Intelligent network connection-based test method and system for virtual-real fusion of heterogeneous data of vehicle

By constructing a virtual-real fusion analysis environment, acquiring heterogeneous in-vehicle data streams and generating dynamic defense strategies, the problem of insufficient cross-domain correlation analysis capabilities in existing technologies is solved. This achieves synergistic optimization of security protection and functional safety for intelligent connected vehicles, enhancing proactive defense capabilities and operational safety.

CN122394838APending Publication Date: 2026-07-14SHANDONG SINO-AISA TIRE PROVING GROUND CO LTD +2

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANDONG SINO-AISA TIRE PROVING GROUND CO LTD
Filing Date
2026-03-24
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing vehicle network security technologies struggle to address the isolation issues between controller area networks, Ethernet, and sensor data, and are unable to establish cross-domain correlation analysis capabilities. Furthermore, static defense rules cannot adapt to the dynamic changes in the vehicle's electronic and electrical architecture and new, unknown attacks, causing defense actions to affect critical vehicle safety functions and making it difficult to achieve a coordinated and unified approach to security protection and functional safety.

Method used

By constructing a virtual-real fusion analysis environment, acquiring heterogeneous in-vehicle perception data streams, establishing a dynamic mapping relationship between the physical vehicle status and the digital twin, performing multi-dimensional risk measurement and assessment, generating a dynamic defense strategy set, and distributing it to the in-vehicle security gateway and domain controller to suppress attack behaviors in real time.

Benefits of technology

It achieves unified representation and risk prediction of multi-source heterogeneous data, generates dynamic defense strategies adapted to the vehicle's electronic and electrical architecture and functional safety level, and improves the active defense capability and operational safety of intelligent connected vehicles.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394838A_ABST
    Figure CN122394838A_ABST
Patent Text Reader

Abstract

The application relates to the technical field of automobile data testing, and discloses a vehicle heterogeneous data virtual-real fusion testing method and system based on intelligent networking, which acquires vehicle-mounted heterogeneous sensing data flow; based on the vehicle-mounted heterogeneous sensing data flow, a virtual-real fusion analysis environment is constructed; in the virtual-real fusion analysis environment, multi-dimensional risk measurement evaluation is performed to obtain a comprehensive risk situation value; according to the comprehensive risk situation value, a dynamic defense strategy set is generated; the dynamic defense strategy set is sent to a vehicle-mounted safety gateway and a domain controller to realize real-time suppression of attack behaviors; through construction of the virtual-real fusion analysis environment, unified representation and risk pre-rehearsal of multi-source heterogeneous data are realized; based on multi-dimensional behavior characteristics and vulnerability evaluation, a comprehensive risk situation is calculated, and a dynamic defense strategy that is adapted to a vehicle electronic and electrical architecture and a functional safety level is generated; the network security protection and the vehicle functional safety are cooperatively optimized; and the active defense capability and the operation safety of the intelligent networked vehicle are improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of automotive data testing technology, and more specifically, to a method and system for testing heterogeneous automotive data based on intelligent connected vehicles using virtual-real fusion. Background Technology

[0002] Automotive heterogeneous data fusion refers to the technology of fusing and analyzing heterogeneous data from different network domains (controller area network, Ethernet) and sensors (cameras, radar) in a virtual digital twin environment to support intelligent decision-making and safety protection of vehicles.

[0003] Existing vehicle network security technologies primarily employ intrusion detection methods based on static signature databases. These methods identify threats by matching known attack signatures and execute pre-defined, fixed defense rules (such as simple blacklist filtering). However, existing technologies struggle to address the isolation issues between controller area networks (CANs), Ethernet, and sensor data, and cannot establish cross-domain correlation analysis capabilities. Furthermore, static defense rules cannot adapt to the dynamic changes in vehicle electronic and electrical architecture and new, unknown attacks, and lack a mechanism for predicting the side effects of defense measures. This could lead to defense actions impacting critical vehicle safety functions, making it difficult to achieve a coordinated balance between security defenses and functional safety. Summary of the Invention

[0004] To address the aforementioned technical challenges, this application aims to provide a virtual-real fusion testing method and system for heterogeneous data in intelligent connected vehicles. By constructing a virtual-real fusion analysis environment, it achieves unified representation and risk prediction of multi-source heterogeneous data. Based on multi-dimensional behavioral characteristics and vulnerability assessment, it calculates the comprehensive risk situation and generates dynamic defense strategies adapted to the vehicle's electronic and electrical architecture and functional safety level. This enables synergistic optimization of network security protection and vehicle functional safety, thereby enhancing the proactive defense capabilities and operational safety of intelligent connected vehicles.

