," "lower," "left," and "right" are only used to indicate relative positional relationships; when the absolute position of the described object changes, the relative positional relationship may also change accordingly.

[0020] As described earlier, current vehicle driver assistance and autonomous driving systems primarily rely on onboard sensors and the vehicle's computing power to perceive the surrounding environment and respond to emergencies. This reliance on the vehicle's own safety response mechanisms makes it difficult to provide effective vehicle-specific safety protection. In this vehicle-dependent model, when faced with malicious cyberattacks targeting onboard sensors, such as GPS spoofing, camera interference, or LiDAR data tampering, the reliability of the vehicle's perception and decision-making systems drops sharply, directly resulting in a loss of effective safety protection capabilities. Simultaneously, the lack of efficient information sharing mechanisms between vehicles and between vehicles and road infrastructure creates information silos. Road risks perceived by the vehicle cannot be promptly transmitted to surrounding vehicles, leaving the emergency defense capabilities of a single vehicle in a perpetually reactive state.

[0021] Based on this, this application provides a vehicle-road-cloud integrated collaborative emergency response system and method. In this system, after each vehicle completes local anomaly detection, it synchronously sends vehicle anomaly logs to the roadside unit and the cloud. This eliminates the reliance on a single vehicle for independent perception and emergency response control, effectively avoiding the problem of a sharp decline in the reliability of the perception and decision-making system when a single vehicle encounters a malicious network attack. Simultaneously, the roadside unit integrates vehicle anomaly logs and operational data from all vehicles within the target monitoring area to conduct security event analysis, achieving the sharing of vehicle operation and anomaly information within the area. This allows risks perceived by a single vehicle to be quickly transmitted to other vehicles in the area, avoiding the problem of a single vehicle's anomaly not being detected by surrounding vehicles in a timely manner. Furthermore, the cloud combines the security event analysis results from the roadside unit and the vehicle anomaly logs to complete emergency response analysis and generate a target emergency response strategy. Then, the roadside unit broadcasts emergency response signals to target vehicles within the monitoring area, constructing a vehicle-road-cloud integrated collaborative emergency response system. This allows vehicle safety protection to break through the limitations of a single vehicle level, forming a multi-level collaborative protection network covering a single vehicle, a local area, and the global area, effectively improving the protection capabilities for vehicle driving safety and road network operation safety.

[0022] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of the present application.

[0023] See Figure 1 The figure is a schematic diagram of the structure of an emergency response system integrating vehicle, road and cloud provided in an embodiment of this application. As shown in the figure, the system includes multiple vehicle terminals 100, at least one roadside unit 200 and cloud 300. Each vehicle terminal 100 is located in the target monitoring area corresponding to the roadside unit 200. The target monitoring area can be the traffic road surface or the charging pile area in the charging station. This embodiment does not limit the area type of the target monitoring area.

[0024] The vehicle terminal 100 is used to perform anomaly detection based on real-time acquired vehicle operation data, and when an anomaly is detected in the local vehicle, it sends a vehicle anomaly log to the roadside unit and the cloud.

[0025] The vehicle-side is the first layer of vehicle security protection in this system, used for real-time anomaly monitoring based on acquired vehicle operation data. This vehicle operation data includes two types: first, physical operating parameters acquired by the vehicle status monitor, including key data such as vehicle speed, steering angle, braking status, GPS positioning coordinates, and inertial navigation-calculated position; second, in-vehicle communication and vehicle-to-everything (V2X) interaction data collected by the lightweight intrusion detection system, covering CAN bus and in-vehicle Ethernet message transmission data, as well as V2X vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) communication traffic. Anomaly monitoring of the local vehicle is implemented using a dual-engine model of predefined rules and machine learning models. Predefined rules quickly determine anomalies by setting data thresholds; for example, if the GPS and IMU position deviation exceeds a preset threshold or the CAN message transmission frequency fluctuates abnormally, an anomaly can be directly identified. The machine learning model, trained on a feature model based on massive amounts of normal vehicle operation data, identifies behavioral patterns deviating from normal driving, such as sudden speed changes without driver intervention and abnormal V2X connection requests from unfamiliar nodes. Meanwhile, in one possible implementation, the vehicle-side in this application embodiment is also equipped with an in-vehicle security gateway. The in-vehicle security gateway will perform security isolation of the in-vehicle network, filter invalid interference data, and further improve the real-time performance and accuracy of anomaly detection. Once a security anomaly is detected in the local vehicle, the log reporting process to the roadside unit and the cloud will be initiated immediately.

[0026] Vehicle anomaly logs serve as a standardized carrier for transmitting anomaly information from the vehicle to roadside units and the cloud. These logs must accurately record all key information related to the anomaly, maintaining uniformity across all dimensions. In this embodiment, logs for anomaly scenarios clearly demonstrate this characteristic, with GPS spoofing attack scenarios serving as a typical example: the log includes a timestamp, unique vehicle identifier, real-time vehicle location, anomaly type, detection confidence level, and associated vehicle operational data. Besides network attack anomalies, logs for scenarios such as in-vehicle device malfunctions and communication anomalies also follow the same standard. For instance, taking the in-vehicle CAN bus anomaly log as an example, the log includes a timestamp, vehicle location, anomaly type, confidence level, and associated operational data. The log also labels the detection module number, ensuring that the roadside and cloud can accurately pinpoint the source of the anomaly detection, providing data support for subsequent collaborative analysis.

