An automated safety test scheme generation method and system for intelligent networked vehicles and a medium
By constructing an attack tactics knowledge graph and a multi-agent collaborative mechanism, an automated attack testing scheme for intelligent connected vehicles is generated, which solves the problem of lack of systematic modeling and dynamic optimization in existing methods and realizes efficient and intelligent attack testing scheme generation.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HARBIN INSTITUTE OF TECHNOLOGY (SHENZHEN) (INSTITUTE OF SCIENCE AND TECHNOLOGY INNOVATION HARBIN INSTITUTE OF TECHNOLOGY SHENZHEN)
- Filing Date
- 2026-05-26
- Publication Date
- 2026-06-26
AI Technical Summary
Existing methods for generating automated attack test schemes for intelligent connected vehicles lack systematic modeling. Attack strategy generation relies on manual templates, lacks context-based multi-dimensional quantitative evaluation and dynamic optimization, has insufficient association and recommendation of test schemes and tools, and has statically solidified attack knowledge without an automatic feedback and update mechanism.
We construct a knowledge graph of attack techniques and tactics, generate attack strategies through a multi-agent collaborative mechanism, recommend attack tools by combining semantic mapping technology, optimize attack paths based on multi-dimensional evaluation functions, and dynamically update the knowledge graph based on test results.
It improves the automation and intelligence of intelligent connected vehicle attack test scheme generation, realizes efficient autonomous generation and dynamic optimization of attack strategies, and improves the executability of test schemes.
Smart Images

Figure CN122284579A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of automated safety testing technology for intelligent connected vehicles, and in particular to a method, system, and medium for generating automated safety testing schemes for intelligent connected vehicles. Background Technology
[0002] Intelligent connected vehicles integrate complex electronic and electrical architectures, in-vehicle communication networks (CAN / CAN FD / Vehicle Ethernet), and vehicle-to-the-world information interaction capabilities (V2X, 4G / 5G, Wi-Fi, Bluetooth), resulting in a continuously expanding attack surface. In particular, cyberattacks targeting the automotive industry have become increasingly frequent in recent years, such as remotely controlling vehicle braking and acceleration, and infiltrating in-vehicle networks via T-Boxes, directly threatening the safety of drivers and passengers. Against this backdrop, the development of automated attack testing solutions has become an urgent need in the industry.
[0003] At present, the generation of automated attack test schemes for intelligent connected vehicles is mainly divided into attack tree-based, large language model (LLM)-based, and reinforcement learning-based directions. The STAF framework uses LLM and self-correcting RAG technology to generate executable security test cases from manually constructed attack trees; the GenSecure-CAEV framework uses fine-tuned LLM to analyze ECU firmware and V2X communication logs to achieve a high vulnerability detection accuracy; CurriculumPT combines course learning with multi-agent systems to achieve penetration testing task scheduling. However, existing methods still face the following problems: (1) Attack knowledge lacks systematic modeling. Attack trees can only express "AND" and "OR" logical relationships and cannot describe the complex semantic associations and tool dependencies of attack techniques and tactics; (2) Attack strategy generation heavily relies on manual templates or direct generation by LLM and lacks context-based multi-dimensional quantitative evaluation and dynamic optimization capabilities; (3) There is a lack of intelligent association recommendation between attack test schemes and specific attack tools, and the implementation of test schemes requires a lot of manual intervention; (4) Attack knowledge is statically solidified and lacks an automatic feedback update mechanism based on test results. Summary of the Invention
[0004] This invention provides an automated security testing scheme generation method, system, and medium for intelligent connected vehicles, aiming to improve the automation, coverage, and executability of attack testing scheme generation.
[0005] This invention provides a method for generating automated safety testing schemes for intelligent connected vehicles, the method comprising the following steps: Step S10: Obtain multi-source attack knowledge data in the field of intelligent connected vehicles, perform knowledge extraction, and construct an attack tactics knowledge graph. Step S20: Collect and parse the asset configuration information and network topology information of the target vehicle system; Step S30: Based on the multi-agent collaborative mechanism, the asset configuration information and network topology information of the target vehicle system are used as query conditions to generate an attack strategy through graph reasoning in the attack tactics knowledge graph, and quantitative optimization is performed through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection and avoidance capability, resource consumption and side-channel impact. Step S40: Perform semantic matching based on each attack technique node in the attack strategy, associate and recommend a set of matching attack tools, establish a semantic mapping library between attack techniques and attack tools, and generate tool execution parameter configuration according to the configuration parameters of the target vehicle system. Step S50: Associate and integrate the attack strategy with the attack tool set to generate a structured attack test plan document and convert it into an executable attack test script sequence. Step S60: Execute the attack test script sequence, capture the test result data during the execution process, and update the confidence score of the attack technology node and the effectiveness score of the attack tool node in the attack tactics knowledge graph based on the test result data; at the same time, periodically obtain new attack knowledge data from external data sources and incrementally update the attack tactics knowledge graph.
