首页 | 本学科首页   官方微博 | 高级检索  
     

车载CAN总线脱离攻击及其入侵检测算法
引用本文:李中伟,谭凯,关亚东,姜文淇,叶麟. 车载CAN总线脱离攻击及其入侵检测算法[J]. 计算机应用, 2020, 40(11): 3224-3228. DOI: 10.11772/j.issn.1001-9081.2020040534
作者姓名:李中伟  谭凯  关亚东  姜文淇  叶麟
作者单位:1. 哈尔滨工业大学 电气工程及自动化学院, 哈尔滨 150001;2. 哈尔滨工业大学 网络空间安全学院, 哈尔滨 150001;3. 哈尔滨工业大学 计算机科学与技术学院, 哈尔滨 150001
摘    要:CAN总线脱离攻击作为一种新型的攻击方式,通过CAN总线通信的错误处理机制,可以使节点不断产生通信错误并从CAN总线上脱离。针对上述攻击所引发的车载CAN总线通信安全问题,提出了一种车载CAN总线脱离攻击入侵检测算法。首先,总结了车载CAN总线脱离攻击发生的条件与特点,指出正常报文与恶意报文的同步发送是实现总线脱离攻击的难点,并利用前置报文满足同步发送的条件来实现总线脱离攻击。其次,提取了CAN总线脱离攻击的特征,通过累计错误帧的发送数量,并根据报文发送频率的变化实现了对CAN总线脱离攻击的检测。最后,利用基于STM32F407ZGT6的CAN通信节点模拟车内电子控制单元(ECU),实现了恶意报文和被攻击报文的同步发送。进行了CAN总线脱离攻击实验和入侵检测算法的验证。实验结果表明,检测算法对高优先级恶意报文的检测率在95%以上,因此可以有效保护车载CAN总线通信网络的安全。

关 键 词:车载CAN总线  总线脱离攻击  入侵检测  同步发送  前置报文  
收稿时间:2020-04-26
修稿时间:2020-06-27

In-vehicle CAN bus-off attack and its intrusion detection algorithm
LI Zhongwei,TAN Kai,GUAN Yadong,JIANG Wenqi,YE Lin. In-vehicle CAN bus-off attack and its intrusion detection algorithm[J]. Journal of Computer Applications, 2020, 40(11): 3224-3228. DOI: 10.11772/j.issn.1001-9081.2020040534
Authors:LI Zhongwei  TAN Kai  GUAN Yadong  JIANG Wenqi  YE Lin
Affiliation:1. School of Electrical Engineering and Automation, Harbin Institute of Technology, Harbin Heilongjiang 150001, China;2. School of Cyber Science, Harbin Institute of Technology, Harbin Heilongjiang 150001, China;2. School of Computer Science and Technology, Harbin Institute of Technology, Harbin Heilongjiang 150001, China
Abstract:As a new type of attack, the CAN (Controller Area Network) bus-off attack can force the node to generate communication errors continuously and disconnect from the CAN bus through the error handling mechanism of the CAN bus communication. Aiming at the security problem of in-vehicle CAN bus communication caused by the bus-off attack, an intrusion detection algorithm for the in-vehicle CAN bus-off attack was proposed. Firstly, the conditions and characteristics of the CAN bus-off attack were summarized. It was pointed out that the synchronous transmission of normal message and malicious message is the difficulty of realizing the bus-off attack. And the front-end message satisfying the condition of synchronous transmission was used to realize the bus-off attack. Secondly, the characteristics of the CAN bus-off attack were extracted. By accumulating the transmission number of error frames and according to the change of message transmission frequency, the detection of the CAN bus-off attack was realized. Finally, the CAN communication node based on STM32F407ZGT6 was used to simulate the Electronic Control Unit (ECU) in the vehicle, and the synchronous transmission of the malicious message and the attacked message was realized. The experiment of CAN bus-off attack and the verification of intrusion detection algorithm were carried out. Experimental results show that the detection rate of the algorithm for high priority malicious messages is more than 95%, so the algorithm can effectively protect the security of the in-vehicle CAN bus communication network.
Keywords:in-vehicle CAN(Controller Area Network) bus  bus-off attack  intrusion detection  synchronous transmission  front-end message  
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号