基于智能网联汽车的CAN总线攻击与防御检测技术研究
发布时间:2018-09-10 15:33
【摘要】:随着物联网信息产业的发展,各项关键技术的突破,基于多网融合的智能网联汽车开始进入人们的生活,车与人,车与车,车与移动设备,车与基础设施,通过云服务、大数据交换互联在一起。物联网技术极大的提高了人们的驾乘体验,引发了生活方式的变革,是未来汽车的发展方向。目前随着越来越多的电子控制设备应用到汽车当中,各个电子设备模块在汽车运行过程中需要相互配合,电子设备模块之间交流被架构成复杂的通信网络。随着车载网络规模的增大、车用电子设备数量增多,汽车上软件运行的种类和数量也随之加大,网络信息安全问题随之而来。攻击者可以经由汽车内外通信通路攻击车载软件的漏洞,向CAN总线下发异常报文,从而影响车辆的控制系统。这些潜在的隐患不再是盗取信息、钱财那么简单,而是实实在在地威胁到了我们的生命安全。通过异常检测、安全防护等技术,保护车载CAN总线信息安全具有十分重要的意义。本文针对目前智能网联汽车中采用的车载CAN网络,对其存在的可重放、易篡改等安全问题进行深入的分析和解剖,分析车载CAN总线所存在的安全漏洞,设计了针对车载CAN总线的攻击方法,阐述了如何逆向破解总线报文信息,以达到控制汽车的目的。之后在分析攻击手段和总线报文结构的基础上,提出了针对车载CAN总线的异常检测模型。主要取得的成果如下:1)在研究分析车载CAN网络通信协议的基础上,利用CAN网络存在的安全漏洞设计有效的攻击方法。利用逆向技术分析CAN报文数据包,破解车载报文指令信息,以达到控制汽车的目的。车载CAN网络不同于传统的计算机网络,其数据包没有计算机网络IP数据包那样的源地址和目的地址。本文根据CAN报文数据包结构的特点,提出了异常检测模型框架,分别从报文标识位ID和报文数据位进行异常检测,能够较为全面的检测针对车载CAN网络的攻击。2)针对CAN报文标识位ID,提出了基于特征和信息熵的异常检测系统。通过检测CAN总线中不同报文ID的概率分布,计算车载CAN总线的信息熵,以正常CAN总线的信息熵值作为异常检测阈值标准。同时将正常总线中的CAN ID列为白名单,识别总线中非正常出现CAN ID的特征。仿真实验结果显示,基于信息熵和特征结合的异常检测策略能有效的检测洪泛攻击、大量重放攻击以及少数高优先级报文攻击。3)针对车载总线CAN报文数据位,提出了基于支持向量机的异常检测系统。根据数据位的特点,将车载总线报文数据位划分为8个特征,结合支持向量机的检测方法,将正常数据报文与异常数据报文区分开来。仿真实验结果显示,基于支持向量机的异常检测系统对总线报文数据的篡改攻击有很好的检测效果。作为新兴研究领域,本文在CAN总线漏洞挖掘、入侵攻击、异常检测、安全防护等方面做了一些初步探索,其成果为车载CAN总线安全防护的进一步深入研究和应用提供了重要的参考。
[Abstract]:With the development of the information industry of the Internet of Things and the breakthrough of various key technologies, the intelligent network vehicle based on multi-network convergence has begun to enter people's lives. Vehicles and people, vehicles and vehicles, vehicles and mobile devices, vehicles and infrastructure are interconnected through cloud services and large data exchange. At present, with more and more electronic control devices applied to automobiles, each electronic device module needs to cooperate with each other in the running process of automobiles, and the communication between electronic device modules is structured into a complex communication network. With the increase of the number of sub-devices, the types and numbers of software running on automobiles are increasing, and the problem of network information security follows. Attackers can attack the vulnerabilities of on-board software through communication channels inside and outside automobiles and send abnormal messages to CAN bus, thus affecting the control system of automobiles. Money is so simple, but it really threatens our lives. It is of great significance to protect the safety of CAN bus information by anomaly detection, security protection and other technologies. This paper analyzes and dissects the security vulnerabilities of vehicle-borne CAN bus, designs an attack method against vehicle-borne CAN bus, and expounds how to reverse-crack bus message information in order to achieve the purpose of controlling vehicle. After analyzing the attack means and bus message structure, an anomaly detection module for vehicle-borne CAN bus is proposed. The main achievements are as follows: 1) Based on the research and analysis of vehicle CAN network communication protocol, an effective attack method is designed by using the security vulnerabilities of CAN network. The CAN packet is analyzed by using the reverse technology, and the instructions of vehicle message are cracked to control the vehicle. The vehicle CAN network is different from the traditional calculation. According to the characteristics of CAN packet structure, this paper proposes an anomaly detection model framework, which detects anomaly from message ID and message data bits respectively. It can detect attacks on vehicle-borne CAN network comprehensively. 2) Aiming at CAN An anomaly detection system based on feature and information entropy is proposed. By detecting the probability distribution of different message IDs in CAN bus, the information entropy of vehicle CAN bus is calculated, and the information entropy of normal CAN bus is taken as the threshold of anomaly detection. The simulation results show that the anomaly detection strategy based on the combination of information entropy and feature can effectively detect flooding attacks, massive replay attacks and a few high priority message attacks.3) Aiming at the data bits of CAN messages on vehicle bus, an anomaly detection system based on support vector machine is proposed. The simulation results show that the anomaly detection system based on support vector machine has a good detection effect on the tamper attack of bus message data. As a new research field, this paper proposes a new method to detect the tamper attack of bus message data. This paper makes some preliminary explorations in the aspects of CAN bus vulnerability mining, intrusion attack, anomaly detection, security protection and so on. The results provide an important reference for further research and application of vehicle-borne CAN bus security protection.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:U463.6;TP391.44;TN915.08