[0006] A further technical solution of the present invention is that step S10 includes: Step S101: Obtain attack knowledge data from external data sources through API interfaces or web crawlers. The external data sources include one or more of the following: CVE / CNVD vulnerability database, CAPEC attack pattern library, public security research reports, penetration test reports, and vulnerability exploitation code libraries. Step S102: Using a named entity recognition and relation extraction algorithm based on a pre-trained language model, attack tactics entities and relationships between entities are extracted from the collected unstructured or semi-structured data. The attack tactics entities include: attack tactic entities, attack technology entities, attack sub-technology entities, attack tool entities, attack target entities, vulnerability entities, and defense measure entities. The relationships between entities include: the inclusion relationship between tactics and technologies, the subordinate relationship between technologies and sub-technologies, the utilization relationship between technologies and tools, the interaction relationship between technologies and targets, the association relationship between technologies and vulnerabilities, the sequential relationship between technologies, and the parallel relationship between technologies. Step S103: The extracted attack tactics entities and relationships between entities are stored in a graph database to construct an attack tactics knowledge graph. In the attack tactics knowledge graph, nodes are used to represent attack tactics entities, edges are used to represent relationships between entities, and attack tactics are used as top-level nodes, attack techniques and attack sub-techniques are used as intermediate nodes, and attack tools / vulnerabilities / attack targets are used as bottom-level nodes to form a hierarchical knowledge representation.
[0007] A further technical solution of the present invention is that step S20 includes: Step S201: Obtain the asset configuration information of the target vehicle system through static configuration file import, active scanning or passive monitoring. The asset configuration information includes: electronic control unit model and firmware version, communication protocol type and version, service exposure interface, operating system type and version, and installed security mechanism actions. Step S202: Generate network topology information of the target vehicle system by active detection or based on a system architecture model. The network topology information includes the in-vehicle network topology and the external network topology. Step S203: By monitoring the communication traffic and system logs of the target vehicle system under normal operating conditions, a system behavior baseline is established for use in the anomaly detection and avoidance strategy design in subsequent attack strategy planning.
[0008] A further technical solution of the present invention is that step S30 includes: Step S301: Receive asset configuration information and network topology information of the target vehicle system. Through knowledge graph query and graph matching algorithm, identify the set of available attack entry points and potential attack surfaces, and obtain an attack surface analysis report. The attack surface analysis report includes a list of attack entry points, the availability score of each entry point, and the identification results of key assets. Step S302: Using the attack surface analysis report as a constraint, execute a multi-hop reasoning algorithm based on graph traversal on the attack tactics knowledge graph. Starting from the attack tactics node, traverse downwards along the inclusion and refinement relationship edges to the attack technology node and attack sub-technology node to generate a set of candidate attack paths. Combine the set of candidate attack paths into an initial attack strategy according to the temporal and logical dependencies. Step S303: Evaluate and optimize the initial attack strategy, wherein the comprehensive evaluation function is defined as follows: in, To obtain the confidence level of attack technique nodes from the knowledge graph, i.e., to score the probability of a successful attack, The probability of being detected is calculated for evaluating the safety mechanism configuration of the target vehicle system. To normalize resource consumption, including time, computing resources, and required permissions, This is the side-channel impact coefficient, used to assess the extent to which an attack affects vehicle driving safety and functional safety. , , , These are configurable weighting coefficients; Step S304: Call an external simulation platform or digital twin system to construct a virtual environment for the target vehicle system, and verify the feasibility of the optimized attack strategy. If the verification is successful, the final confirmed attack strategy chain is output. If the verification fails, path replanning is performed.
[0009] A further technical solution of the present invention is that step S40 includes: Step S401: Use a relational database or graph database to store attack tool entries and their metadata. Each attack tool entry includes: a unique tool identifier, tool name, tool type, applicable attack technology, applicable communication protocol, operating environment requirements, configuration parameter template, and tool acquisition method. Step S402: Associated with the final confirmed attack strategy chain, for each attack technique node in the attack strategy, extract the semantic feature vector of the attack technique, calculate the similarity with the applicable attack technique field of each attack tool in the attack tool knowledge base, sort them from high to low similarity, and output a recommended list of attack tools that match the attack technique node. Step S403: For each attack tool in the recommended list, generate the complete configuration parameters required for tool execution based on the actual configuration parameters of the target vehicle system.
[0010] A further technical solution of the present invention is that step S50 includes: Step S501: The final confirmed attack strategy and recommended list of attack tools and configuration parameters are linked and integrated to generate a structured attack test archive document. Step S502: Convert the structured attack test plan document into an executable attack test script sequence.
[0011] A further technical solution of the present invention is that step S60 includes: Step S601: Execute the attack test script sequence in the test environment; Step S602: Capture test result data during the attack test execution process; Step S603: Convert the captured test results into knowledge graph update instructions; specifically, this includes: increasing the confidence score of successfully executed attack technology nodes.
[0012] A further technical solution of the present invention is that step S603 specifically includes: For attack technique nodes that fail to execute, lower their confidence score and record the reason for failure; for verified effective attack tools, increase their effectiveness score on the corresponding attack technique; for newly discovered vulnerabilities or new attack paths, generate update instructions for adding new nodes or edges.
[0013] To achieve the above objectives, the present invention also proposes an automated safety test scheme generation system for intelligent connected vehicles. The system includes a memory, a processor, and an automated safety test scheme generation program for intelligent connected vehicles stored on the processor. The automated safety test scheme generation program for intelligent connected vehicles is executed by the processor to perform the steps of the method described above.
[0014] To achieve the above objectives, the present invention also proposes a computer-readable storage medium storing an automated safety test scheme generation program for intelligent connected vehicles, wherein the automated safety test scheme generation program for intelligent connected vehicles is executed by a processor to perform the steps of the method described above.
