Disclosure of Invention
In the summary, a series of concepts in a simplified form are introduced, which will be further described in detail in the detailed description. The summary of the invention is not intended to define the key features and essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
In a first aspect, the present invention provides a vehicle safety protection control method, including:
Acquiring a target change rate request value corresponding to a current request message;
determining a target rate of change threshold based on a functional state of a target controller of the target vehicle;
Performing security analysis on the current request message based on the target change rate request value and the target change rate threshold value;
and controlling the target vehicle based on the safety analysis result and the target change rate request value.
Optionally, the method further comprises:
determining a corresponding target controller based on the current request message;
acquiring a history request message of the target controller;
and acquiring the functional state of the target controller based on the history request message.
Optionally, the method further comprises:
And detecting the validity of the third party application corresponding to the current request message.
Optionally, the determining the target change rate threshold based on the functional state of the target controller of the target vehicle includes:
And determining the target change rate threshold based on the dependency relationship between each function under the condition that the target controller simultaneously corresponds to a plurality of different functions.
Optionally, in the case that the target controller corresponds to a plurality of different functions at the same time, determining the target change rate threshold based on a dependency relationship between each function includes:
Under the condition that the target controller is a vehicle speed controller and the target vehicle simultaneously starts the self-adaptive cruise function and the road borrowing overtaking function, a first steering rate threshold value corresponding to the self-adaptive cruise function is obtained;
acquiring a second steering rate threshold corresponding to the road-borrowing overtaking function;
acquiring road condition information of the current position of a target vehicle;
and determining a target change rate threshold corresponding to the vehicle speed controller based on the first steering rate threshold, the second steering rate threshold and the road condition information.
Optionally, the determining the target change rate threshold based on the functional state of the target controller of the target vehicle includes:
And determining a corresponding target change rate threshold value of the target controller under the current functional state based on the detection rule policy database of the target vehicle.
Optionally, the controlling the target vehicle based on the security analysis result and the target change rate request value includes:
controlling the target controller to exit the current function under the condition that the safety analysis result is a dangerous result;
The current request message is sent to a server side, so that the server side executes security check and upgrades the detection rule policy database;
Or alternatively, the first and second heat exchangers may be,
And controlling the target controller to execute corresponding operation based on the target change rate request value under the condition that the safety analysis result is a safety result.
In a second aspect, the present invention also proposes a vehicle safety protection control device, including:
The acquisition unit is used for acquiring a target change rate request value corresponding to the current request message;
A determining unit configured to determine a target change rate threshold value based on a functional state of a target controller of a target vehicle;
The analysis unit is used for carrying out safety analysis on the current request message based on the target change rate request value and the target change rate threshold value;
And a control unit configured to control the target vehicle based on the safety analysis result and the target change rate request value.
In a third aspect, an electronic device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, the processor being configured to implement the steps of the vehicle safety protection control method according to any one of the first aspects when executing the computer program stored in the memory.
In a fourth aspect, the present invention also proposes a computer-readable storage medium, on which a computer program is stored, which computer program, when executed by a processor, implements the vehicle safety protection control method of any one of the first aspects.
In summary, the vehicle safety protection control method of the embodiment of the application comprises the steps of obtaining a target change rate request value corresponding to a current request message, determining a target change rate threshold value based on the functional state of a target controller of a target vehicle, carrying out safety analysis on the current request message based on the target change rate request value and the target change rate threshold value, and controlling the target vehicle based on the safety analysis result and the target change rate request value. According to the vehicle safety protection method provided by the embodiment of the application, under the condition that the request message applied by the third party reaches the network of the vehicle end, the corresponding target change rate threshold value is determined according to the functional state of the target controller of the target vehicle, the validity of the target change rate request value corresponding to the current request message is judged based on the target change rate threshold value, the request message exceeding the target change rate threshold value is abandoned in time, the vehicle is prevented from executing the operation which does not accord with the current function, and the safety and stability of the vehicle are improved.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Detailed Description
According to the vehicle safety protection method provided by the embodiment of the application, under the condition that the request message applied by the third party reaches the network of the vehicle end, the corresponding target change rate threshold value is determined according to the functional state of the target controller of the target vehicle, the validity of the request value corresponding to the current request message is judged based on the target change rate threshold value, the request message exceeding the target change rate threshold value is abandoned in time, the vehicle is prevented from executing the operation which does not accord with the current function, and the safety and stability of the vehicle are improved.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments.
