CN110475227B

Movatterモバイル変換

Info

Publication number: CN110475227B
Application number: CN201910684559.3A
Authority: CN
Inventors: 章赟杰; 陈凯
Original assignee: Shanghai Finshine Technology Co ltd
Current assignee: Shanghai Finshine Technology Co ltd
Priority date: 2019-07-26
Filing date: 2019-07-26
Publication date: 2022-03-22
Anticipated expiration: 2039-07-26
Also published as: CN110475227A

Abstract

The invention discloses a method, a device and electronic equipment for vehicle networking information safety protection. By actively utilizing the simulated vehicle machine to simulate the vehicle machine information and trapping the attack information, the number of statistical samples is reduced, the efficiency is high, the attack information is sent through the second network channel, and the second network channel is isolated from the first network channel, so that on one hand, the simulated vehicle machine cannot influence the normal vehicle machine in the vehicle networking system, on the other hand, the process of sending the attack information to the vehicle networking protection platform is difficult to attack by an attacker, and the safety is high.

Description

Method, device and system for protecting information security of Internet of vehicles and electronic equipment

Technical Field

The invention relates to the field of computer information processing, in particular to a method, a device, a system and electronic equipment for protecting information security of Internet of vehicles.

Background

The internet of vehicles, namely the technology of the mobile internet of things of the automobile, means that the vehicle machine is identified through an electronic tag loaded on the vehicle, the attribute information of the vehicle is extracted and effectively utilized through an internet of vehicles service system by utilizing the identification technologies such as radio frequency and the like, the running state of the vehicle is effectively supervised, and comprehensive services are provided.

However, the car networking service system may be attacked, so that information is leaked, even service is out of control, and the like, and therefore, with the rapid development of the car networking technology, it is necessary to develop a corresponding car networking safety protection technology.

Disclosure of Invention

The embodiment of the specification provides a method, a device, a system and electronic equipment for information security protection of Internet of vehicles, which are used for solving the problems of poor security and low efficiency of the existing information security protection technology of Internet of vehicles.

The embodiment of the specification provides a method for protecting information safety of Internet of vehicles, which comprises the following steps:

the trapping node sends simulation vehicle machine information to the vehicle networking service platform through a first network channel;

receiving attack information from the first network channel;

and sending the attack information to a vehicle networking protection platform through a second network channel, wherein the second network channel is a network channel isolated from the first network channel.

In one embodiment, the first network channel is an external network channel, and the second network channel is an internal network channel.

In one embodiment, the car machine information includes:

and at least one item of behavior information, state information and interaction information with the environment of the simulated vehicle machine.

In one embodiment, before the trap node sends the simulated car-machine information to the car networking service platform through the first network channel, the method further includes:

the trapping node acquires the car machine information through a simulation car machine which establishes decoupling communication connection with the trapping node.

In one embodiment of the present invention, the trapping node establishes a communication connection with the simulation trapping background through a second network channel, so that the simulation trapping background controls the behavior of the simulated vehicle according to a simulation instruction or attack information received by the trapping node, and acquires vehicle information according to the behavior of the simulated vehicle;

the trapping node acquires the car machine information through a simulation car machine which establishes decoupling communication connection with the trapping node, and the trapping node comprises:

and the trapping node acquires the vehicle-machine information from the virtual vehicle-machine simulation service background through a second network channel.

In one embodiment, the method is characterized in that the M trapping nodes establish communication connection with the simulation trapping background through a second network channel, so that the simulation trapping background controls the behavior of the simulated vehicle machine corresponding to each trapping node according to the attack information forwarded by the M trapping nodes, and obtains vehicle machine information according to the behavior of the simulated vehicle machine, where M > 2.

In one embodiment, the simulation trapping background is a virtualized in-vehicle simulation service background.

In one embodiment, the first network channel comprises a wireless network channel, and the second network channel is a wired channel.

This specification embodiment provides a device of car networking information safety protection, includes:

the first network channel communication module is used for sending simulated vehicle-mounted machine information to the vehicle networking service platform through a first network channel by the trapping node and receiving attack information from the first network channel;

and the second network channel communication module is used for sending the attack information to a vehicle networking protection platform through a second network channel so that the vehicle networking protection platform performs safety protection according to the attack information, and the second network channel is a network channel isolated from the first network channel.

In one embodiment, before the trapping node sends the simulated car-machine information to the car networking service platform through the first network channel, the second network channel communication module is further configured to:

and enabling the trapping node to acquire the car machine information through a simulated car machine which establishes decoupling communication connection with the trapping node.