[0015] The beneficial effects of the method for generating automated safety testing schemes for intelligent connected vehicles according to the present invention are: This invention, through the above technical solution, acquires multi-source attack knowledge data in the field of intelligent connected vehicles, performs knowledge extraction, and constructs an attack tactics knowledge graph; collects and analyzes the asset configuration information and network topology information of the target vehicle system; based on a multi-agent collaborative mechanism, using the asset configuration information and network topology information of the target vehicle system as query conditions, performs graph reasoning in the attack tactics knowledge graph to generate attack strategies, and performs quantitative optimization through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection and avoidance capabilities, resource consumption, and side-channel impact; based on the semantic matching of each attack technique node in the attack strategy, it recommends and recommends a set of matching attack tools, establishing a relationship between attack techniques and attack tools. The system utilizes a semantic mapping library and generates tool execution parameter configurations based on the configuration parameters of the target vehicle system. It integrates the attack strategy with the attack tool set to generate a structured attack test plan document, which is then converted into an executable attack test script sequence. The system executes the attack test script sequence, captures test result data during execution, and updates the confidence scores of attack technology nodes and the effectiveness scores of attack tool nodes in the attack tactics knowledge graph based on the test result data. Simultaneously, it periodically acquires new attack knowledge data from external data sources to incrementally update the attack tactics knowledge graph, thereby improving the automation, intelligence, and executability of intelligent connected vehicle attack test plan generation. Attached Figure Description
[0016] Figure 1 This is a flowchart illustrating a preferred embodiment of the method for generating automated safety testing schemes for intelligent connected vehicles according to the present invention. Figure 2 This is a detailed flowchart of step S10; Figure 3 This is a detailed flowchart of step S20; Figure 4 This is a detailed flowchart of step S30; Figure 5 This is a detailed flowchart of step S40; Figure 6 This is a detailed flowchart of step S50; Figure 7 This is a detailed flowchart of step S60. Detailed Implementation
[0017] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments.
[0018] This invention proposes an automated security testing scheme generation method for intelligent connected vehicles. The overall concept of this invention is based on an attack tactics knowledge graph, utilizing a multi-agent collaborative planning mechanism and attack tool semantic mapping technology to construct a closed-loop automated attack testing scheme generation framework: "knowledge modeling → strategy generation → tool mapping → scheme output → feedback update." Specifically, firstly, a hierarchical attack tactics knowledge graph is constructed with attack tactics, techniques, sub-techniques, tools, and vulnerabilities as nodes, achieving systematic semantic modeling of attack knowledge for intelligent connected vehicles. Secondly, a multi-agent collaborative mechanism of reconnaissance, planning, optimization, and verification is introduced. Based on knowledge graph reasoning and target system perception information, multi-stage attack strategies are autonomously generated and quantitatively optimized through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection avoidance capability, resource consumption, and side-channel impact. Next, a semantic mapping library between attack techniques and attack tools is established, automatically associating and recommending matching attack tools and generating execution parameter configurations. Finally, the test execution results are fed back to the knowledge graph, enabling dynamic updates of attack technique confidence and tool effectiveness scores, thereby improving the automation, intelligence, and executability of intelligent connected vehicle attack testing scheme generation.
[0019] Specifically, please refer to Figure 1 A preferred embodiment of the method for generating automated safety testing schemes for intelligent connected vehicles according to the present invention includes the following steps: Step S10: Obtain multi-source attack knowledge data in the field of intelligent connected vehicles, perform knowledge extraction, and construct an attack tactics knowledge graph.
[0020] The hardware execution modules involved in the automated safety test scheme generation method for intelligent connected vehicles of the present invention include the following six modules: attack technique and tactic knowledge graph construction module, target system perception module, multi-agent attack strategy planning module, attack tool association mapping module, attack test scheme generation module, and scheme execution and feedback update module.
[0021] In this embodiment, the attack techniques and tactics knowledge graph construction module acquires multi-source attack knowledge data in the field of intelligent connected vehicles, performs knowledge extraction, and constructs an attack techniques and tactics knowledge graph.
[0022] Step S20: Collect and parse the asset configuration information and network topology information of the target vehicle system.
[0023] In this embodiment, the target system perception module collects and parses the asset configuration information and network topology information of the target vehicle system.
[0024] Step S30: Based on the multi-agent collaborative mechanism, the asset configuration information and network topology information of the target vehicle system are used as query conditions to generate an attack strategy through graph reasoning in the attack tactics knowledge graph, and quantitative optimization is performed through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection and avoidance capability, resource consumption and side-channel impact.
[0025] In this embodiment, the information collected in step S20 is used as the query condition in the multi-agent attack strategy planning module. Graph reasoning is performed on the knowledge graph constructed in step S10 to generate a set of candidate attack paths. The reconnaissance agent identifies the attack entry point, the planning agent generates the initial attack strategy, the optimization agent performs quantitative evaluation and iterative optimization based on a comprehensive evaluation function, and the verification agent verifies the feasibility, outputting the optimized multi-stage attack strategy.
[0026] Step S40: Based on the attack technology nodes in the attack strategy, perform semantic matching, associate and recommend a set of matching attack tools, establish a semantic mapping library between attack technologies and attack tools, and generate tool execution parameter configuration according to the configuration parameters of the target vehicle system.