[0027] The roadside unit 200 is used to perform safety event analysis based on the vehicle anomaly log and the vehicle operation data of each vehicle terminal to obtain the safety event analysis results for the target monitoring area.

[0028] Upon receiving vehicle anomaly logs from the vehicle terminals, the roadside unit immediately initiates a security incident analysis process, conducting multi-dimensional fusion analysis based on the vehicle anomaly logs and vehicle terminal operational data across the entire area. First, the roadside unit aggregates and preprocesses all data, simultaneously receiving vehicle anomaly logs from anomalous vehicles and real-time vehicle operational data from all vehicles within the target monitoring area, including vehicle speed, location, communication status, and equipment operating parameters. The data undergoes temporal and spatial correlation calibration and invalid data filtering. Subsequently, the edge security brain within the roadside unit performs threat correlation analysis, comparing the anomaly characteristics of a single vehicle with the operational data of other vehicles in the area to determine whether the anomaly is due to equipment failure or occasional interference within a single vehicle, or a coordinated regional attack involving multiple vehicles simultaneously. Simultaneously, in one possible implementation, the roadside unit also combines information such as regional traffic flow, vehicle trajectories, and road environment to construct a regional situational map integrating traffic safety and cybersecurity. If multiple vehicles report the same type of anomaly within the same time and space range, the roadside unit will determine it as a regional coordinated attack and upgrade the risk level of the security incident through the risk level adjustment module. Finally, it will complete the qualitative analysis of the security incident type, the delineation of the scope of impact, and the risk level assessment, forming a security incident analysis result for the target monitoring area.

[0029] The safety incident analysis results of the roadside unit are the judgment conclusions of safety incidents within the area, including key information such as incident type, scope of impact, risk level, associated vehicles, and regional situation characteristics. The analysis results under different scenarios have clear differentiated characteristics, with typical examples divided into two categories: regional coordinated attacks and single vehicle anomalies. Taking a regional GPS spoofing attack as an example, the safety incident analysis results for this type of anomaly are as follows: the safety incident type is network security - regional coordinated GPS spoofing attack; the target monitoring area is a 1.5 square kilometer area around the highway ramp; the risk level is high; there are 3 associated abnormal vehicles; the event characteristics are that the 3 vehicles simultaneously report GPS and IMU position deviation exceeding the limit within 1 second; there is no equipment failure history record; the real-time traffic flow in the area is high, with an average vehicle speed of 90 km / h; the overall positioning signal has a general risk of interference; and there are no other types of anomaly feedback.

[0030] In one possible implementation, the roadside unit in this embodiment is further equipped with a risk level adjustment module. This risk level adjustment module is used to adjust the risk level of safety events in the safety event analysis results in real time, which is specifically achieved through the following two steps: Step 1: When multiple vehicle-side abnormal logs are received simultaneously, determine whether each vehicle-side abnormal log is caused by a regional coordinated attack targeting the target monitoring area based on the multiple vehicle-side abnormal logs and the vehicle operation data of each vehicle-side.

[0031] When the module simultaneously receives abnormal logs from multiple vehicle terminals within the target monitoring area, it first performs rapid integration of all multi-source data and retrieves core information from all abnormal logs, as well as real-time vehicle operation data from all vehicle terminals within the area. Subsequently, it conducts a judgment based on three dimensions: spatiotemporal correlation, consistency of abnormal characteristics, and independence of causes. This involves verifying whether multiple vehicle anomalies are concentrated in the same spatiotemporal range and whether the anomaly types are highly similar. Simultaneously, it combines vehicle operation data to rule out special cases such as single-vehicle equipment failure, individual signal interference, and driver operational errors. Only when it is confirmed that multiple vehicle anomalies have no independent cause and are triggered by a malicious coordinated attack targeting the target monitoring area is the judgment process completed.

[0032] Step 2: If it is determined that all the abnormal logs of the vehicles are caused by the regional coordinated attack, the risk level of the security incident is upgraded.

[0033] After determining that a regional coordinated attack has occurred, the module will execute the second step of risk level escalation. If it is confirmed that all abnormal logs from various vehicles are caused by a regional coordinated attack, the module will escalate the risk level initially assessed in the preliminary security incident analysis in a tiered manner based on the actual impact characteristics of the attack. The magnitude of the risk level escalation is determined comprehensively based on the number of vehicles involved, the scope of the attack's impact, and the real-time traffic situation in the region. For example, the initial suspicious level may be raised to high risk, and the medium-risk level to high risk. This adjustment is executed locally on the roadside in real time, without waiting for cloud instructions, adapting to the low-latency requirements of vehicle-road-cloud collaborative emergency response. This dynamic risk level adjustment mechanism effectively distinguishes between independent anomalies in a single vehicle and regional group security threats, avoiding underestimation of the risk of coordinated attacks. It provides accurate risk level information for subsequent rapid roadside or global cloud response, ensuring that emergency response strategies match the threat level.