[0005] To achieve the above objectives, this invention provides a method for testing the virtual-real fusion of heterogeneous data in intelligent connected vehicles, including: Acquire vehicle-mounted heterogeneous sensing data stream, which includes controller local area network message sequence, vehicle-mounted Ethernet communication frame and environmental sensing sensor data; Based on the vehicle-mounted heterogeneous perception data stream, a virtual-real fusion analysis environment is constructed, which represents the dynamic mapping relationship between the physical vehicle state and the digital twin. In the virtual-real fusion analysis environment, a multi-dimensional risk measurement and assessment is performed to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threats currently faced by the vehicle. Based on the comprehensive risk situation value, a dynamic defense strategy set is generated, which includes intrusion blocking rules and access control whitelists. The dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behavior in real time.

[0006] Furthermore, based on the aforementioned vehicle-mounted heterogeneous sensing data stream, a virtual-real fusion analysis environment is constructed, including: The controller local area network message sequence, the vehicle Ethernet communication frame and the environmental perception sensor data are timestamped and parsed to establish a standardized data representation under a unified spatiotemporal reference. Based on the standardized data representation, update the state parameters of the vehicle digital twin, which include actuator state in the power domain, communication topology in the information domain, and obstacle distribution in the environmental domain. Establish a virtual-real mapping relationship between the physical vehicle state and the digital twin, the virtual-real mapping relationship including data flow channels and state synchronization mechanisms; Based on the virtual-real mapping relationship, the virtual-real fusion analysis environment is constructed in the virtual simulation layer.

[0007] Furthermore, within the virtual-real fusion analysis environment, a multi-dimensional risk measurement assessment is performed to obtain a comprehensive risk situation value, including: Extract behavioral feature patterns from the vehicle-mounted heterogeneous sensing data stream. The behavioral feature patterns include message periodicity, load rate fluctuation characteristics, and end-to-end communication delay distribution. The deviation between the behavioral feature patterns and the preset baseline security profile is analyzed to identify abnormal communication behaviors; Assess the vulnerability exposure index of the vehicle electronic control unit, which is determined based on the number of open service ports and the strength of the authentication mechanism; Based on the abnormal communication behavior and the vulnerability exposure index, combined with attack path reachability analysis, the comprehensive risk situation value is calculated.

[0008] Furthermore, deviation analysis is performed between the behavioral feature patterns and a preset baseline security profile to identify abnormal communication behaviors, including: Calculate the periodic deviation index between the message periodicity and the standard periodicity; Monitor whether the load rate fluctuation characteristics exceed the normal communication baseband range; Identify abnormal delay peaks in the end-to-end communication delay distribution; When any of the cycle deviation index, the load rate fluctuation characteristic, or the abnormal delay peak exceeds the corresponding warning threshold, the abnormal communication behavior is marked and the timestamp of the abnormality and the associated node identifier are recorded.

[0009] Furthermore, based on the comprehensive risk situation value, a dynamic defense strategy set is generated, including: Obtain the current vehicle's electronic and electrical architecture topology and functional safety level configuration; The defense response level is determined based on the degree to which the comprehensive risk situation value exceeds a preset risk threshold; Based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base; Based on the functional safety level configuration, conflict detection and priority reordering are performed on the initial defense rules to generate the dynamic defense strategy set.

[0010] Furthermore, based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base, including: Analyze the communication dependencies and trust boundaries between domain controllers in the described electronic and electrical architecture topology diagram; Based on the defense response level, the intrusion limit of the defense action is determined; Retrieve candidate defense rules from the preset defense rule base that match the attack feature pattern corresponding to the abnormal communication behavior; Based on the intrusion level limit and the communication dependency, the candidate defense rules are filtered to obtain the initial defense rules.

[0011] Furthermore, the dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behaviors in real time, including: Perform syntax compliance and semantic consistency checks on the dynamic defense strategy set; Based on the verification results, the dynamic defense strategy set is divided into critical defense instructions and regular defense instructions; The critical defense commands are sent to the vehicle security gateway through a high-priority channel, and the regular defense commands are sent to the domain controller through a standard communication channel. The system receives policy execution confirmation information returned by the vehicle security gateway and the domain controller. When the confirmation information is missing or times out, a policy retransmission mechanism is triggered.

[0012] Furthermore, it also includes: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.

[0013] To achieve the above objectives, the present invention also provides a virtual-real fusion testing system for heterogeneous data of intelligent connected vehicles, comprising: The data acquisition module is used to acquire vehicle-mounted heterogeneous sensing data streams, which include controller local area network message sequences, vehicle-mounted Ethernet communication frames, and environmental sensing sensor data. The virtual-real fusion module is used to construct a virtual-real fusion analysis environment based on the vehicle-mounted heterogeneous perception data stream. The virtual-real fusion analysis environment represents the dynamic mapping relationship between the physical vehicle state and the digital twin. The risk measurement module is used to perform multi-dimensional risk measurement and assessment in the virtual-real fusion analysis environment to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threats currently faced by the vehicle. The attack and defense strategy module is used to generate a dynamic defense strategy set based on the comprehensive risk situation value. The dynamic defense strategy set includes intrusion blocking rules and access control whitelists. The policy distribution module is used to distribute the dynamic defense policy set to the vehicle security gateway and domain controller to suppress attack behavior in real time.