Referring to fig. 1, a schematic flow chart of a vehicle safety protection control method provided in an embodiment of the application may specifically include:
S110, acquiring a target change rate request value corresponding to a current request message;
For example, in some vehicles, the IDPS systems of the vehicle may be comprised of database components, message analysis components, rule configuration components, update engine components, and the like. The database component is used to store IDPS basic system configuration data, rule configuration data, configuration data of the update engine, log record data, and the like. The message analysis component is used for filtering signals in the screening vehicle and matching the generated rule database, and is used for analyzing threat events in the vehicle and recording log files. The rule configuration component is used for configuring a rule file which can be identified by the in-vehicle component, and a rule base of the in-vehicle component can be updated for repairing the in-vehicle loopholes. In order to meet the updating of the in-vehicle defense strategy, the updating engine component has networking capability, the in-vehicle updating engine component can be connected with the cloud operation and maintenance management platform, and if the cloud operation and maintenance management platform has new rule configuration data, the new rule configuration data can be acquired from the cloud.
The current request message is a message which has entered the vehicle-end network, and the target change rate request value is a specific value of an operation to be executed by the request message control target controller, for example, may be a specific value of vehicle speed acceleration, a vehicle yaw angle change rate and the like.
S120, determining a target change rate threshold value based on the functional state of a target controller of the target vehicle;
For example, each target controller may correspond to a different working value interval based on different functional states, where the value interval, i.e., the upper limit and the lower limit, are the target change rate thresholds. For example, the vehicle is executing an autopilot function, and the set target speed is 100km/h, in this functional state, the change rate threshold of the allowed running yaw angle of the vehicle is 10% -15% in consideration of the fast vehicle speed, otherwise, steering may be too severely affected to the driving feeling or the safety of the vehicle.
S130, carrying out security analysis on the current request message based on the target change rate request value and the target change rate threshold value;
For example, if the target rate of change request value falls within the target rate of change threshold, the request value is considered legal, the security of the request message is satisfactory, if the target rate of change request value exceeds the upper limit of the target rate of change threshold or is lower than the lower limit of the target rate of change threshold, the request value is considered illegal, the security of the request message is not satisfactory, and the request message is discarded.
And S140, controlling the target vehicle based on the safety analysis result and the target change rate request value.
In an exemplary case that the current request message is a legal message, a request instruction is sent to a corresponding controller based on the request value, and corresponding equipment is controlled by the controller to complete the request operation corresponding to the request message. If the current request message is an illegal message, the illegal message is directly discarded,
In summary, in the vehicle safety protection method provided by the embodiment of the application, under the condition that the request message applied by the third party reaches the network of the vehicle end, the corresponding target change rate threshold value is determined according to the functional state of the target controller of the target vehicle, the validity of the request value corresponding to the current request message is judged based on the target change rate threshold value, the request message exceeding the target change rate threshold value is abandoned in time, the vehicle is prevented from executing the operation which does not accord with the current function, and the safety and stability of the vehicle are improved.
In some examples, the above method further comprises:
determining a corresponding target controller based on the current request message;
acquiring a history request message of the target controller;
and acquiring the functional state of the target controller based on the history request message.
The method includes determining a corresponding target controller according to address information, target port information and the like corresponding to a request message, retrieving a history request message of the target controller, screening a current functional state of the target controller in the history request message, and acquiring a target change rate threshold according to the current functional state.
In summary, the vehicle safety protection control method provided by the embodiment of the application acquires the functional state of the controller based on the history message of the target controller, does not need to acquire the state of the controller based on the instruction again, is convenient and quick, and reduces the operation burden of the target controller.
In some examples, the above method further comprises:
And detecting the validity of the third party application corresponding to the current request message.
For example, before the current request message enters the network of the vehicle end, the validity of the third party application may be checked preferentially, including whether the identity of the third party application is in the white list of the vehicle corresponding to the third party application, and further including whether the request instruction sent by the third party application accords with the corresponding authority. If the third party application is illegal or the request instruction authority sent by the third party application exceeds the due authority, the current application message is directly discarded, and if the third party application is legal and the authority meets the requirements, the message is transferred to the network of the vehicle end.