In one embodiment, the M trapping nodes establish a communication connection with the simulation trapping background through a second network channel, so that the simulation trapping background controls the behavior of the simulated vehicle machine corresponding to each trapping node according to the attack information forwarded by the M trapping nodes, and obtains vehicle machine information according to the behavior of the simulated vehicle machine, where M is greater than 2.

The embodiment of the present specification provides a system for protecting information security of internet of vehicles, including: the system comprises trapping nodes, a simulation trapping background, a simulation vehicle machine and a vehicle networking protection platform;

the simulation trapping background is in communication connection with the simulation vehicle machine, sends a behavior instruction to the simulation vehicle machine and collects simulation vehicle machine information of the simulation vehicle machine;

the trapping node establishes communication connection with the simulation trapping background through a second network channel to acquire the information of the simulation vehicle machine;

the trapping node establishes communication connection with a vehicle networking service platform through a first network channel, sends simulated vehicle machine information to the vehicle networking service platform through the first network channel, and receives attack information from the first network channel, wherein the second network channel is a network channel isolated from the first network channel;

the trapping node is further in communication connection with the Internet of vehicles protection platform through a second network channel, and sends the attack information to the Internet of vehicles protection platform through the second network channel.

In one embodiment, the system comprises at least one single board with M trap nodes, M simulated car machines, and M > 2;

the trapping node further establishes communication connection with the internet of vehicles protection platform through a second network channel, and further comprises:

the M trapping nodes establish communication connection with the simulation trapping background through a second network channel, so that the simulation trapping background controls the behavior of the simulation vehicle machine corresponding to each trapping node according to the attack information forwarded by the M trapping nodes.

An embodiment of the present specification further provides an electronic device, where the electronic device includes:

a processor; and the number of the first and second groups,

a memory storing computer-executable instructions that, when executed, cause the processor to perform a method as recited in any embodiment of the specification.

The embodiment of the specification also provides a computer readable storage medium, wherein the computer readable storage medium stores one or more programs, and the one or more programs realize the method described in any embodiment of the specification when being executed by a processor.

By actively utilizing the simulated vehicle machine to simulate the vehicle machine information and trapping the attack information, the number of statistical samples is reduced, the efficiency is high, the attack information is sent through the second network channel, and the second network channel is isolated from the first network channel, so that on one hand, the simulated vehicle machine cannot influence the normal vehicle machine in the vehicle networking system, on the other hand, the process of sending the attack information to the vehicle networking protection platform is difficult to attack by an attacker, and the safety is high.

Drawings

In order to make the technical problems solved by the present invention, the technical means adopted and the technical effects obtained more clear, the following will describe in detail the embodiments of the present invention with reference to the accompanying drawings. It should be noted, however, that the drawings described below are only illustrations of exemplary embodiments of the invention, from which other embodiments can be derived by those skilled in the art without inventive faculty.

Fig. 1 is a schematic diagram of a system for securing information in a vehicle networking according to an embodiment of the present disclosure;

FIG. 2 is a schematic diagram of a system for securing information in a vehicle networking according to an embodiment of the present disclosure;

FIG. 3 is a schematic diagram of a system for securing information in a vehicle networking according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram illustrating a method for securing information in a vehicle networking according to an embodiment of the present disclosure;

fig. 5 is a schematic diagram of an apparatus for securing information in the internet of vehicles according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;

fig. 7 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.

Detailed Description

In the prior art, the protection of the information security of the vehicle networking team is mainly realized by setting a firewall to reduce the information leakage probability and detecting the abnormal behavior of a vehicle-mounted terminal to obtain attack information and further analyze the attack behavior, but the mode essentially analyzes the attack behavior after the attack behavior occurs and needs a large amount of statistical samples, so that the mode is passive, poor in security and low in efficiency.

Therefore, it is necessary to provide an information security method with good security and high efficiency.

The embodiment of the specification provides a method for vehicle networking information safety protection, which comprises the steps of sending simulated vehicle machine information to a vehicle networking service platform through a first network channel by a trapping node, receiving attack information from the first network channel, and sending the attack information to a vehicle networking protection platform through a second network channel, so that the vehicle networking protection platform carries out safety protection according to the attack information, wherein the second network channel is a network channel isolated from the first network channel. By actively utilizing the simulated vehicle machine to simulate the vehicle machine information and trapping the attack information, the number of statistical samples is reduced, the efficiency is high, the attack information is sent through the second network channel, and the second network channel is isolated from the first network channel, so that on one hand, the simulated vehicle machine cannot influence the normal vehicle machine in the vehicle networking system, on the other hand, the process of sending the attack information to the vehicle networking protection platform is difficult to attack by an attacker, and the safety is high.

Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.

Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.

In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.

The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.

The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.

It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, or sections, these terms should not be construed as limiting. These phrases are used to distinguish one from another. For example, a first device may also be referred to as a second device without departing from the spirit of the present invention.

The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.

Fig. 1 is a schematic diagram of a system for securing information in a vehicle networking according to an embodiment of the present disclosure. The system comprises:

the method comprises the following steps of (1) trappingnodes 101, a vehiclenetworking protection platform 102, asimulation trapping background 103 and asimulation vehicle machine 104;

thesimulation trapping background 103 establishes communication connection with thesimulation vehicle machine 104, sends a behavior instruction to thesimulation vehicle machine 104, and collects simulation vehicle machine information of thesimulation vehicle machine 104;

the trappingnode 101 establishes communication connection with thesimulation trapping background 103 through a second network channel to acquire the information of the simulation vehicle machine;

the trappingnode 101 establishes communication connection with the internet ofvehicles service platform 20 through a first network channel, so that the trappingnode 101 sends simulated vehicle machine information to the internet ofvehicles service platform 20 through the first network channel and receives attack information from the first network channel, and the second network channel is a network channel isolated from the first network channel;

the trappingnode 101 further establishes a communication connection with the internet ofvehicles protection platform 102 through a second network channel, so that the trappingnode 101 sends the attack information to the internet ofvehicles protection platform 102 through the second network channel.

In this embodiment, the simulated in-vehicle information may include at least one of behavior information, state information, and interaction information with an environment of the simulated in-vehicle.

The system can comprise several links when in work:

simulation and counterfeiting links: the trappingnode 101, the simulation trapping platform, the simulation car machine are connected to the car networking service platform by establishing communication connection, so as to forge the interaction process between the normal car machine and the car networking service platform, and thus an attacker can be induced to attack the car networking service platform.

Acquiring attack information: in the process of interaction between the forged normal vehicle machine and the vehicle networking service platform, if a counterfeiter attacks the trapping node, the trapping node acquires attack information and forwards the attack information to the vehicle networking protection platform.

Because the first network channel and the second network channel are isolated, an attacker is difficult to or does not have security threat to a normal vehicle machine due to the simulation trapping behavior; the attack information is acquired in a simulation trapping mode, the statistical sample has pertinence, and the statistical quantity is small, so that the attack information is efficiently and safely acquired. By analyzing the attack information, the tool and the method used by the attacker can be known, the attack intention and the motivation can be speculated, the defenders can clearly know the security threat faced by the attacker, and the security protection capability of the actual system is enhanced through technical and management means.

In the embodiment of the present specification, the control of the simulated vehicle machine by the simulated trapping platform may be performed according to a simulation instruction, or may be performed according to an attack instruction, which is not specifically limited herein, for example, each link in fig. 1 may form a loop, and each loop is performed, so that attack information may be obtained once, and in an actual application scenario, the safety protection may be performed against continuous attacks by an attacker.

Through analysis, the applicant can also find that the scheme is not purely and directly utilizes the normal car machine in the car networking service platform to perform simulation forgery, because the applicant finds that the trapping link has a risk of influencing the normal car machine, the fundamental reason is that the normal car machine is utilized to perform simulation trapping attack information, the trapping is performed by utilizing the original network communication channel of the normal car machine and the car networking service platform, and the applicant proposes that the simulation trapping is performed by utilizing the second network channel isolated from the first network channel based on the discovery, and thinks around the idea, so that 10 complete systems are obtained, and therefore, the system proposed by the applicant and the corresponding method are not obvious.

The trapping node for forwarding the attack information and the simulated vehicle machine are separately arranged, so that the system uses the simulated trapping platform as a transfer to communicate, and the system realizes that: when the simulation car machine is placed in various environments by utilizing various channels, the trapping node and the channel of the simulation trapping platform are isolated from the first network channel, and the simulation car machine can be arranged in various environments, so that comprehensive simulation car machine information can be conveniently obtained, the simulation car machine is difficult to control an attacker in the car networking service platform, the flexibility and the safety of arrangement can be improved, and the influence on a normal car machine is reduced.

In this embodiment, thesystem 10 may include a single board with M trap nodes, M simulated car machines, M > 2;

The trapping nodes and the simulation trapping background are decoupled, so that one simulation single board can simulate a plurality of trapping nodes, the requirement on running resources is low, and the cost is greatly saved.