[Abstract]:With the development of the information industry of the Internet of Things and the breakthrough of various key technologies, the intelligent network vehicle based on multi-network convergence has begun to enter people's lives. Vehicles and people, vehicles and vehicles, vehicles and mobile devices, vehicles and infrastructure are interconnected through cloud services and large data exchange. At present, with more and more electronic control devices applied to automobiles, each electronic device module needs to cooperate with each other in the running process of automobiles, and the communication between electronic device modules is structured into a complex communication network. With the increase of the number of sub-devices, the types and numbers of software running on automobiles are increasing, and the problem of network information security follows. Attackers can attack the vulnerabilities of on-board software through communication channels inside and outside automobiles and send abnormal messages to CAN bus, thus affecting the control system of automobiles. Money is so simple, but it really threatens our lives. It is of great significance to protect the safety of CAN bus information by anomaly detection, security protection and other technologies. This paper analyzes and dissects the security vulnerabilities of vehicle-borne CAN bus, designs an attack method against vehicle-borne CAN bus, and expounds how to reverse-crack bus message information in order to achieve the purpose of controlling vehicle. After analyzing the attack means and bus message structure, an anomaly detection module for vehicle-borne CAN bus is proposed. The main achievements are as follows: 1) Based on the research and analysis of vehicle CAN network communication protocol, an effective attack method is designed by using the security vulnerabilities of CAN network. The CAN packet is analyzed by using the reverse technology, and the instructions of vehicle message are cracked to control the vehicle. The vehicle CAN network is different from the traditional calculation. According to the characteristics of CAN packet structure, this paper proposes an anomaly detection model framework, which detects anomaly from message ID and message data bits respectively. It can detect attacks on vehicle-borne CAN network comprehensively. 2) Aiming at CAN An anomaly detection system based on feature and information entropy is proposed. By detecting the probability distribution of different message IDs in CAN bus, the information entropy of vehicle CAN bus is calculated, and the information entropy of normal CAN bus is taken as the threshold of anomaly detection. The simulation results show that the anomaly detection strategy based on the combination of information entropy and feature can effectively detect flooding attacks, massive replay attacks and a few high priority message attacks.3) Aiming at the data bits of CAN messages on vehicle bus, an anomaly detection system based on support vector machine is proposed. The simulation results show that the anomaly detection system based on support vector machine has a good detection effect on the tamper attack of bus message data. As a new research field, this paper proposes a new method to detect the tamper attack of bus message data. This paper makes some preliminary explorations in the aspects of CAN bus vulnerability mining, intrusion attack, anomaly detection, security protection and so on. The results provide an important reference for further research and application of vehicle-borne CAN bus security protection.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:U463.6;TP391.44;TN915.08
【相似文献】
相关期刊论文 前10条
1 雒智奇;;地铁列车总线通信控制网络探讨[J];科技与企业;2012年10期
2 ;总线与总线结构[J];电子科技文摘;2006年07期
3 陈佳桂;曾岳南;罗彬;;基于TMS320F2812 DSP的CAN总线通信系统设计[J];工业控制计算机;2007年05期
4 徐红举;;总线通信错误引发的故障[J];汽车维修与保养;2008年02期
5 王津津;张培仁;崔军辉;杨一敏;许波;;基于CAN总线通信系统实验的设计[J];自动化与仪表;2008年05期
6 马纳吉;;实施CAN总线通信提高煤矿安全生产[J];煤炭技术;2010年05期
7 赵瑞;杨维翰;仲兆准;;直流充电站系统CAN总线通信协议的制定与实现[J];电工电气;2012年11期
8 张雪松;胡天友;刘倩;王海;;CAN总线通信在组合式三相光伏逆变器中的应用[J];实验室研究与探索;2013年06期
9 张华良;;CAN总线通信系统设计应用[J];福建电脑;2013年06期
10 龙卫红;;总线通信系统的开发支持工具[J];工业控制计算机;1991年05期
相关会议论文 前10条
1 张雪林;孔峰;;基于TMS320F2812的CAN总线通信研究[A];中南六省(区)自动化学会第24届学术年会会议论文集[C];2006年
2 徐芳萍;;基于C8051F040的CAN总线通信系统[A];河南省通信学会2005年学术年会论文集[C];2005年
3 金浩;韩江洪;史久根;;基于LPC2119的CAN总线通信系统研究[A];2005年“数字安徽”博士科技论坛论文集[C];2005年
4 廖磊;余立建;;竞争式总线通信的实现[A];四川省通信学会2000年学术年会论文集[C];2000年
5 龚静康;麻晓永;;1553B总线模块设计与实现[A];中国声学学会水声学分会2011年全国水声学学术会议论文集[C];2011年
6 李治中;张s,
本文编号:2234861
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2234861.html