[0014] Furthermore, it also includes: The virtual-to-real update module is used for: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.

[0015] Compared with the prior art, the beneficial effects of the present invention are as follows: This invention discloses a virtual-real fusion testing method and system for heterogeneous data in intelligent connected vehicles. The method involves acquiring heterogeneous in-vehicle perception data streams; constructing a virtual-real fusion analysis environment based on these data streams; performing multi-dimensional risk measurement and assessment within this environment to obtain a comprehensive risk posture value; generating a dynamic defense strategy set based on the comprehensive risk posture value; and distributing the dynamic defense strategy set to the in-vehicle security gateway and domain controller to suppress attack behaviors in real time. By constructing the virtual-real fusion analysis environment, a unified representation and risk prediction of multi-source heterogeneous data is achieved. The comprehensive risk posture is calculated based on multi-dimensional behavioral characteristics and vulnerability assessments, and dynamic defense strategies adapted to the vehicle's electronic and electrical architecture and functional safety level are generated. This achieves synergistic optimization of network security protection and vehicle functional safety, improving the proactive defense capabilities and operational safety of intelligent connected vehicles. Attached Figure Description

[0016] Various other advantages and benefits will become apparent to those skilled in the art upon reading the following detailed description of preferred embodiments. The accompanying drawings are for illustrative purposes only and are not intended to limit the invention. Furthermore, the same reference numerals denote the same parts throughout the drawings. In the drawings: Figure 1 A flowchart illustrating the virtual-real fusion testing method for heterogeneous vehicle data based on intelligent connected vehicles in an embodiment of the present invention is shown. Figure 2 A schematic diagram of the structure of the vehicle heterogeneous data virtual-real fusion test system based on intelligent connected vehicles in an embodiment of the present invention is shown. Detailed Implementation

[0017] The specific embodiments of the present invention will be described in further detail below with reference to the accompanying drawings and examples. The following examples are for illustrative purposes only and are not intended to limit the scope of the invention.

[0018] In the description of this application, it should be understood that the terms "center", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings. They are only for the convenience of describing this application and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. Therefore, they should not be construed as limitations on this application.

[0019] The terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Therefore, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this application, unless otherwise stated, "a plurality of" means two or more.

[0020] In the description of this application, it should be noted that, unless otherwise expressly specified and limited, the terms "installation," "connection," and "linking" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection between two components. Those skilled in the art can understand the specific meaning of the above terms in this application based on the specific circumstances.

[0021] The following is a description of preferred embodiments of the present invention in conjunction with the accompanying drawings.

[0022] like Figure 1As shown, embodiments of the present invention disclose a method for testing the virtual-real fusion of heterogeneous data in intelligent connected vehicles, including: S110: Acquire vehicle heterogeneous sensing data stream, the vehicle heterogeneous sensing data stream including controller local area network message sequence, vehicle Ethernet communication frame and environmental sensing sensor data; S120: Based on the vehicle-mounted heterogeneous perception data stream, construct a virtual-real fusion analysis environment, which represents the dynamic mapping relationship between the physical vehicle state and the digital twin; S130: In the virtual-real fusion analysis environment, perform multi-dimensional risk measurement and assessment to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threat currently faced by the vehicle; S140: Generate a dynamic defense strategy set based on the comprehensive risk situation value. The dynamic defense strategy set includes intrusion blocking rules and access control whitelists. S150: The dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behavior in real time.

[0023] In this embodiment, the vehicle-mounted heterogeneous perception data stream refers to a heterogeneous data set from different network domains and sensors of the vehicle: the controller area network (MAN) message sequence comes from the MAN bus of the power domain and chassis domain, and includes periodic status messages from engine control units, brake control units, etc., with a sampling period of 10 milliseconds; the vehicle-mounted Ethernet communication frames come from the infotainment domain and intelligent driving domain, with a transmission rate of 100 megabits per second to 1000 megabits per second, and include high-bandwidth data from cameras and lidar; the environmental perception sensor data includes raw point cloud or image data from millimeter-wave radar, ultrasonic radar, and cameras.

[0024] In some embodiments of this application, a virtual-real fusion analysis environment is constructed based on the vehicle-mounted heterogeneous sensing data stream, including: The controller local area network message sequence, the vehicle Ethernet communication frame and the environmental perception sensor data are timestamped and parsed to establish a standardized data representation under a unified spatiotemporal reference. Based on the standardized data representation, update the state parameters of the vehicle digital twin, which include actuator state in the power domain, communication topology in the information domain, and obstacle distribution in the environmental domain. Establish a virtual-real mapping relationship between the physical vehicle state and the digital twin, the virtual-real mapping relationship including data flow channels and state synchronization mechanisms; Based on the virtual-real mapping relationship, the virtual-real fusion analysis environment is constructed in the virtual simulation layer.

