A detection method of message injection attack for vehicle CAN bus

Abstract

The invention discloses a detection method of a message injection attack for a vehicle-mounted CAN bus. The periodicity and stability characteristics of the normal communication of the CAN bus are applied to a detection process of detecting whether the CAN bus is subjected to the message injection attack in real time. During the specific implementation of the invention, the normal communication ofthe vehicle-mounted CAN bus needs to be monitored at first, communication characteristics thereof are stored, and the purpose of detecting the injection attack is achieved by comparing the normal communication characteristics with the real-time communication characteristics during the detection. By adoption of the detection method disclosed by the invention, whether the vehicle CAN bus is subjected to the injection attack is detected by updating the software connected to an electronic control unit ECU of the CAN bus without changing the hardware architecture on the vehicle CAN bus. The detection method disclosed by the invention can be applied to various vehicles that use the CAN buses to perform information transmission, the security during the use of the vehicles is improved, and the personal safety of passengers is guaranteed.

Description

technical field [0001] The invention relates to a detection method for a message injection attack on a vehicle-mounted CAN bus, which uses the periodicity of message transmission of the vehicle-mounted CAN bus and the stability of data changes in the message data segment to detect the message injection attack of the vehicle-mounted CAN bus, which belongs to information safety technology. Background technique [0002] The controller area network (Controller AreaNetwork, CAN) developed by BOSCH in the early 1980s is a serial bus that has become a standard protocol for modern automotive buses. With the popularity of automotive electronic control technology, electronic control units (Electronic Controll Unit, ECU) are commonly used in automobiles to control modules such as instrument clusters, power steering, and lighting systems. In order to realize the information exchange between various modules, modern cars generally use the CAN bus protocol to connect all ECUs on a twisted...

AI Technical Summary

Problems solved by technology

[0006] (4) Lack of security mechanism: CAN bus protocol uses clear text to send messages, and attackers can easily forge messages to carry out attacks

Although this method can detect the injection attack of vehicle CAN, there are some deficiencies: first, the gateway plays a very important role as a bridge for inter-network communication, and this detection method uses the gateway to monitor the communication of all identifiers. Once the calculation load of the gateway exceeds the calculation capacity of the gateway, it will inevitably lead to failure of the vehicle communication network; secondly, although the legal data segment value is between the maximum value and the minimum value it saves, it is between the maximum value and the minimum value. The data value is not necessarily legal, so this method may miss some illegal attack data frames; finally, the CAN bus generates some wrong data frames due to some reasons (such as physical interference) during actual communication, the standard CAN protocol These data frames will be dropped and will not cause failure to the overall system operation, but this detection method will mistake it for an injection attack and sound an alarm

Images