[0034] The cloud-based 300 is used to perform emergency response analysis based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy, and broadcast an emergency response signal to the target vehicle in the monitoring area through the roadside unit; the emergency response signal is generated based on the target emergency response strategy.

[0035] As the global decision-making core of the emergency response system within this framework, the cloud platform relies heavily on the safety incident analysis results reported by roadside units and the vehicle anomaly logs directly uploaded by each vehicle. These two types of data together form the core basis for strategy formulation. After initiating emergency response analysis, the cloud platform first collects and organizes these two core data types. It extracts the overall characteristics of safety incidents within the target monitoring area from the roadside unit safety incident analysis results, including the scope of the incident within the area, the affected vehicle groups, and the overall security situation of the area, forming a comprehensive regional understanding of the safety incident. Simultaneously, the cloud platform analyzes the vehicle anomaly logs from each vehicle, clarifying the specific manifestations of individual vehicle anomalies, the time of occurrence, and the real-time location of the vehicle. Then, it integrates and analyzes the overall regional event analysis results with the detailed data of individual vehicle anomalies to identify the key triggering causes of the safety incident, the actual threat to vehicle safety within the monitoring area, and the trend of the incident's spread or impact within the area. This comprehensive analysis from a global perspective lays the foundation for formulating the target emergency response strategy.

[0036] Furthermore, based on the overall judgment formed by the above emergency response analysis, the cloud will formulate targeted emergency response strategies adapted to the current security incident. These strategies must align with the actual characteristics of the security incident, clearly defining the emergency response directions required for vehicles within the area and the transmission and support requirements that roadside units must cooperate in, ensuring the strategies are practically executable and targeted. After determining the target emergency response strategy, the cloud will convert it into an emergency response signal. Using roadside units as regional communication hubs, the generated emergency response signal will be sent to the roadside units in the corresponding target monitoring area. The roadside units will then broadcast the signal to target vehicles within the area, ensuring that the emergency response signal can be accurately and efficiently transmitted to vehicles affected by the security incident, thus realizing the implementation of the cloud-based global strategy at the regional vehicle execution level.

[0037] Specifically, the process for determining the target emergency response strategy in the cloud is implemented through an emergency response analysis module configured within the cloud. This emergency response analysis module determines the target emergency response strategy through the following two steps: Step 1: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, conduct a security incident risk assessment to obtain the security incident risk attributes.

[0038] First, a safety incident risk assessment is conducted to clarify the risk attributes. Three types of core data are simultaneously retrieved: safety incident analysis results reported by roadside units, vehicle anomaly logs uploaded by each vehicle, and real-time vehicle operation data from all vehicles within the target monitoring area. This multi-source data is integrated and analyzed from a global perspective. The safety incident analysis results provide an overall regional assessment conclusion, the vehicle anomaly logs record detailed anomalies of individual vehicles, and the vehicle operation data from each vehicle reflects the overall driving status of vehicles within the area. These three data complement and corroborate each other. Based on this data, the module conducts a comprehensive risk assessment from multiple dimensions, including the scope of the safety incident's impact, triggering cause, degree of interference with regional traffic, and duration. By defining and classifying the overall risk characteristics of the incident, a clear safety incident risk attribute is ultimately obtained.

[0039] Safety incident risk attributes include localized risk events, regional risk events, and persistent risk events. Localized risk events are mostly isolated anomalies affecting a single vehicle or a very small area, impacting only the affected vehicle and not spreading to surrounding vehicles or areas, with no significant disruption to overall traffic flow in the target monitoring area. Regional risk events cover a certain area within the target monitoring area, affecting multiple vehicles and having a real impact on vehicle safety and traffic order, constituting a regional, group-based safety threat. Persistent risk events are safety incidents that transcend the limitations of a single monitoring area and last for a longer period, with a wider impact and a potential for further spread. They cannot be resolved in the short term and pose a continuous potential threat to the safe operation of a larger transportation network. These three risk attributes exhibit a hierarchical progression, which is used to define the risk level of different safety incidents.

[0040] Step 2: Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

[0041] After determining the risk attributes of a security incident, the system proceeds to the matching stage of preset emergency response strategies. By matching attributes with strategies, the target emergency response strategy is quickly determined. In this embodiment, the cloud has pre-defined preset emergency response strategies corresponding to different types of security incident risk attributes. These preset strategies are pre-planned solutions for security incidents with different risk characteristics, taking into account the collaborative features of vehicle-road-cloud integration, and are targeted and executable. After obtaining a clear security incident risk attribute, the emergency response analysis module immediately performs strategy matching, directly retrieving the preset emergency response strategy corresponding to that risk attribute. Without additional secondary formulation or adjustment, the preset strategy is directly determined as the target emergency response strategy for the current security incident, thereby significantly improving the efficiency of strategy formulation. The determined target emergency response strategy also provides the core basis for the generation of subsequent emergency response signals, ensuring that instructions can be quickly issued to roadside units and vehicles.