[0025] In this embodiment, timestamp alignment uses a unified global time base (such as Greenwich Mean Time or local time synchronized with the onboard network time protocol) to ensure traceable temporal relationships between events from different data sources. Protocol parsing refers to parsing the raw data according to Controller Area Network (CLAN) protocols (such as standard frame format or extended frame format) and Ethernet protocols (such as Transmission Control Protocol / User Datagram Protocol) to extract fields such as identifier, data length, and payload. Standardized data representation uses a unified structured data format (such as JavaScript object notation or Extensible Markup Language), including four fields: timestamp, data source, data type, and payload. The update frequency of the digital twin's state parameters is consistent with that of the physical vehicle: the actuator status in the power domain includes engine speed and brake pedal position, updated at 100 Hz; the communication topology in the information domain includes the online status and connection relationships of each electronic control unit, updated at 10 Hz; and the obstacle distribution in the environmental domain includes the position coordinates of surrounding vehicles and pedestrians, updated at 50 Hz. In the virtual-physical mapping relationship, the data flow channel refers to the data pipeline from physical sensors to the digital twin. The state synchronization mechanism adopts a publish-subscribe model, automatically triggering updates to the digital twin when the physical vehicle's state changes. The virtual simulation layer runs on an onboard high-performance computing platform or cloud server, supporting offline simulation capabilities: simulated attacks (such as denial-of-service attacks and packet injection attacks) can be injected into the virtual environment to observe the digital twin's response and pre-verify the effectiveness of defense strategies (such as adding firewall rules) without affecting the safe operation of the physical vehicle.

[0026] The beneficial effects of the above technical solution are as follows: it eliminates the format differences of heterogeneous data by aligning timestamps and parsing protocols, and establishes a unified spatiotemporal benchmark; it ensures high-fidelity synchronization between the virtual environment and the physical vehicle by updating the state of the digital twin in real time; it realizes bidirectional data flow through the virtual-physical mapping relationship; and it allows for testing of various attack scenarios and defense schemes in the virtual space through offline simulation capabilities, avoiding the security risks brought about by testing on the actual vehicle and improving the reliability of the defense strategy.

[0027] In some embodiments of this application, in the virtual-real fusion analysis environment, a multi-dimensional risk measurement assessment is performed to obtain a comprehensive risk posture value, including: Extract behavioral feature patterns from the vehicle-mounted heterogeneous sensing data stream. The behavioral feature patterns include message periodicity, load rate fluctuation characteristics, and end-to-end communication delay distribution. The deviation between the behavioral feature patterns and the preset baseline security profile is analyzed to identify abnormal communication behaviors; Assess the vulnerability exposure index of the vehicle electronic control unit, which is determined based on the number of open service ports and the strength of the authentication mechanism; Based on the abnormal communication behavior and the vulnerability exposure index, combined with attack path reachability analysis, the comprehensive risk situation value is calculated.

[0028] In this embodiment, behavioral feature pattern extraction employs statistical analysis methods: message periodicity is assessed by calculating the standard deviation of the time interval between consecutive messages; a standard deviation less than 0.1 milliseconds indicates good periodicity; load rate fluctuation characteristics are assessed by monitoring the range of changes in bus bandwidth utilization; the normal fluctuation range is set to 30% to 70%; end-to-end communication delay distribution is obtained by recording the time difference between message transmission and reception; a delay exceeding 10 milliseconds is considered abnormal. The preset baseline security profile is a normal operation behavior model established during vehicle manufacturing or system initialization, including the standard message period of each electronic control unit (e.g., the engine control unit sends one frame every 10 milliseconds), the normal load rate range (e.g., the controller area network bus load rate is 40% ± 5%), and the standard delay (e.g., the gateway forwarding delay is 2 milliseconds). The vulnerability exposure index is calculated as follows: 5 points are added for each additional open service port (maximum score 50 points); authentication mechanism strength is divided into no authentication (20 points), simple password (10 points), and strong authentication (0 points), with a total score from 0 to 70 points; the higher the score, the more vulnerable the user. Attack path reachability analysis is based on the network topology graph, calculating the shortest path length from the attack entry point (such as an on-board diagnostic interface or telematics unit) to a critical target (such as a brake control unit). The shorter the path, the higher the reachability and the greater the risk. The comprehensive risk situation value is calculated using a weighted summation, assigning weights to the abnormal communication behavior score, vulnerability exposure index, and attack path reachability score. The abnormal communication behavior score has a weight of 0.4, the vulnerability exposure index has a weight of 0.3, and the attack path reachability score has a weight of 0.3.