[0027] In this embodiment, in the attack tool association mapping module, each attack technology node in the attack strategy generated in step S30 is semantically matched in the attack tool knowledge base, and a set of recommended matching attack tools is associated. The tool execution parameter configuration is automatically generated according to the configuration parameters of the target vehicle system.
[0028] Step S50: Associate and integrate the attack strategy with the attack tool set to generate a structured attack test plan document and convert it into an executable attack test script sequence.
[0029] In this embodiment, in the attack test plan generation module, the attack strategy generated in step S30 is associated and integrated with the set of attack tools recommended in step four to generate a structured attack test plan document, which is then converted into an executable attack test script sequence.
[0030] Step S60: Execute the attack test script sequence, capture the test result data during the execution process, and update the confidence score of the attack technology node and the effectiveness score of the attack tool node in the attack tactics knowledge graph based on the test result data; at the same time, periodically obtain new attack knowledge data from external data sources and incrementally update the attack tactics knowledge graph.
[0031] In this embodiment, the executable attack test script sequence generated in step S50 is executed in the scheme execution and feedback update module, and the test result data during the execution process is captured; the test result data is fed back to the attack technique and tactic knowledge graph construction module to update the confidence score of the attack technique node and the effectiveness score of the attack tool node in the knowledge graph; at the same time, new attack knowledge data is periodically obtained from external data sources to incrementally update the knowledge graph.
[0032] Further, please refer to Figure 2 In this embodiment, step S10 specifically includes: Step S101: Obtain attack knowledge data from external data sources through API interfaces or web crawlers. The external data sources include one or more of the following: CVE / CNVD vulnerability database, CAPEC attack pattern library, publicly available security research reports, penetration test reports, and vulnerability exploitation code libraries, as well as CAN protocol signal definitions and known backdoors of specific ECU models.
[0033] Step S102: Using a named entity recognition and relation extraction algorithm based on a pre-trained language model, attack tactics entities and relationships between entities are extracted from the collected unstructured or semi-structured data. The attack tactics entities include: attack tactic entities, attack technology entities, attack sub-technology entities, attack tool entities, attack target entities, vulnerability entities, and defense measure entities. The relationships between entities include: the inclusion relationship between tactics and technologies, the subordinate relationship between technologies and sub-technologies, the utilization relationship between technologies and tools, the interaction relationship between technologies and targets, the association relationship between technologies and vulnerabilities, the sequential relationship between technologies, and the parallel relationship between technologies.
[0034] Step S103: The extracted attack tactics entities and relationships between entities are stored in a graph database to construct an attack tactics knowledge graph. In the attack tactics knowledge graph, nodes are used to represent attack tactics entities, edges are used to represent relationships between entities, and attack tactics are used as top-level nodes, attack techniques and attack sub-techniques as intermediate nodes, and attack tools / vulnerabilities / attack targets as bottom-level nodes to form a hierarchical knowledge representation. The attack tools include automotive-specific tools such as CAN message injection tools and UDS fuzzing tools.
[0035] The attack tactics and techniques knowledge graph construction module aims to structurally model multi-source attack knowledge in the field of intelligent connected vehicles, constructing a reasonable and updatable attack tactics and techniques knowledge graph to support the generation of subsequent attack strategies. To this end, attack knowledge data is first obtained from external data sources via API interfaces or web crawlers. These external data sources include CVE / CNVD vulnerability databases, CAPEC attack pattern libraries, publicly available security research reports, penetration test reports, and vulnerability exploitation code libraries. Secondly, named entity recognition and relation extraction algorithms based on pre-trained language models are used to extract attack tactics and techniques entities and their inter-entity relationships from the collected unstructured or semi-structured data. The attack tactics and techniques entities include: attack tactic entities, attack technique entities, attack sub-technique entities, attack tool entities, attack target entities, vulnerability entities, and defense measure entities. The inter-entity relationships include: inclusion relationships between tactics and techniques, subordinate relationships between techniques and sub-techniques, utilization relationships between techniques and tools, interaction relationships between techniques and targets, association relationships between techniques and vulnerabilities, sequential relationships between techniques, and parallel relationships between techniques. Next, a graph database is used to store the extracted entities and relationships, constructing an attack tactics knowledge graph. In the graph, nodes represent attack tactics entities, edges represent relationships between entities, and attack tactics are used as top-level nodes, attack techniques and sub-techniques as intermediate nodes, and attack tools / vulnerabilities / targets as bottom-level nodes, forming a hierarchical knowledge representation. Furthermore, this module can receive test result feedback data from the scheme execution and feedback update module, dynamically updating the confidence and validity scores of relevant nodes in the knowledge graph; simultaneously, it periodically triggers incremental update operations, acquiring new attack knowledge from external data sources and integrating it into the knowledge graph.
[0036] Please refer to Figure 3 Step S20 specifically includes the following steps: Step S201: Obtain the asset configuration information of the target vehicle system through static configuration file import, active scanning or passive monitoring. The asset configuration information includes: electronic control unit model and firmware version, communication protocol type and version, service exposure interface, operating system type and version, installed security mechanism activation, and CAN message data.
[0037] Step S202: Generate network topology information of the target vehicle system by active detection or based on a system architecture model. The network topology information includes the in-vehicle network topology and the external network topology.
[0038] Step S203: By monitoring the communication traffic and system logs of the target vehicle system under normal operating conditions, a system behavior baseline is established for use in the anomaly detection and avoidance strategy design in subsequent attack strategy planning.