In summary, the vehicle safety protection method provided by the embodiment of the application firstly screens the legitimacy and authority of the third party application sending the current request message before the current request message enters the vehicle-connected end, blocks the invasion of the illegal third party application, realizes two-stage safety protection before and in the network of the vehicle end, and improves the safety of the vehicle.
In some examples, determining the target rate of change threshold based on the functional state of the target controller of the target vehicle includes:
And determining the target change rate threshold based on the dependency relationship between each function under the condition that the target controller simultaneously corresponds to a plurality of different functions.
The method comprises the steps of enabling IDPS to be capable of effectively functioning in an automobile, enabling a detection reporting function of a threat event to be achieved, and also capable of timely and effectively preventing the threat event in the automobile from being automatically started based on function definitions of the whole automobile, combing and identifying function usage lists related to safety of the automobile, such as a steering system of a chassis domain, a wiper system of a car body domain, an automatic driving system of an intelligent driving domain, a motor system of a power domain and the like, analyzing function usage scenes, combing dependency relations among functions under actual working conditions of the whole automobile, such as functions of automatically cruising the automobile in a rainy day, combining an electronic appliance framework defined by the whole automobile and finishing interaction logic of related parties, such as that when the automobile is kept in an automatic cruising state, a rain sensor detects the rain amount, decomposing state machines among the related parties, outputting interaction signals, linking the dependency relations of the interaction signals of the related parties in the automobile, extracting context information in the dependency relations, defining a target change rate threshold under various functional states, and matching control strategies according to the target change rate threshold.
In summary, according to the vehicle protection control method provided by the embodiment of the application, the target change rate threshold values which can meet the functions are determined by combing the logic relations and the dependency relations among the functions, so that the requirements of the functions can be met when the current message request value is executed, and the safety of the vehicle is ensured.
In some examples, where the target controller corresponds to a plurality of different functions simultaneously, determining the target rate of change threshold based on a dependency relationship between each function includes:
Under the condition that the target controller is a vehicle speed controller and the target vehicle simultaneously starts the self-adaptive cruise function and the road borrowing overtaking function, a first steering rate threshold value corresponding to the self-adaptive cruise function is obtained;
acquiring a second steering rate threshold corresponding to the road-borrowing overtaking function;
acquiring road condition information of the current position of a target vehicle;
and determining a target change rate threshold corresponding to the vehicle speed controller based on the first steering rate threshold, the second steering rate threshold and the road condition information.
The target controller may be a vehicle steering controller, and the vehicle steering controller may participate in the adaptive cruise and road-borrowing overtaking functions at the same time, where the determined target change rate threshold needs to consider the maximum steering rate of the adaptive cruise, the maximum steering rate of the road-borrowing overtaking function, and road condition information, where the road condition information may be whether the current road section allows overtaking, or whether other vehicles are nearby the vehicle, for example, the maximum steering rate set by the adaptive cruise is 10% -15%, the maximum steering rate of the road-borrowing overtaking function is 12% -20, the current road section allows overtaking, and no other vehicles are in the front-rear safety range, the target change rate threshold of the steering controller is 12% -15%, and the target change rate threshold of the vehicle speed controller is kept at the maximum steering rate set by the adaptive cruise is 10% -15% when the current road section does not allow overtaking or there is vehicle interference in the front-rear. The target change rate threshold value obtained based on the method can meet the requirements of self-adaptive cruising, overtaking by road and current road conditions at the same time, and after the safety of the change rate request value of the current request message is analyzed through the target change rate threshold value, the requirements in the current functional state can be met, and the running safety of the vehicle can be effectively ensured.
In summary, according to the vehicle safety protection method provided by the embodiment of the application, the first steering rate threshold value of the self-adaptive cruise function, the second steering rate threshold value of the road-borrowing overtaking and the target change rate threshold value determined by the current road condition information can be more in line with the safety requirement of the vehicle in the current running state, and the safety analysis result of the current request message obtained based on the safety requirement is more reliable and accurate.
In some examples, determining the target rate of change threshold based on the functional state of the target controller of the target vehicle includes:
And determining a corresponding target change rate threshold value of the target controller under the current functional state based on the detection rule policy database of the target vehicle.