[0029] The beneficial effects of the above technical solution are as follows: by extracting multi-dimensional behavioral characteristics such as message cycle, load rate, and latency, a refined characterization of network communication status is achieved; by analyzing the deviation from the baseline profile, abnormal behavior of zero-day attacks or unknown patterns can be identified; the inherent security weaknesses of the system are quantified through the vulnerability exposure index; the potential impact range of threats is assessed through attack path reachability analysis; and the comprehensive risk situation value obtained by combining the three factors fully reflects the current security situation of the vehicle, providing a quantitative basis for subsequent defense decisions.

[0030] In some embodiments of this application, deviation analysis is performed between the behavioral feature patterns and a preset baseline security profile to identify abnormal communication behavior, including: Calculate the periodic deviation index between the message periodicity and the standard periodicity; Monitor whether the load rate fluctuation characteristics exceed the normal communication baseband range; Identify abnormal delay peaks in the end-to-end communication delay distribution; When any of the cycle deviation index, the load rate fluctuation characteristic, or the abnormal delay peak exceeds the corresponding warning threshold, the abnormal communication behavior is marked and the timestamp of the abnormality and the associated node identifier are recorded.

[0031] In this embodiment, the regularity of the message cycle is assessed by calculating the average and standard deviation of 10 consecutive message intervals. The standard cycle is the nominal cycle during vehicle design (e.g., a nominal cycle of 10 milliseconds for engine speed messages). The cycle deviation index is calculated as |actual average cycle - standard cycle| / standard cycle × 100%. The warning threshold is set to 10%, meaning an alarm is triggered when the actual cycle deviates from the nominal value by more than 10% (e.g., becoming more than 11 milliseconds or less than 9 milliseconds). Load rate fluctuation characteristics are assessed by monitoring the bandwidth utilization of the controller LAN bus or Ethernet link. The normal communication baseband range is set to 20% to 60% (based on historical statistical data). An alarm is triggered when the load rate remains below 20% for 5 consecutive seconds (potentially due to a denial-of-service attack causing communication interruption) or above 60% (potentially due to a flooding attack causing congestion). Abnormal latency peaks refer to end-to-end communication delays exceeding three times the normal average standard deviation. For example, if the normal average latency is 5 milliseconds and the standard deviation is 1 millisecond, the threshold is set to 8 milliseconds. A delay exceeding 8 milliseconds is considered an abnormal peak. The associated node identifier refers to the address of the electronic control unit or Internet Protocol address that participated in the abnormal communication. For example, if an abnormal message cycle is detected from the engine control unit (address 0x01), the address and the time of the abnormality are recorded.

[0032] The beneficial effects of the above technical solution are as follows: the timing accuracy of messages is quantified by the period deviation index, which can detect period disorder caused by clock tampering or denial-of-service attacks; abnormal fluctuations in communication volume are identified by load rate baseband monitoring; forwarding delays introduced by network congestion or man-in-the-middle attacks are located by abnormal delay peaks; and accurate identification and tracing of abnormal communication behavior are achieved through multi-dimensional threshold judgment and recording, providing detailed logs for attack forensics.

[0033] In some embodiments of this application, a dynamic defense strategy set is generated based on the comprehensive risk situation value, including: Obtain the current vehicle's electronic and electrical architecture topology and functional safety level configuration; The defense response level is determined based on the degree to which the comprehensive risk situation value exceeds a preset risk threshold; Based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base; Based on the functional safety level configuration, conflict detection and priority reordering are performed on the initial defense rules to generate the dynamic defense strategy set.

[0034] In this embodiment, the electronic and electrical architecture topology diagram describes the connection relationships of various electronic control units, sensors, and actuators in the vehicle, including five functional domains: powertrain, chassis, body, infotainment, and intelligent driving, as well as communication media such as Controller Area Network (CAN), Ethernet, and FlexRay. Functional safety level configurations are determined according to international standards; for example, the braking system is Level D (highest safety level), and the infotainment system is Level A (lowest safety level). The preset risk threshold is set at 60 points (out of 100), and the defense response level is divided into four levels: green (0 to 40 points, no risk, maintain the status quo), yellow (40 to 60 points, low risk, enhanced monitoring), orange (60 to 80 points, medium risk, active defense), and red (80 to 100 points, high risk, emergency isolation). Conflict detection refers to checking whether defense rules conflict with critical vehicle safety functions. For example, blocking a CAN bus communication line may affect braking signal transmission; if the bus carries a Level D safety function, the rule is marked as conflicting. Priority reordering is determined based on functional safety levels, ensuring that the availability of high-security-level functions takes precedence over the execution of defense rules. For example, for rules that affect both the infotainment domain and the power domain, priority is given to ensuring communication in the power domain, while blocking is only applied to the infotainment domain.

[0035] The beneficial effects of the above technical solution are as follows: by introducing an electronic and electrical architecture topology diagram, the defense strategy takes into account the actual network structure of the vehicle; by implementing a hierarchical response mechanism, the defense strength and risk level are adaptively matched; and by conflict detection and priority reordering of functional safety levels, the defense measures are ensured not to sacrifice the vehicle's critical safety functions, thus achieving a balance between safety protection and functional safety and avoiding the risk of vehicle loss of control due to excessive defense.