[0042] Specifically, the process of determining the target emergency response strategy in this step is implemented through the response strategy determination unit within the emergency response analysis module. This response strategy determination unit mainly determines the target emergency response strategy through the following three steps: Step 1: When the safety event risk attribute is the local risk event, determine the corresponding preset emergency response strategy as the vehicle-side autonomous response strategy, and use the vehicle-side autonomous response strategy as the target emergency response strategy.

[0043] When a security incident is classified as a localized risk event, the response strategy determination unit determines the vehicle-side autonomous response strategy as the target emergency response strategy for that type of risk according to preset strategy matching rules. This strategy matching logic is adapted to the characteristics of localized risk events. Because localized risk events only affect a single vehicle or a very small area, they only impact the driving safety of the affected vehicle, have no possibility of regional spread, and will not interfere with the overall traffic situation in the target monitoring area. Therefore, there is no need for roadside units to conduct regional collaborative handling, nor is it necessary to implement global scheduling in the cloud. Direct local handling by the vehicle is the most efficient and scenario-appropriate response method. The core of the vehicle-side autonomous response strategy is to allow the affected vehicle to complete independent handling based on its own security protection modules. The entire process is executed by the vehicle, quickly resolving security threats at the single-vehicle level, while avoiding the occupation of computing and communication resources on the roadside and cloud, ensuring the response efficiency of the vehicle-road-cloud integrated system to larger-scale risk events.

[0044] The vehicle-side autonomous response strategy is specifically implemented through localized handling measures executed on the vehicle. These measures include isolating controlled electronic control units (ECUs), blocking abnormal communication, downgrading autonomous driving functions, and driver alerts. The vehicle can execute at least one measure individually or in combination, depending on the specific type of the localized risk event. Isolating controlled ECUs promptly disconnects the abnormal ECU from other control systems, preventing the spread of the abnormal state. Blocking abnormal communication shields abnormal communication links within the vehicle or on-board unit, blocking the transmission of malicious signals. Downgrading autonomous driving functions lowers the vehicle's autonomous driving level to a safer level, or even temporarily disables the autonomous driving function. Driver alerts provide a prominent notification to the driver via the onboard human-machine interface, reminding them to take over the vehicle and take appropriate action. These localized handling measures are executed in real-time on the vehicle, offering rapid and targeted responses to mitigate localized risks and ensure the safety of the affected vehicle.

[0045] Step 2: If the safety event risk attribute is the regional risk event, determine the corresponding preset emergency response strategy as the roadside collaborative response strategy, and use the roadside collaborative response strategy as the target emergency response strategy.

[0046] When a security incident is classified as a regional-level risk event, the response strategy determination unit matches the roadside collaborative response strategy as the target emergency response strategy. The impact of a regional-level risk event covers a certain area of ​​the target monitoring zone, affecting multiple vehicles within that area and causing actual disruption to traffic safety and overall order. Relying solely on the autonomous handling of a single vehicle cannot resolve the risk across the entire region. However, the risk has not yet reached the level requiring global cloud-based dispatch. Therefore, having the roadside unit act as the regional collaborative hub to execute the response strategy becomes the optimal choice, balancing response efficiency and scope. As the regional core connecting the vehicle and cloud in the vehicle-road-cloud system, the roadside unit can directly cover all vehicles within the target monitoring zone. Leveraging the edge computing capabilities of the cloud, it conducts collaborative handling, ensuring that the emergency strategy is precisely applied to the entire risk-affected area, thereby preventing further spread of the risk within the region.

[0047] The roadside collaborative response strategy is a dedicated regional collaborative handling strategy implemented by roadside units for regional-level risk events. It includes at least one of the following: V2X broadcasting of emergency commands to the target area, location-assisted correction, and joint early warning by adjacent roadside units. Roadside units can flexibly choose single or combined methods to handle the situation based on the actual type and impact characteristics of the regional-level risk event. Specifically, V2X broadcasting of emergency commands to the target area uses vehicle-to-infrastructure communication technology to send emergency handling commands to all target vehicles within the area, achieving synchronous transmission of commands; location-assisted correction provides high-precision roadside positioning data to vehicles within the area, resolving common positioning anomalies; and joint early warning by adjacent roadside units enables collaboration between roadside units, transmitting risk warning information to adjacent monitoring areas to prepare for protection in advance. These handling methods all rely on the local capabilities of the roadside units, have strong regional coverage, and can effectively resolve regional security threats and restore traffic safety to the target monitoring area.

[0048] Step 3: If the security event risk attribute is a persistent risk event, determine the corresponding preset emergency response strategy as a cloud-based global response strategy, and use the cloud-based global response strategy as the target emergency response strategy.