In this embodiment, the captive node may have a SIM (Subscriber Identity Module) or form a SIM network together with the SIM, so that the captive node may access the car networking service platform through the beacon, and this channel may serve as the first network channel.

In this specification, the car networking service platform may be deployed in a cloud server, and is not specifically described herein.

Fig. 2 is a schematic diagram of a system for securing information in a vehicle networking system according to an embodiment of the present disclosure, which shows a schematic diagram of a first network channel and a second network channel.

In fig. 2, the first network channel includes a wireless network channel formed by signal towers, which is an external mobile network, and the second network channel represents that the trapping node is accessed to the trapping system management console through an internal network in addition to the internet through the external mobile network as a normal user locomotive, and the second network channel may be an internal network channel such as a channel in a local area network formed by an emulated vehicle machine, a trapping node and an emulated trapping background through a wired network, wherein the trapping management console may include a vehicle networking protection platform or an emulated trapping platform, and other parts of thesystem 10 not shown in fig. 2 are not specifically described herein.

Fig. 3 is a schematic diagram of a system for securing information in a car networking system according to an embodiment of the present disclosure, which shows a schematic diagram of a communication between a trap node and a simulated locomotive.

In fig. 3, each trapping node is configured with one SIM, each trapping node forms an independent network, the multiple SIMs are located in one single board to realize integration, on the other hand, the trapping node realizes decoupling connection with an analog simulation container (which can be regarded as an analog locomotive) through the network, so that the flexibility is improved,

of course, other portions ofsystem 10 not shown in FIG. 3 are not specifically set forth herein.

Based on the same inventive concept, the embodiment of the specification further provides a method for protecting the information safety of the Internet of vehicles.

Fig. 4 is a schematic diagram of a method for securing information in the internet of vehicles according to an embodiment of the present disclosure. The method comprises the following steps:

s401: the trapping node sends the simulated vehicle-mounted information to the vehicle networking service platform through the first network channel.

S402, attack information from the first network channel is received.

S403: and sending the attack information to a vehicle networking protection platform through a second network channel, so that the vehicle networking protection platform performs safety protection according to the attack information, wherein the second network channel is a network channel isolated from the first network channel.

On the other hand, through the trap node which forwards the attack information and the simulation vehicle machine are separately arranged, the simulation trap platform is used as a transfer to carry out communication, and the following effects are achieved: when the simulation car machine is placed in various environments by utilizing various channels, the trapping node and the channel of the simulation trapping platform are isolated from the first network channel, so that the simulation car machine does not directly receive the control of an attacker in the car networking service platform, the flexibility and the safety of the setting can be improved, the comprehensive simulation car machine information can be conveniently obtained, and the influence on a normal car machine is reduced.

By analyzing the attack information, the tool and the method used by the attacker can be known, the attack intention and the motivation can be speculated, the defenders can clearly know the security threat faced by the attacker, and the security protection capability of the actual system is enhanced through technical and management means.

In an embodiment of the present specification, the first network channel is an external network channel, and the second network channel is an internal network channel.

In one embodiment, the car machine information includes:

It should be understood that the method of the embodiment of fig. 2, which may be combined with the method of the embodiment of fig. 1 when discussing the system, is not repeated here.

Those skilled in the art will appreciate that all or part of the steps to implement the above-described embodiments are implemented as programs (computer programs) executed by a computer data processing apparatus. When the computer program is executed, the method provided by the invention can be realized. Furthermore, the computer program may be stored in a computer readable storage medium, which may be a readable storage medium such as a magnetic disk, an optical disk, a ROM, a RAM, or a storage array composed of a plurality of storage media, such as a magnetic disk or a magnetic tape storage array. The storage medium is not limited to centralized storage, but may be distributed storage, such as cloud storage based on cloud computing.

Based on the same inventive concept, the embodiment of the specification further provides a device for protecting the information safety of the Internet of vehicles.

Embodiments of the apparatus of the present invention are described below, which may be used to perform method embodiments of the present invention. The details described in the device embodiments of the invention should be regarded as complementary to the above-described method embodiments; reference is made to the above-described method embodiments for details not disclosed in the apparatus embodiments of the invention.

Fig. 5 is a schematic structural diagram of an apparatus for securing information in a vehicle networking according to an embodiment of the present disclosure, where the apparatus may include:

the first networkchannel communication module 501 is configured to send simulated vehicle-mounted device information to a vehicle networking service platform through a first network channel by a trap node, and receive attack information from the first network channel;

the second networkchannel communication module 502 is configured to send the attack information to a car networking protection platform through a second network channel, so that the car networking protection platform performs security protection according to the attack information, where the second network channel is a network channel isolated from the first network channel.