[0036] In some embodiments of this application, based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base, including: Analyze the communication dependencies and trust boundaries between domain controllers in the described electronic and electrical architecture topology diagram; Based on the defense response level, the intrusion limit of the defense action is determined; Retrieve candidate defense rules from the preset defense rule base that match the attack feature pattern corresponding to the abnormal communication behavior; Based on the intrusion level limit and the communication dependency, the candidate defense rules are filtered to obtain the initial defense rules.

[0037] In this embodiment, communication dependencies refer to the data flow between functional domains. For example, the intelligent driving domain depends on vehicle speed information provided by the chassis domain, and the power domain depends on gear signals provided by the body domain, forming a dependency chain. Trust boundaries refer to isolated areas divided according to security domains. For example, the power domain and infotainment domain are isolated through a gateway and belong to different trust domains. Intrusion level restrictions are determined based on the defense response level: green level does not allow intrusion (monitoring only), yellow level allows minor intrusion (such as increasing log recording frequency), orange level allows moderate intrusion (such as blocking specific non-critical services), and red level allows deep intrusion (such as completely isolating a domain). The attack signature pattern library stores signatures of known attacks. For example, the characteristic of a denial-of-service attack is "high-frequency replay messages with the same identifier," and the characteristic of a spoofing attack is "source address and physical port do not match." Candidate defense rule retrieval is achieved through pattern matching. For example, if high-frequency replay is detected, a "rate limiting rule" is matched. The screening process checks the scope of influence of rules: For example, if a rule suggests blocking all inbound packets from the chassis domain, but the analysis of dependencies reveals that the intelligent driving domain depends on chassis domain data, then the rule is excluded and replaced with blocking only packets from untrusted source addresses to avoid cascading interference that could cause the intelligent driving function to fail.

[0038] The beneficial effects of the above technical solution are: by analyzing communication dependencies and trust boundaries, the safety-critical paths of vehicle functions are understood; by limiting the degree of intrusion, the strength of defense and the level of risk are matched, avoiding over-defense when the risk is low; by using a screening mechanism, defense rules that may cause cascading failures are excluded, ensuring that the defense measures do not disrupt the normal data flow of the vehicle's critical functions while blocking attacks, thus maintaining the driving safety and functional integrity of the vehicle.

[0039] In some embodiments of this application, the dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behavior in real time, including: Perform syntax compliance and semantic consistency checks on the dynamic defense strategy set; Based on the verification results, the dynamic defense strategy set is divided into critical defense instructions and regular defense instructions; The critical defense commands are sent to the vehicle security gateway through a high-priority channel, and the regular defense commands are sent to the domain controller through a standard communication channel. The system receives policy execution confirmation information returned by the vehicle security gateway and the domain controller. When the confirmation information is missing or times out, a policy retransmission mechanism is triggered.

[0040] In this embodiment, the syntax compliance check verifies whether the policy set conforms to a predefined syntax format (such as the Extensible Markup Language architecture or JavaScript object representation format), ensuring that fields are complete and data types are correct (such as correct Internet Protocol address format and port numbers within the range of 0 to 65535). The semantic consistency check verifies whether the policy logic is reasonable, such as checking for contradictory rules (e.g., simultaneously allowing and prohibiting access to the same address) or exceeding the system's processing capacity (e.g., the number of firewall rules exceeding the device limit of 1000). Critical defense commands refer to emergency blocking commands against high-risk attacks (such as remote control attempts alerted by the intrusion detection system), requiring execution within 50 milliseconds; regular defense commands refer to general access control adjustments for low- to medium-risk attacks, allowing execution within 500 milliseconds. High-priority channels use high-priority packets (smaller identifier values) from the Controller Area Network (CAN) bus or priority streams from Ethernet (802.1p priority tag 7) to ensure priority transmission of critical commands. Standard communication channels use ordinary packets. Policy execution confirmation information is a response message returned by the vehicle security gateway or domain controller after policy execution, containing the execution status (success or failure) and a timestamp. The timeout period is set to 100 milliseconds for critical instructions and 1 second for regular instructions. If no acknowledgment is received within this time, the policy is triggered to resend the message, with a maximum of 3 resends. If the message still fails, the node is marked as having a communication error and an alarm is triggered.

[0041] The beneficial effects of the above technical solution are as follows: the correctness and executability of the policy set are ensured through syntax and semantic verification, avoiding execution failures caused by format errors or logical contradictions; the response speed to high-risk attacks is ensured by dividing critical and regular instructions and using differentiated transmission channels; and the reliability of policy issuance is improved through confirmation and retransmission mechanisms, ensuring that defense instructions can be accurately delivered and executed, thus forming a closed-loop policy management process.