[0049] When a security incident is classified as a persistent risk event, the response strategy determination unit will determine the cloud-based global response strategy as the corresponding target emergency response strategy. Specifically, persistent risk events transcend the limitations of a single monitoring area, affecting a wider range and lasting longer, with some exhibiting the potential for further spread. This not only disrupts local traffic but may also pose a sustained threat to the safe operation of the entire road network. In such cases, relying solely on autonomous vehicle-side response or regional collaborative response from a single roadside unit is insufficient to fundamentally mitigate the risk and prevent its spread. The cloud, as the global command center of the integrated vehicle-road-cloud system, possesses core capabilities for comprehensive data aggregation, massive computing power support, and cross-regional resource scheduling. It can formulate response plans from a global perspective; therefore, having it execute a cloud-based global response strategy with full-domain collaboration is the optimal choice for addressing persistent risk events.

[0050] The cloud-based global response strategy is a comprehensive, collaborative approach developed by the cloud for handling persistent risk events. It specifically includes at least one of the following: global security policy updates, vehicle vulnerability patch distribution, cross-regional traffic scheduling, and security event intelligence database optimization. The cloud can select a single or combined approach to conduct comprehensive handling based on the type, scope of impact, and persistence characteristics of the persistent risk event. Global security policy updates can simultaneously distribute the latest protection rules to all vehicle-side and roadside units across the network, achieving unified security protection standards across the entire domain. Vehicle vulnerability patch distribution can remotely push vulnerability fixes to affected and related vehicles, addressing the root cause of the equipment or system problems that cause the risk. Cross-regional traffic scheduling can coordinate and adjust traffic flow across multiple regions, avoiding traffic congestion in risky areas and reducing the impact of the risk. Security event intelligence database optimization incorporates the characteristics and handling experience of this risk event into the database, providing data support for subsequent responses to similar persistent risks. These handling measures target the entire monitored area and are designed for long-term effectiveness, quickly mitigating current persistent risks and continuously preventing the recurrence of similar risks.

[0051] In one possible implementation, the process of determining the risk attributes of a security event by the emergency response analysis module in the above example is achieved through a risk attribute analysis unit configured within the module. The risk attribute analysis unit mainly determines the risk attributes of a security event through the following two steps.

[0052] Step 1: Based on the vehicle operation data from each vehicle terminal, construct a traffic situation map for the target monitoring area; as well as, The vehicle operation data, vehicle anomaly logs, and security event analysis results of each vehicle terminal are subjected to feature fusion processing to obtain security event fusion features.

[0053] The first step of the risk attribute analysis unit consists of two parallel execution phases: constructing a traffic situation map of the target monitoring area and completing feature fusion processing of multi-source data. In the traffic situation map construction phase, the unit retrieves real-time vehicle operation data from all vehicles within the target monitoring area, integrating key information such as vehicle speed, vehicle location, driving trajectory, traffic flow distribution, and vehicle start / stop status. This data is then analyzed and visualized according to spatiotemporal dimensions to reconstruct the current actual traffic operation status of the area, clearly presenting scene characteristics such as traffic density, road conditions, and the presence of congestion, thus laying the foundation for subsequent risk assessment. Simultaneously, the unit conducts feature fusion processing, integrating vehicle operation data from various vehicles, vehicle anomaly logs, and safety event analysis results reported by roadside units. Key information from these three types of data is extracted, calibrated, deduplicated, and fused to extract information such as the type of safety event, the number of vehicles involved, the spatiotemporal range of the anomaly, and the preliminary risk level. This forms standardized safety event fusion features, transforming scattered multi-source data into a unified basis that can be directly used for risk assessment.

[0054] Step 2: Perform dynamic risk assessment based on the fusion characteristics of the safety incident and the traffic situation map to obtain the risk attributes of the safety incident.

[0055] After preparing the basic data, the risk attribute analysis unit proceeds to the second step: dynamic risk assessment. This step combines the integrated characteristics of the safety incident with traffic situation maps to conduct a comprehensive analysis and ultimately determine the risk attribute of the safety incident. Unlike static risk assessment, this dynamic assessment combines the characteristics of the safety incident itself with the actual traffic scenario in the region, comprehensively analyzing the impact range, scale of influence, duration, and actual degree of disruption to current regional traffic operations and potential spread risk. For example, similar abnormal events on core road sections with high traffic volume and on sparsely trafficked suburban road sections will be classified into different risk attributes due to their varying degrees of impact on traffic; similarly, if the same event shows a trend of cross-regional spread, its risk level will be redefined. Through multi-dimensional dynamic analysis, the unit ultimately classifies safety incidents into local risk events, regional risk events, or persistent risk events. This judgment result is directly transmitted to the strategy matching stage of the emergency response analysis module, becoming the basis for determining the target emergency response strategy in the cloud, ensuring that subsequent emergency response strategies are adapted to the actual risk level of the safety incident.