[0039] In this embodiment, the target system perception module aims to collect and analyze the asset configuration information, network topology information, and system behavior characteristics of the target vehicle system, providing context-aware data for attack strategy generation. First, through static configuration file import, active scanning, or passive monitoring, the module acquires the target vehicle system's asset configuration information, including: electronic control unit model and firmware version, communication protocol type and version, service exposure interfaces, operating system type and version, and installed security mechanism actions. Then, through active probing or based on a system architecture model, the module generates the target vehicle system's network topology information, including the in-vehicle network topology (e.g., domain division, gateway location, ECU connection relationships) and the external communication topology (e.g., T-Box and cloud connection, V2X communication range). Simultaneously, by monitoring the target vehicle system's communication traffic and system logs during normal operation, a system behavior baseline can be established for anomaly detection and evasion strategy design in subsequent attack strategy planning.
[0040] Please refer to Figure 4 Step S30 specifically includes the following steps: Step S301: Receive asset configuration information and network topology information of the target vehicle system. Through knowledge graph query and graph matching algorithm, identify the set of available attack entry points and potential attack surfaces to obtain an attack surface analysis report. The attack surface analysis report includes a list of attack entry points, the availability score of each entry point, and the identification results of key assets.
[0041] Step S302: Using the attack surface analysis report as a constraint, execute a multi-hop inference algorithm based on graph traversal on the attack tactics knowledge graph. Starting from the attack tactics node, traverse downwards along the inclusion and refinement relationship edges to the attack technology node and attack sub-technology node to generate a set of candidate attack paths. Combine the set of candidate attack paths into an initial attack strategy according to the temporal and logical dependencies.
[0042] Step S303: Evaluate and optimize the initial attack strategy, wherein the comprehensive evaluation function is defined as follows: in, To obtain the confidence level of attack technique nodes from the knowledge graph, i.e., to score the probability of a successful attack, The probability of being detected is calculated for evaluating the safety mechanism configuration of the target vehicle system. To normalize resource consumption, including time, computing resources, and required permissions, This is the side-channel impact coefficient, used to assess the extent to which an attack affects vehicle driving safety and functional safety. , , , These are configurable weighting coefficients.
[0043] Step S304: Call an external simulation platform or digital twin system to construct a virtual environment for the target vehicle system, and verify the feasibility of the optimized attack strategy. If the verification is successful, the final confirmed attack strategy chain is output. If the verification fails, path replanning is performed.
[0044] In the multi-agent attack strategy planning module, the information collected in step S20 is used as the query condition, and graph reasoning is performed in the knowledge graph constructed in step S10 to generate a set of candidate attack paths. The reconnaissance agent identifies the attack entry point, the planning agent generates the initial attack strategy, the optimization agent performs quantitative evaluation and iterative optimization based on the comprehensive evaluation function, and the verification agent verifies the feasibility, outputting the optimized multi-stage attack strategy.
[0045] The multi-agent attack strategy planning module aims to autonomously generate, evaluate, and verify multi-stage attack strategies based on knowledge graph reasoning results and target system perception information through a multi-agent collaborative mechanism. It comprises four collaborating agents: a reconnaissance agent, a planning agent, an optimization agent, and a verification agent. These agents communicate and synchronize their states via message queues. Reconnaissance Agent: The reconnaissance agent connects to the output of the target system's perception module, receiving asset configuration and network topology information of the target vehicle system. Through knowledge graph queries and graph matching algorithms, it identifies the set of exploitable attack entry points and potential attack surfaces. The output of the reconnaissance agent is a structured attack surface analysis report, including a list of attack entry points, an availability score for each entry point, and the results of key asset identification.
[0046] The planning agent connects the output of the attack tactics knowledge graph construction module and the output of the reconnaissance agent. Using the attack surface analysis report output by the reconnaissance agent as constraints, it executes a multi-hop inference algorithm based on graph traversal on the attack tactics knowledge graph. Starting from the attack tactic node, it traverses downwards along inclusion and refinement edges to the attack technique node and attack sub-technique node, generating a set of candidate attack paths. Internally, the planning agent contains an attack chain synthesizer, which synthesizes the candidate attack path set into a multi-stage attack strategy according to temporal and logical dependencies. The output of the planning agent is the initial attack strategy.
[0047] Optimization Agent: The optimization agent connects to the output of the planning agent and evaluates and optimizes the initial attack strategy generated by the planning agent. The optimization agent internally includes a comprehensive evaluation function calculator, which is defined as follows: in, To obtain the confidence level of attack technique nodes from the knowledge graph, i.e., to score the probability of a successful attack, The probability of being detected is calculated for evaluating the safety mechanism configuration of the target vehicle system. To normalize resource consumption, including time, computing resources, and required permissions, This is the side-channel impact coefficient, used to assess the extent to which an attack affects vehicle driving safety and functional safety. , , , These are configurable weight coefficients. The optimizing agent employs an optimization strategy based on genetic algorithms or reinforcement learning to iteratively optimize the selection of technical nodes, execution order, and parallel / serial relationships in the attack strategy, outputting the optimized attack strategy.
[0048] Verification Agent: The verification agent connects to the output of the optimization agent and the external simulation environment interface. By calling an external simulation platform or digital twin system, it constructs a virtual environment of the target vehicle system to verify the feasibility of the optimized attack strategy. If the verification passes, it outputs the final confirmed attack strategy chain; if the verification fails, the failure information is fed back to the optimization agent for re-optimization or to the planning agent for path replanning.