[0042] In some embodiments of this application, it also includes: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.

[0043] In this embodiment, the actual execution effect is evaluated by monitoring the network status after the defense strategy is implemented. For example, if the expected effect after executing the blocking rule is a reduction of more than 90% in attack packets, but the actual reduction is only 50%, it is recorded as an effect deviation. Deviation information includes policy identifier, execution time, expected effect index, actual effect index, and deviation cause analysis (such as rule configuration error, attack variant bypass). The adjustment process uses machine learning algorithms (such as reinforcement learning or decision tree adjustment) to automatically adjust the threshold of the baseline security profile based on the deviation. For example, if multiple false alarms of a certain type of periodic fluctuation are identified as abnormal, the standard deviation threshold of that type of fluctuation is widened from 0.1 milliseconds to 0.2 milliseconds; or the rule triggering conditions are adjusted, such as changing "more than 100 frames per second is considered an attack" to "more than 150 frames per second". Updating to the virtual-real fusion analysis environment means replacing the old version with the new baseline profile and rule base to ensure that the virtual simulation uses the latest security model.

[0044] The beneficial effects of the above technical solution are as follows: by recording the deviation between the execution effect and the expectation, a feedback evaluation mechanism for the defense strategy is established; by automatically adjusting the baseline profile and rule base, adaptive optimization of the security strategy is achieved, reducing false alarms and false negatives; and by cloud synchronization, a vehicle-cloud collaborative security knowledge sharing system is constructed, which transforms single-vehicle attack and defense experience into group security capabilities and improves the security protection level of the entire vehicle ecosystem.

[0045] To further illustrate the technical concept of this invention, the technical solution of this invention will now be described in conjunction with specific application scenarios.

[0046] Correspondingly, such as Figure 2 As shown, this application also provides a virtual-real fusion testing system for heterogeneous data of intelligent connected vehicles, including: The data acquisition module is used to acquire vehicle-mounted heterogeneous sensing data streams, which include controller local area network message sequences, vehicle-mounted Ethernet communication frames, and environmental sensing sensor data. The virtual-real fusion module is used to construct a virtual-real fusion analysis environment based on the vehicle-mounted heterogeneous perception data stream. The virtual-real fusion analysis environment represents the dynamic mapping relationship between the physical vehicle state and the digital twin. The risk measurement module is used to perform multi-dimensional risk measurement and assessment in the virtual-real fusion analysis environment to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threats currently faced by the vehicle. The attack and defense strategy module is used to generate a dynamic defense strategy set based on the comprehensive risk situation value. The dynamic defense strategy set includes intrusion blocking rules and access control whitelists. The policy distribution module is used to distribute the dynamic defense policy set to the vehicle security gateway and domain controller to suppress attack behavior in real time.

[0047] In some embodiments of this application, it also includes: The virtual-to-real update module is used for: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.

[0048] In the description of the above embodiments, specific features, structures, materials, or characteristics may be combined in any suitable manner in one or more embodiments or examples.

[0049] Although the invention has been described above with reference to embodiments, various modifications can be made and components can be replaced with equivalents without departing from the scope of the invention. In particular, as long as there is no structural conflict, the features in the embodiments disclosed in this invention can be combined with each other in any way. The fact that not all of these combinations are described in this specification is merely for the sake of brevity and resource conservation.

[0050] It will be understood by those skilled in the art that the above are merely preferred embodiments of the present invention and are not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing embodiments or make equivalent substitutions for some of the technical features. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A method for testing the virtual-real fusion of heterogeneous data in intelligent connected vehicles, characterized in that, include: Acquire vehicle-mounted heterogeneous sensing data stream, which includes controller local area network message sequence, vehicle-mounted Ethernet communication frame and environmental sensing sensor data; Based on the vehicle-mounted heterogeneous perception data stream, a virtual-real fusion analysis environment is constructed, which represents the dynamic mapping relationship between the physical vehicle state and the digital twin. In the virtual-real fusion analysis environment, a multi-dimensional risk measurement and assessment is performed to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threats currently faced by the vehicle. Based on the comprehensive risk situation value, a dynamic defense strategy set is generated, which includes intrusion blocking rules and access control whitelists. The dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behavior in real time.

2. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 1, characterized in that, Based on the aforementioned vehicle-mounted heterogeneous sensing data stream, a virtual-real fusion analysis environment is constructed, including: The controller local area network message sequence, the vehicle Ethernet communication frame and the environmental perception sensor data are timestamped and parsed to establish a standardized data representation under a unified spatiotemporal reference. Based on the standardized data representation, update the state parameters of the vehicle digital twin, which include actuator state in the power domain, communication topology in the information domain, and obstacle distribution in the environmental domain. Establish a virtual-real mapping relationship between the physical vehicle state and the digital twin, the virtual-real mapping relationship including data flow channels and state synchronization mechanisms; Based on the virtual-real mapping relationship, the virtual-real fusion analysis environment is constructed in the virtual simulation layer.

3. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 1, characterized in that, In the virtual-real fusion analysis environment, a multi-dimensional risk measurement assessment is performed to obtain a comprehensive risk situation value, including: Extract behavioral feature patterns from the vehicle-mounted heterogeneous sensing data stream. The behavioral feature patterns include message periodicity, load rate fluctuation characteristics, and end-to-end communication delay distribution. The deviation between the behavioral feature patterns and the preset baseline security profile is analyzed to identify abnormal communication behaviors; Assess the vulnerability exposure index of the vehicle electronic control unit, which is determined based on the number of open service ports and the strength of the authentication mechanism; Based on the abnormal communication behavior and the vulnerability exposure index, combined with attack path reachability analysis, the comprehensive risk situation value is calculated.

4. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 3, characterized in that, The deviation of the behavioral feature patterns from a preset baseline security profile is analyzed to identify abnormal communication behaviors, including: Calculate the periodic deviation index between the message periodicity and the standard periodicity; Monitor whether the load rate fluctuation characteristics exceed the normal communication baseband range; Identify abnormal delay peaks in the end-to-end communication delay distribution; When any of the cycle deviation index, the load rate fluctuation characteristic, or the abnormal delay peak exceeds the corresponding warning threshold, the abnormal communication behavior is marked and the timestamp of the abnormality and the associated node identifier are recorded.

5. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 1, characterized in that, Based on the comprehensive risk situation value, a dynamic defense strategy set is generated, including: Obtain the current vehicle's electronic and electrical architecture topology and functional safety level configuration; The defense response level is determined based on the degree to which the comprehensive risk situation value exceeds a preset risk threshold; Based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base; Based on the functional safety level configuration, conflict detection and priority reordering are performed on the initial defense rules to generate the dynamic defense strategy set.

6. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 5, characterized in that, Based on the defense response level and the electronic and electrical architecture topology diagram, initial defense rules are matched from a preset defense rule base, including: Analyze the communication dependencies and trust boundaries between domain controllers in the described electronic and electrical architecture topology diagram; Based on the defense response level, the intrusion limit of the defense action is determined; Retrieve candidate defense rules from the preset defense rule base that match the attack feature pattern corresponding to the abnormal communication behavior; Based on the intrusion level limit and the communication dependency, the candidate defense rules are filtered to obtain the initial defense rules.

7. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 1, characterized in that, The dynamic defense strategy set is distributed to the vehicle security gateway and domain controller to suppress attack behaviors in real time, including: Perform syntax compliance and semantic consistency checks on the dynamic defense strategy set; Based on the verification results, the dynamic defense strategy set is divided into critical defense instructions and regular defense instructions; The critical defense commands are sent to the vehicle security gateway through a high-priority channel, and the regular defense commands are sent to the domain controller through a standard communication channel. The system receives policy execution confirmation information returned by the vehicle security gateway and the domain controller. When the confirmation information is missing or times out, a policy retransmission mechanism is triggered.

8. The method for testing heterogeneous vehicle data fusion based on intelligent connected vehicles according to claim 1, characterized in that, Also includes: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.

9. A vehicle heterogeneous data virtual-real fusion testing system based on intelligent connected vehicles, applied to the vehicle heterogeneous data virtual-real fusion testing method based on intelligent connected vehicles as described in any one of claims 1-8, characterized in that, include: The data acquisition module is used to acquire vehicle-mounted heterogeneous sensing data streams, which include controller local area network message sequences, vehicle-mounted Ethernet communication frames, and environmental sensing sensor data. The virtual-real fusion module is used to construct a virtual-real fusion analysis environment based on the vehicle-mounted heterogeneous perception data stream. The virtual-real fusion analysis environment represents the dynamic mapping relationship between the physical vehicle state and the digital twin. The risk measurement module is used to perform multi-dimensional risk measurement and assessment in the virtual-real fusion analysis environment to obtain a comprehensive risk situation value, which reflects the level of cybersecurity threats currently faced by the vehicle. The attack and defense strategy module is used to generate a dynamic defense strategy set based on the comprehensive risk situation value. The dynamic defense strategy set includes intrusion blocking rules and access control whitelists. The policy distribution module is used to distribute the dynamic defense policy set to the vehicle security gateway and domain controller to suppress attack behavior in real time.

10. The vehicle heterogeneous data virtual-real fusion testing system based on intelligent connected vehicles according to claim 9, characterized in that, Also includes: The virtual-to-real update module is used for: Record the deviation information between the actual execution effect and the expected defense effect of the dynamic defense strategy set; Based on the deviation information, adjust the parameter threshold of the preset baseline security profile and the rule triggering conditions in the preset defense rule base; The adjusted parameter thresholds and rule triggering conditions are updated to the virtual-real fusion analysis environment.