[0056] In one possible implementation, an emergency response evaluation module is also configured in the cloud. This module evaluates the effectiveness of emergency response commands issued from the cloud based on data fed back from the vehicle after executing the emergency response strategy, thereby ensuring the effectiveness of emergency response control. Specifically, this emergency response evaluation module mainly performs the following two steps: Step 1: Obtain emergency response feedback data from the vehicle terminal; the emergency response feedback data is used to characterize the vehicle's operating status after the target emergency response strategy is executed.

[0057] First, emergency response feedback data from the vehicle is acquired. This data represents the vehicle's operational status information, transmitted in real-time to the cloud after the emergency response strategy is implemented. It directly reflects the effectiveness of the strategy execution. This emergency response feedback data effectively characterizes the actual status after the vehicle executes the strategy, including whether the anomaly of the vehicle involved has been alleviated or eliminated, whether the operating parameters of the vehicle's core equipment and control system have returned to normal, the implementation status of various handling measures during the strategy execution, and the status feedback of other vehicles implementing the strategy within the target monitoring area. The module will uniformly collect and validate the multi-dimensional feedback data from multiple vehicles, removing invalid or abnormal feedback information to lay a solid data foundation for subsequent strategy evaluation.

[0058] Step 2: Evaluate the target emergency response strategy based on the emergency response feedback data.

[0059] After acquiring and verifying the emergency response feedback data, the module evaluates the target emergency response strategy based on this data. During the evaluation, the module analyzes the feedback data from multiple dimensions to determine the actual effectiveness of the target emergency response strategy. The specific evaluation methods are divided into three categories: first, the risk mitigation dimension, used to verify whether local risks have been eliminated, regional risks have been effectively controlled, and the spread of persistent risks has been curbed; second, the strategy adaptation dimension, analyzing whether the measures adopted by the strategy are appropriate to the actual characteristics of the security incident, and whether there are any redundant or insufficient measures; and third, the actual impact dimension, considering whether the strategy, while mitigating risks, has minimized disruption to normal regional traffic operations. The evaluation results will become the core basis for the cloud-based judgment of this emergency response. If the strategy is effective, its adaptability to similar security incidents will be confirmed; if the strategy is ineffective or fails to mitigate risks, the module will use data to pinpoint the root cause of the problem, providing direction for the optimization and adjustment of subsequent emergency response strategies.

[0060] To further illustrate the execution flow of the system in this embodiment, the interaction flow of each terminal within the system will be described below with reference to the accompanying drawings of a specific embodiment. See also Figure 2 The figure is a signaling interaction diagram of an emergency response system integrating vehicle, road, and cloud technologies provided in an embodiment of this application.

[0061] This diagram uses a GPS spoofing attack on vehicles within a region as an example to illustrate the full-process interactive handling mechanism of this embodiment's system against GPS spoofing attacks. It comprehensively covers five core stages: attack phase, collaborative threat perception, multi-level collaborative analysis, hierarchical collaborative response, and handling feedback and closed-loop. In the attack phase, an external attack source launches a GPS spoofing attack, attempting to interfere with the positioning function of vehicles within the region. Subsequently, in the collaborative threat perception phase, the onboard security terminal (vehicle A) and the onboard terminals of other vehicles (vehicles B / C) within the region simultaneously detect abnormal positioning data. After confirming that the anomaly has a high degree of confidence, they respectively report positioning anomaly alarms to the Roadside Safety Unit (RSU), achieving the initial convergence of single-vehicle anomalies into regional perception. The next step is a multi-level collaborative analysis phase. The roadside safety unit performs fusion analysis based on the abnormal information reported by multiple vehicles, identifying that this is not a single vehicle malfunction but a regional GPS spoofing attack. It then reports a high-risk alert for regional GPS spoofing attack to the cloud control security platform. After receiving the alert, the cloud control security platform conducts a global analysis and dynamic risk assessment. Combining data such as regional traffic conditions and abnormal characteristics of multiple vehicles, it ultimately confirms the authenticity of the attack and assesses the risk level of the security event as extremely high, completing the analysis process from local anomaly perception to full-domain attack characterization.

[0062] Tiered collaborative response is the core of the entire handling process. After confirming the attack and risk level, the cloud-controlled security platform authorizes the roadside security unit to execute regional emergency response. The roadside security unit then broadcasts emergency instructions to all affected vehicles within the target monitoring area. These instructions include downgrading positioning functions, enabling assisted positioning correction, and limiting vehicle speed. Upon receiving the instructions, each vehicle initiates an autonomous response, executes the pre-set downgrade plan, and autonomously controls its driving status to avoid safety accidents caused by positioning anomalies. Simultaneously, the cloud-controlled security platform initiates a global response, dispatches inspection resources to the risk area, and notifies the traffic management center to intervene, achieving coordinated linkage between regional handling and global control. Finally, the handling feedback and closed-loop stage begins. After completing the handling and stabilizing, each vehicle reports its handling status to the roadside security unit. The roadside security unit summarizes the handling information of all vehicles and reports the collaborative handling completion to the cloud-controlled security platform. The cloud-controlled security platform updates the attack's characteristic data, handling process, and effect feedback to the threat intelligence database, optimizing emergency response strategies for subsequent similar security incidents, thus completing the closed-loop interaction process.