[0049] Please refer to Figure 5 Step S40 specifically includes the following steps: Step S401: Use a relational database or graph database to store attack tool entries and their metadata. Each attack tool entry includes: a unique tool identifier, tool name, tool type, applicable attack technology, applicable communication protocol, operating environment requirements, configuration parameter template, and tool acquisition method.
[0050] Step S402: Associated with the final confirmed attack strategy chain, for each attack technique node in the attack strategy, extract the semantic feature vector of the attack technique, calculate the similarity with the applicable attack technique field of each attack tool in the attack tool knowledge base, sort them from high to low similarity, and output a recommended list of attack tools that match the attack technique node.
[0051] Step S403: For each attack tool in the recommended list, execute the required complete configuration parameters according to the actual configuration parameters of the target vehicle system, such as for a specific CAN signal generation tool.
[0052] The attack tool association mapping module aims to establish a semantic mapping between attack techniques and specific executable attack tools, automatically recommending suitable attack tools and generating configuration parameters for each attack technique node in the attack strategy chain. First, a relational database or graph database is used to store attack tool entries and their metadata. Each attack tool entry includes: a unique tool identifier, tool name, tool type, applicable attack techniques, applicable communication protocols, operating environment requirements, configuration parameter template, and tool acquisition method. Then, it is associated with the attack strategy output by the multi-agent attack strategy planning module. For each attack technique node in the attack strategy, the semantic feature vector of that attack technique is extracted and its similarity is calculated with the applicable attack technique field of each attack tool in the attack tool knowledge base. The similarity is sorted from high to low, and a recommended list of attack tools matching the attack technique node is output. Note that a path similarity algorithm based on knowledge graphs is used here. Finally, for each attack tool in the recommended list, the parameter generation submodule automatically generates the complete configuration parameters required for tool execution based on the tool's configuration parameter template and the actual configuration parameters of the target vehicle system, such as CAN bus speed and service port number. The parameter generation uses a combination of template filling and rule reasoning, supporting automatic derivation and validity verification of parameter values.
[0053] Please refer to Figure 6 Step S50 specifically includes the following steps: Step S501: The final confirmed attack strategy and recommended list of attack tools and configuration parameters are linked and integrated to generate a structured attack test archive document.
[0054] Step S502: Convert the structured attack test plan document into an executable attack test script sequence.
[0055] The attack test plan generation module aims to integrate attack strategies with associated attack tool sets to generate structured, executable attack test plan documents and script sequences. First, it integrates the attack strategies output by the multi-agent attack strategy planning module and the recommended attack tool list and configuration parameters output by the attack tool association mapping module to generate a structured attack test plan document. This document is organized in JSON or XML format and includes a plan identifier, a description of the target vehicle system, an attack strategy description (describes the purpose, execution conditions, and expected results of each attack step in stages), an attack tool list (name, version, purpose, and configuration parameters of each tool), a tool execution order (serial or parallel dependency graph), test environment requirements, expected test results, and judgment criteria. Then, the structured attack test plan document is converted into an executable attack test script sequence. The script generation submodule contains multiple script template engines, supporting different output formats such as Python scripts, Bash scripts, and Metasploit resource scripts. Based on the tool list and execution order in the attack test plan, the script generation submodule calls the corresponding script template, fills in the specific parameters, and outputs a complete executable script file.
[0056] Please refer to Figure 7 Step S0 specifically includes the following steps: Step S601: Execute the attack test script sequence in the test environment.
[0057] Step S602: Capture test result data during the attack test execution process.
[0058] Step S603: Convert the captured test results into knowledge graph update instructions; specifically, this includes: increasing the confidence score of successfully executed attack technology nodes.
[0059] Step S603 specifically includes: For attack technique nodes that fail to execute, lower their confidence score and record the reason for failure; for verified effective attack tools, increase their effectiveness score on the corresponding attack technique; for newly discovered vulnerabilities or new attack paths, generate update instructions for adding new nodes or edges.
[0060] The scheme execution and feedback update module aims to execute the generated attack test scheme, capture the execution results, and feed the results back to the knowledge graph construction module to achieve knowledge evolution. First, it provides an execution engine that supports the execution of attack test script sequences in the following test environments: pure software simulation environment, hardware-in-the-loop environment, and real vehicle test environment. During execution, it records the execution time, execution status (success / failure / partial success), output logs, and error messages for each attack step. Then, the input end connects to the output end of the scheme execution submodule. The result capture submodule captures system response data during the attack test execution process through monitoring interfaces (such as CAN bus listening, network packet capture, and system log collection), including: whether target permissions were successfully obtained, whether malicious messages were successfully injected, whether security alarms were triggered, and whether vehicle functions malfunctioned. Finally, the captured test results are converted into knowledge graph update instructions, specifically including: increasing the confidence score of successfully executed attack technology nodes; decreasing the confidence score and recording the reason for failure for unsuccessful attack technology nodes; increasing the effectiveness score of verified effective attack tools on the corresponding attack technology; and generating update instructions for adding new nodes or edges for newly discovered vulnerabilities or attack paths.
