Vehicle control system network security detection method based on multi-stage feedback queue

Abstract

The invention belongs to the technical field of vehicle control system network security detection, and particularly relates to a vehicle control system network security detection method based on a multi-stage feedback queue. The method is implemented based on a detection system, and the system comprises a vehicle control network topology detection module, a vehicle control network protocol analysis module, a vehicle control network equipment vulnerability scanning module, a security vulnerability and security event POC library, a security event priority queuing module, a security event backupqueue registration module and a security event injection detection module. According to the method, the security event queues for injection detection are sequentially generated, the security events are injected and detected by adopting a multi-stage feedback queue round-robin scheduling mechanism, security holes and vulnerabilities of the vehicle control network can be accurately positioned, and an autonomous and controllable network security detection target of the vehicle control system is achieved. The scheme is high in automation degree, the security event injection detection mechanism isreasonable, efficient and accurate, the detection scene conforms to the real attack behavior of an attacker, and the whole network security detection process is autonomous and controllable.

Description

technical field [0001] The invention belongs to the technical field of vehicle control system network security detection, and in particular relates to a vehicle control system network security detection method based on a multi-level feedback queue. Background technique [0002] The vehicle control system is one of the important branches of the industrial control system. The network composition of the vehicle control system mainly includes gateways, system buses, electronic control units (Electronic Control Unit, ECU), various types of on-board equipment and subsystem functional modules, etc. The vehicle control network is generally based on the Controller Area Network (CAN) bus, supplemented by a low-cost bus such as the Local Interconnect Network (LIN) to realize the distributed electronic system control of the vehicle. . The vehicle control network generally integrates the five CAN subnets of powertrain, body control, chassis control, diagnostic control and business infor...

AI Technical Summary

Problems solved by technology

For emerging autonomous driving technologies, the security of its vehicle control network is more complex, with more risk points and poorer autonomous controllability. Autonomous driving means that once the vehicle control rights are maliciously hijacked, it will directly threaten personal safety, traffic security and even social security

At present, the network security risk of the vehicle control system is mainly reflected in three aspects: 1) The lack of network protection equipment leads to insufficient border protection capabilities: the vehicle control network has the characteristics of mobility, specialization, and closure, and considers computing resources and equipment power consumption. , performance attenuation and other limiting factors, unable to adapt to complete security reinforcement and protection equipment such as firewall, intrusion prevention, flow control, access authentication, etc., resulting in limited vehicle control network boundary protection capabilities; 2) vehicle control network protocol design itself has security loopholes : The vehicle control network adopts public CAN and other standard buses, lacks perfect security encryption, security authentication and boundary protection mechanisms, some electronic devices are directly connected to the control bus, electronic keys and tire pressure based on near-field wireless networks such as Bluetooth and radio frequency signals Application scenarios such as monitoring (TPMS) further increase the risk of malicious intrusion into the vehicle control network

Attackers can easily access the vehicle control network through the OBD debugging interface or bus nodes, forge control information and inject it into the vehicle control network, use message interception, protocol analysis and other means to crack and tamper with the vehicle control protocol messages transmitted in plain text, and then attack the vehicle Control or destroy the control network; 3) The network security detection method of the vehicle control system needs to be improved urgently: the traditional vehicle control network security detection uses manual, one by one access to the vehicle control bus through the OBD interface, intercepts the message, cracks the protocol, uses Vulnerabilities are injected into security events to verify the network security level of the vehicle control system. The entire process of security event injection detection requires a high degree of manual participation and a low degree of automation. In addition, there is no fixed pattern of attacker behavior, and the existing non-autonomous controllable security event injection detection mechanism It is also impossible to simulate scenarios such as more realistic attacker attack behaviors

[0004] From the above analysis, it can be seen that the deficiency of the current vehicle control system network security detection technology is mainly due to the insufficient protection capability of the vehicle control network boundary and the security loopholes in the protocol design itself, the existing vehicle control system network security detection technology has not yet achieved a higher degree of automation , The security event injection detection mechanism is more reasonable, the detection scenario is more in line with the real attack behavior, and the detection process is more autonomous and controllable detection target

Images