[0063] This application provides a vehicle-road-cloud integrated emergency response system. In this system, after each vehicle completes local anomaly detection, it synchronously sends vehicle anomaly logs to the roadside unit and the cloud. This eliminates the reliance on individual vehicles for perception and emergency response control, effectively avoiding the problem of a sharp decline in the reliability of the perception and decision-making system when a single vehicle encounters a malicious network attack. Simultaneously, the roadside unit integrates vehicle anomaly logs and operational data from all vehicles within the target monitoring area to conduct security event analysis. This enables the sharing of vehicle operation and anomaly information within the area, allowing risks perceived by a single vehicle to be quickly transmitted to other vehicles in the area, avoiding the problem of a single vehicle's anomaly not being detected by surrounding vehicles in a timely manner. Furthermore, the cloud combines the security event analysis results from the roadside unit and the vehicle anomaly logs to complete emergency response analysis and generate a target emergency response strategy. The roadside unit then broadcasts emergency response signals to target vehicles within the monitoring area, constructing a vehicle-road-cloud integrated collaborative emergency response system. This allows vehicle safety protection to transcend the limitations of a single vehicle level, forming a multi-level collaborative protection network covering individual vehicles, local areas, and the global area, effectively improving the protection capabilities for vehicle driving safety and road network operation safety.

[0064] The following describes an emergency response method for integrated vehicle-road-cloud collaboration provided by an embodiment of this application. The emergency response method for integrated vehicle-road-cloud collaboration described below can be referred to in correspondence with the emergency response system for integrated vehicle-road-cloud collaboration described above.

[0065] See Figure 3 The figure is a flowchart illustrating an integrated vehicle-road-cloud emergency response method provided in an embodiment of this application, which specifically includes the following steps: S101: The vehicle terminal performs anomaly detection based on real-time acquired vehicle operation data, and sends vehicle anomaly logs to the roadside unit and the cloud when anomalies are detected in the local vehicle. S102: Through the roadside unit, safety event analysis is performed based on the vehicle anomaly log and the vehicle operation data of each vehicle terminal to obtain the safety event analysis results for the target monitoring area; S103: Based on the security event analysis results and the vehicle anomaly logs, emergency response analysis is performed through the cloud to obtain a target emergency response strategy, and an emergency response signal is broadcast to the target vehicle in the monitoring area through the roadside unit; the emergency response signal is generated based on the target emergency response strategy.

[0066] In one possible implementation, the step of performing emergency response analysis via the cloud based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy includes: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, a security incident risk assessment is performed to obtain the security incident risk attributes. Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

[0067] In one possible implementation, the security event risk attributes include: local risk events, regional risk events, and persistent risk events; the step of determining the preset emergency response strategy corresponding to the security event risk attribute, and using the determined preset emergency response strategy as the target emergency response strategy, includes: When the safety event risk attribute is the local risk event, the corresponding preset emergency response strategy is determined to be the vehicle-side autonomous response strategy, and the vehicle-side autonomous response strategy is used as the target emergency response strategy. When the safety event risk attribute is the regional risk event, the corresponding preset emergency response strategy is determined to be the roadside collaborative response strategy, and the roadside collaborative response strategy is used as the target emergency response strategy. When the security event risk attribute is the persistent risk event, the corresponding preset emergency response strategy is determined to be the cloud-based global response strategy, and the cloud-based global response strategy is used as the target emergency response strategy.

[0068] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the systems, methods, and embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and relevant parts can be referred to the description of the method embodiments. The systems, methods, and embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components indicated as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of the solution in this embodiment according to actual needs. Those skilled in the art can understand and implement this without creative effort.

[0069] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A vehicle-road-cloud integrated emergency response system, characterized in that, The system includes: multiple vehicle terminals, roadside units, and a cloud platform; each vehicle terminal is located within the target monitoring area corresponding to the roadside unit. The vehicle terminal is used to perform anomaly detection based on real-time acquired vehicle operation data, and when an anomaly is detected in the local vehicle, it sends vehicle anomaly logs to the roadside unit and the cloud. The roadside unit is used to perform safety event analysis based on the vehicle anomaly log and the vehicle operation data of each vehicle terminal to obtain the safety event analysis results for the target monitoring area. The cloud platform is used to perform emergency response analysis based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy, and broadcast an emergency response signal to the target vehicle in the monitoring area through the roadside unit; the emergency response signal is generated based on the target emergency response strategy.