[0061] The main innovations of this invention in the method for generating automated safety testing schemes for intelligent connected vehicles are as follows: 1. Multi-agent collaborative attack strategy autonomous generation mechanism: Through the collaborative work of four agents—reconnaissance, planning, optimization, and verification—a multi-stage attack strategy is autonomously generated based on knowledge graph reasoning, overcoming the shortcomings of traditional methods that rely on manual templates or direct generation by LLM.
[0062] 2. Semantic mapping and automatic parameter generation method for attack techniques and tools: Establish an attack tool knowledge base, realize intelligent association recommendation from attack technique nodes to attack tool sets through semantic matching algorithm, and automatically generate tool execution parameters based on template filling and rule reasoning.
[0063] 3. Dynamic update mechanism for knowledge graph confidence based on test result feedback: The attack test execution results are fed back to the knowledge graph to dynamically update the confidence scores of attack technology nodes and the effectiveness scores of attack tool nodes, thereby realizing the closed-loop evolution of attack knowledge.
[0064] 4. Automated attack test scheme generation architecture: Integrating target system perception, knowledge graph reasoning, multi-agent planning, tool mapping, scheme generation and execution feedback into an end-to-end closed-loop system, realizing full-process automation from target vehicle information input to executable attack test script output.
[0065] The beneficial effects of the method for generating automated safety testing schemes for intelligent connected vehicles according to the present invention are: This invention, through the above technical solution, acquires multi-source attack knowledge data in the field of intelligent connected vehicles, performs knowledge extraction, and constructs an attack tactics knowledge graph; collects and analyzes the asset configuration information and network topology information of the target vehicle system; based on a multi-agent collaborative mechanism, using the asset configuration information and network topology information of the target vehicle system as query conditions, performs graph reasoning in the attack tactics knowledge graph to generate attack strategies, and performs quantitative optimization through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection and avoidance capabilities, resource consumption, and side-channel impact; based on the semantic matching of each attack technique node in the attack strategy, it recommends and recommends a set of matching attack tools, establishing a relationship between attack techniques and attack tools. The system utilizes a semantic mapping library and generates tool execution parameter configurations based on the configuration parameters of the target vehicle system. It integrates the attack strategy with the attack tool set to generate a structured attack test plan document, which is then converted into an executable attack test script sequence. The system executes the attack test script sequence, captures test result data during execution, and updates the confidence scores of attack technology nodes and the effectiveness scores of attack tool nodes in the attack tactics knowledge graph based on the test result data. Simultaneously, it periodically acquires new attack knowledge data from external data sources to incrementally update the attack tactics knowledge graph, thereby improving the automation, intelligence, and executability of intelligent connected vehicle attack test plan generation.
[0066] To achieve the above objectives, the present invention also proposes an automated safety test scheme generation system for intelligent connected vehicles. The system includes a memory, a processor, and an automated safety test scheme generation program for intelligent connected vehicles stored on the processor. The automated safety test scheme generation program for intelligent connected vehicles is executed by the processor to perform the steps of the method described above.
[0067] To achieve the above objectives, the present invention also proposes a computer-readable storage medium storing an automated safety test scheme generation program for intelligent connected vehicles, wherein the automated safety test scheme generation program for intelligent connected vehicles is executed by a processor to perform the steps of the method described above.
[0068] The above description, in conjunction with specific preferred embodiments, provides a further detailed explanation of the present invention. It should not be construed that the specific implementation of the present invention is limited to these descriptions. For those skilled in the art, various simple deductions or substitutions can be made without departing from the concept of the present invention, and all such modifications and substitutions should be considered within the scope of protection of the present invention.
Claims
1. A method for generating automated safety testing schemes for intelligent connected vehicles, characterized in that, The method includes the following steps: Step S10: Obtain multi-source attack knowledge data in the field of intelligent connected vehicles, perform knowledge extraction, and construct an attack tactics knowledge graph. Step S20: Collect and parse the asset configuration information and network topology information of the target vehicle system; Step S30: Based on the multi-agent collaborative mechanism, the asset configuration information and network topology information of the target vehicle system are used as query conditions to generate an attack strategy through graph reasoning in the attack tactics knowledge graph, and quantitative optimization is performed through a multi-dimensional comprehensive evaluation function that integrates attack success probability, detection and avoidance capability, resource consumption and side-channel impact. Step S40: Perform semantic matching based on each attack technique node in the attack strategy, associate and recommend a set of matching attack tools, establish a semantic mapping library between attack techniques and attack tools, and generate tool execution parameter configuration according to the configuration parameters of the target vehicle system. Step S50: Associate and integrate the attack strategy with the attack tool set to generate a structured attack test plan document and convert it into an executable attack test script sequence. Step S60: Execute the attack test script sequence, capture test result data during execution, and update the confidence score of the attack technique nodes and the effectiveness score of the attack tool nodes in the attack technique and tactic knowledge graph based on the test result data; simultaneously, periodically obtain new attack knowledge data from external data sources and incrementally update the attack technique and tactic knowledge graph. Step S10 includes: Step S101: Obtain attack knowledge data from external data sources through API interfaces or web crawlers. The external data sources include one or more of the following: CVE / CNVD vulnerability database, CAPEC attack pattern library, public security research reports, penetration test reports and vulnerability exploitation code libraries, as well as CAN protocol signal definitions and known backdoors of specific ECU models. Step S102: Using a named entity recognition and relation extraction algorithm based on a pre-trained language model, attack tactics entities and relationships between entities are extracted from the collected unstructured or semi-structured data. The attack tactics entities include: attack tactic entities, attack technology entities, attack sub-technology entities, attack tool entities, attack target entities, vulnerability entities, and defense measure entities. The relationships between entities include: the inclusion relationship between tactics and technologies, the subordinate relationship between technologies and sub-technologies, the utilization relationship between technologies and tools, the interaction relationship between technologies and targets, the association relationship between technologies and vulnerabilities, the sequential relationship between technologies, and the parallel relationship between technologies. Step S103: The extracted attack tactics entities and relationships between entities are stored in a graph database to construct an attack tactics knowledge graph. In the attack tactics knowledge graph, nodes are used to represent attack tactics entities, edges are used to represent relationships between entities, and attack tactics are used as top-level nodes, attack techniques and attack sub-techniques as intermediate nodes, and attack tools / vulnerabilities / attack targets as bottom-level nodes to form a hierarchical knowledge representation. The attack tools include one of the following: CAN message injection tool and UDS fuzzing tool.
2. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 1, characterized in that, Step S20 includes: Step S201: Obtain the asset configuration information of the target vehicle system through static configuration file import, active scanning or passive listening. The asset configuration information includes: electronic control unit model and firmware version, communication protocol type and version, service exposure interface, operating system type and version, installed security mechanism activation, and CAN message data. Step S202: Generate network topology information of the target vehicle system by active detection or based on a system architecture model. The network topology information includes the in-vehicle network topology and the external network topology. Step S203: By monitoring the communication traffic and system logs of the target vehicle system under normal operating conditions, a system behavior baseline is established for use in the anomaly detection and avoidance strategy design in subsequent attack strategy planning.
3. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 2, characterized in that, Step S30 includes: Step S301: Receive asset configuration information and network topology information of the target vehicle system. Through knowledge graph query and graph matching algorithm, identify the set of available attack entry points and potential attack surfaces, and obtain an attack surface analysis report. The attack surface analysis report includes a list of attack entry points, the availability score of each entry point, and the identification results of key assets. Step S302: Using the attack surface analysis report as a constraint, execute a multi-hop reasoning algorithm based on graph traversal on the attack tactics knowledge graph. Starting from the attack tactics node, traverse downwards along the inclusion and refinement relationship edges to the attack technology node and attack sub-technology node to generate a set of candidate attack paths. Combine the set of candidate attack paths into an initial attack strategy according to the temporal and logical dependencies. Step S303: Evaluate and optimize the initial attack strategy, wherein the comprehensive evaluation function is defined as follows: in, To obtain the confidence level of attack technique nodes from the knowledge graph, i.e., to score the probability of a successful attack, The probability of being detected is calculated for evaluating the safety mechanism configuration of the target vehicle system. To normalize resource consumption, including time, computing resources, and required permissions, This is the side-channel impact coefficient, used to assess the extent to which an attack affects vehicle driving safety and functional safety. , , , These are configurable weighting coefficients; Step S304: Call an external simulation platform or digital twin system to construct a virtual environment for the target vehicle system, and verify the feasibility of the optimized attack strategy. If the verification is successful, the final confirmed attack strategy chain is output. If the verification fails, path replanning is performed.
4. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 3, characterized in that, Step S40 includes: Step S401: Use a relational database or graph database to store attack tool entries and their metadata. Each attack tool entry includes: a unique tool identifier, tool name, tool type, applicable attack technology, applicable communication protocol, operating environment requirements, configuration parameter template, and tool acquisition method. Step S402: Associated with the final confirmed attack strategy chain, for each attack technique node in the attack strategy, extract the semantic feature vector of the attack technique, calculate the similarity with the applicable attack technique field of each attack tool in the attack tool knowledge base, sort them from high to low similarity, and output a recommended list of attack tools that match the attack technique node. Step S403: For each attack tool in the recommended list, generate the complete configuration parameters required for tool execution based on the actual configuration parameters of the target vehicle system.
5. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 4, characterized in that, Step S50 includes: Step S501: The final confirmed attack strategy and recommended list of attack tools and configuration parameters are linked and integrated to generate a structured attack test archive document. Step S502: Convert the structured attack test plan document into an executable attack test script sequence.
6. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 5, characterized in that, Step S60 includes: Step S601: Execute the attack test script sequence in the test environment; Step S602: Capture test result data during the attack test execution process; Step S603: Convert the captured test results into knowledge graph update instructions; specifically, this includes: increasing the confidence score of successfully executed attack technology nodes.
7. The method for generating an automated safety testing scheme for intelligent connected vehicles according to claim 6, characterized in that, Step S603 specifically includes: For attack technique nodes that fail to execute, lower their confidence score and record the reason for failure; for verified effective attack tools, increase their effectiveness score on the corresponding attack technique; for newly discovered vulnerabilities or new attack paths, generate update instructions for adding new nodes or edges.
8. An automated safety testing scheme generation system for intelligent connected vehicles, characterized in that, The system includes a memory, a processor, and an automated safety test scheme generation program for intelligent connected vehicles stored on the processor, wherein the automated safety test scheme generation program for intelligent connected vehicles is executed by the processor to perform the steps of the method as described in any one of claims 1 to 7.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores an automated safety test scheme generation program for intelligent connected vehicles, which, when run by a processor, performs the steps of the method as described in any one of claims 1 to 7.