It should be understood that the apparatus shown in fig. 5 may be used to perform the methods in the above-described embodiments described in the embodiments of the present specification.

Those skilled in the art will appreciate that the modules in the above-described embodiments of the apparatus may be distributed as described in the apparatus, and may be correspondingly modified and distributed in one or more apparatuses other than the above-described embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.

Based on the same inventive concept, the embodiment of the specification further provides the electronic equipment.

In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.

Fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification. Anelectronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. Theelectronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 6, theelectronic device 600 is embodied in the form of a general purpose computing device. The components of theelectronic device 600 may include, but are not limited to: at least oneprocessing unit 610, at least onestorage unit 620, abus 630 that connects the various system components (including thestorage unit 620 and the processing unit 610), adisplay unit 640, and the like.

Wherein the storage unit stores program code executable by theprocessing unit 610 to cause theprocessing unit 610 to perform steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, theprocessing unit 610 may perform the steps as shown in fig. 1.

Thestorage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.

Thememory unit 620 may also include a program/utility 6204 having a set (at least one) ofprogram modules 6205,such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

Theelectronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with theelectronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable theelectronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O)interface 650. Also, theelectronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via thenetwork adapter 660. Thenetwork adapter 660 may communicate with other modules of theelectronic device 600 via thebus 630. It should be appreciated that although not shown in FIG. 6, other hardware and/or software modules may be used in conjunction withelectronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: such as the method shown in fig. 1.

The computer program may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.

Claims

1. A method for protecting information security of Internet of vehicles comprises the following steps:

the trapping node acquires the vehicle information through a simulated vehicle machine which establishes decoupling communication connection with the trapping node;

receiving attack information from the first network channel;

sending the attack information to a vehicle networking protection platform through a second network channel to ensure that the vehicle networking protection platform carries out safety protection according to the attack information, wherein the second network channel is a network channel isolated from the first network channel;

the trapping node establishes communication connection with a simulation trapping background through a second network channel, so that the simulation trapping background controls the behavior of the simulated vehicle machine according to a simulation instruction or attack information received by the trapping node, and acquires vehicle machine information according to the behavior of the simulated vehicle machine;

and the trapping node acquires the vehicle information from the simulation trapping background through a second network channel.

2. The method of claim 1, the first network channel being an external network channel and the second network channel being an internal network channel.

3. The method of claim 1, wherein the car machine information comprises:

4. The method according to claim 1, wherein M trap nodes establish communication connection with the simulation trap background through a second network channel, so that the simulation trap background controls the behavior of the simulated vehicle machine corresponding to each trap node according to the attack information forwarded by the M trap nodes, and obtains vehicle machine information according to the behavior of the simulated vehicle machine, where M > 2.

5. The method of claim 3, said simulation trap background being a virtualized car machine simulation service background.

6. The method of claim 2, wherein the first network channel comprises a wireless network channel and the second network channel is a wired channel.

7. A device for protecting information safety of Internet of vehicles comprises:

the first network channel communication module is used for enabling the trapping node to send simulated vehicle-mounted machine information to the vehicle networking service platform through a first network channel and receiving attack information from the first network channel;

the second network channel communication module is used for sending the attack information to the Internet of vehicles protection platform through a second network channel, so that the Internet of vehicles protection platform carries out safety protection according to the attack information, and the second network channel is a network channel isolated from the first network channel;

the second network channel communication module is further configured to, before the trapping node sends the simulated vehicle-mounted device information to the vehicle networking service platform through the first network channel:

enabling the trapping node to acquire the car machine information through a simulated car machine which establishes decoupling communication connection with the trapping node;

8. The device according to claim 7, wherein M trap nodes establish communication connection with the simulation trap background through a second network channel, so that the simulation trap background controls the behavior of the simulation vehicle machine corresponding to each trap node according to the attack information forwarded by the M trap nodes, and obtains vehicle machine information according to the behavior of the simulation vehicle machine, where M > 2.

9. A system for internet of vehicles information security protection, comprising: the system comprises trapping nodes, a simulation trapping background, a simulation vehicle machine and a vehicle networking protection platform;

10. The system according to claim 9, comprising at least one single board with M trap nodes, M simulated car machines, M > 2;

11. An electronic device, wherein the electronic device comprises:

a processor; and the number of the first and second groups,

a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-6.

12. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-6.