2. The system according to claim 1, characterized in that, The cloud platform includes: an emergency response analysis module; the emergency response analysis module is specifically used for: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, a security incident risk assessment is performed to obtain the security incident risk attributes. Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

3. The system according to claim 2, characterized in that, The security incident risk attributes include: localized risk events, regional risk events, and persistent risk events; the emergency response analysis module includes: a response strategy determination unit, which is specifically used for: When the safety event risk attribute is the local risk event, the corresponding preset emergency response strategy is determined to be the vehicle-side autonomous response strategy, and the vehicle-side autonomous response strategy is used as the target emergency response strategy. When the safety event risk attribute is the regional risk event, the corresponding preset emergency response strategy is determined to be the roadside collaborative response strategy, and the roadside collaborative response strategy is used as the target emergency response strategy. When the security event risk attribute is the persistent risk event, the corresponding preset emergency response strategy is determined to be the cloud-based global response strategy, and the cloud-based global response strategy is used as the target emergency response strategy.

4. The system according to claim 3, characterized in that, The vehicle-side autonomous response strategy is a local handling strategy executed by the vehicle-side in response to localized risk events. The local handling strategy includes at least one of the following: isolation of the controlled electronic control unit, blocking of abnormal communication, downgrading of autonomous driving function, and driver alarm. The roadside collaborative response strategy is a regional collaborative handling strategy executed by the roadside unit in response to regional-level risk events; the regional collaborative handling strategy includes at least one of the following: V2X broadcast of emergency commands for the target area, positioning-assisted correction, and joint early warning by adjacent roadside units; The cloud-based global response strategy is a comprehensive collaborative handling strategy implemented by the cloud for persistent risk events, including at least one of the following: global security policy updates, vehicle vulnerability patch distribution, cross-regional traffic scheduling, and security event intelligence database optimization.

5. The system according to claim 2, characterized in that, The emergency response analysis module includes a risk attribute analysis unit; the risk attribute analysis unit is specifically used for: Based on the vehicle operation data from each of the vehicle terminals, a traffic situation map for the target monitoring area is constructed; as well as, The vehicle operation data, vehicle anomaly logs, and security event analysis results of each vehicle terminal are subjected to feature fusion processing to obtain security event fusion features; Dynamic risk assessment is performed based on the fusion characteristics of the safety incident and the traffic situation map to obtain the risk attributes of the safety incident.

6. The system according to claim 1, characterized in that, The safety incident analysis results include a safety incident risk level; the roadside unit further includes a risk level adjustment module, which is specifically used for: When multiple vehicle-side abnormal logs are received simultaneously, based on the multiple vehicle-side abnormal logs and the vehicle operation data of each vehicle-side, it is determined whether each vehicle-side abnormal log is caused by a regional coordinated attack targeting the target monitoring area. If it is determined that all the abnormal logs of the vehicles were caused by the regional coordinated attack, the risk level of the security incident will be upgraded.

7. The system according to claim 1, characterized in that, The cloud platform also includes an emergency response assessment module; the emergency response assessment module is specifically used for: Acquire emergency response feedback data from the vehicle terminal; the emergency response feedback data is used to characterize the vehicle's operating status after the target emergency response strategy is executed. The target emergency response strategy is evaluated based on the emergency response feedback data.

8. An emergency response method integrating vehicle, road, and cloud technologies, characterized in that... The method is applied to the vehicle-road-cloud integrated emergency response system as described in any one of claims 1-7; the method includes: The vehicle terminal performs anomaly detection based on real-time acquired vehicle operation data, and sends vehicle anomaly logs to the roadside unit and the cloud when anomalies are detected in the local vehicle. The roadside unit performs safety event analysis based on the vehicle anomaly log and the vehicle operation data from each vehicle terminal to obtain the safety event analysis results for the target monitoring area. Based on the security event analysis results and vehicle anomaly logs, emergency response analysis is performed in the cloud to obtain a target emergency response strategy. The emergency response signal is then broadcast to the target vehicles in the monitoring area through the roadside unit. The emergency response signal is generated based on the target emergency response strategy.

9. The method according to claim 8, characterized in that, The process involves performing emergency response analysis via the cloud based on the security event analysis results and the vehicle anomaly logs to obtain a target emergency response strategy, including: Based on the security incident analysis results, the vehicle anomaly logs, and the vehicle operation data from each vehicle terminal, a security incident risk assessment is performed to obtain the security incident risk attributes. Determine the preset emergency response strategy corresponding to the risk attribute of the security incident, and use the determined preset emergency response strategy as the target emergency response strategy.

10. The method according to claim 8, characterized in that, The security incident risk attributes include: localized risk incidents, regional risk incidents, and persistent risk incidents; determining the preset emergency response strategy corresponding to the security incident risk attribute, and using the determined preset emergency response strategy as the target emergency response strategy, includes: When the safety event risk attribute is the local risk event, the corresponding preset emergency response strategy is determined to be the vehicle-side autonomous response strategy, and the vehicle-side autonomous response strategy is used as the target emergency response strategy. When the safety event risk attribute is the regional risk event, the corresponding preset emergency response strategy is determined to be the roadside collaborative response strategy, and the roadside collaborative response strategy is used as the target emergency response strategy. When the security event risk attribute is the persistent risk event, the corresponding preset emergency response strategy is determined to be the cloud-based global response strategy, and the cloud-based global response strategy is used as the target emergency response strategy.