The cloud operation and maintenance management platform can update the detection strategy database of the vehicle high end, update the rule configuration component of the vehicle end, the message analysis component of IDPS can track the target change rate threshold value in the historical message of the target controller in real time when the vehicle uses the function under a certain working condition, call the database component to detect based on the generated target change rate threshold detection strategy, and execute the function exit from the functional scene to ensure the safety of the vehicle if the request value corresponding to the current request message is found to exceed the target change rate threshold value under a certain vehicle working condition.
In summary, according to the vehicle safety protection control method provided by the embodiment of the application, the target change rate threshold values of different controllers in different functional states are determined by setting the detection rule policy database at the vehicle end, and the database can be updated based on the cloud.
In some examples, the controlling the target vehicle based on the security analysis result and the target change rate request value includes:
controlling the target controller to exit the current function under the condition that the safety analysis result is a dangerous result;
The current request message is sent to a server side, so that the server side executes security check and upgrades the detection rule policy database;
Or alternatively, the first and second heat exchangers may be,
And controlling the target controller to execute corresponding operation based on the target change rate request value under the condition that the safety analysis result is a safety result.
After the security of the current request message is analyzed according to the target change rate threshold, if the security of the current request message meets the requirement, the target controller is controlled to control the corresponding device to execute the corresponding operation according to the request value corresponding to the request message.
If the security analysis result of the current request message is dangerous, the log of the abnormal situation is recorded in the updating engine component, the log of the abnormal situation can be automatically uploaded to the cloud operation and maintenance management platform under the condition that the network link is normal, the cloud operation and maintenance management platform can immediately inform emergency response management personnel to process after receiving the reported context abnormal log, the emergency response management personnel can immediately contact a user to inquire the relevant state of the vehicle and check the problem of the vehicle, and if the abnormal event occurs when the vehicle is attacked by an external hacker, the information security department needs to immediately check the loopholes and update IDPS relevant components of all affected vehicles in time so as to ensure the safety of the vehicle.
In summary, according to the vehicle safety protection method provided by the embodiment of the application, the safety of the current request message can be obtained by comparing the target change rate threshold value with the request value of the request message, and when the current request message is a dangerous message, the abnormal condition is reported to the server side, so that the server side can check the loophole, upgrade the detection rule policy database and improve the safety of the vehicle.
Referring to fig. 2, an embodiment of a vehicle safety protection control device according to an embodiment of the present application may include:
an obtaining unit 21, configured to obtain a target change rate request value corresponding to a current request packet;
A determining unit 22 for determining a target rate of change threshold based on a functional state of a target controller of the target vehicle;
An analysis unit 23, configured to perform security analysis on the current request packet based on the target rate of change request value and the target rate of change threshold;
and a control unit 24 for controlling the target vehicle based on the safety analysis result and the target change rate request value.
As shown in fig. 3, an embodiment of the present application further provides an electronic device 300, including a memory 310, a processor 320, and a computer program 311 stored in the memory 320 and capable of running on the processor, where the processor 320 executes the steps of any one of the methods for controlling the safety protection of a vehicle.
Since the electronic device described in this embodiment is a device for implementing the vehicle safety protection control device in this embodiment of the present application, based on the method described in this embodiment of the present application, those skilled in the art can understand the specific implementation of the electronic device in this embodiment and various modifications thereof, so how the electronic device implements the method in this embodiment of the present application will not be described in detail herein, and as long as those skilled in the art implement the device for implementing the method in this embodiment of the present application, all fall within the scope of protection of the present application.
In an implementation, the computer program 311 is executed by a processor to perform the steps of any of the methods of the first aspect.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Embodiments of the present application also provide a computer program product comprising computer software instructions that, when run on a processing device, cause the processing device to perform a flow of vehicle safety protection control as in the corresponding embodiment of fig. 1.
The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer readable storage media can be any available media that can be stored by a computer or data storage devices such as servers, data centers, etc. that contain an integration of one or more available media. Usable media may be magnetic media (e.g., floppy disks, hard disks, magnetic tape), optical media (e.g., DVD), or semiconductor media (e.g., solid State Disk (SSD)) or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
Although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that the foregoing embodiments may be modified or equivalents may be substituted for some of the features thereof, and that the modifications or substitutions do not depart from the spirit and scope of the embodiments of the present application.