[go: up one dir, main page]

CN113060082B - Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile - Google Patents

Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile Download PDF

Info

Publication number
CN113060082B
CN113060082B CN202010001919.8A CN202010001919A CN113060082B CN 113060082 B CN113060082 B CN 113060082B CN 202010001919 A CN202010001919 A CN 202010001919A CN 113060082 B CN113060082 B CN 113060082B
Authority
CN
China
Prior art keywords
vehicle
reported
powered
record table
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010001919.8A
Other languages
Chinese (zh)
Other versions
CN113060082A (en
Inventor
石笑生
张金池
习成
顾吉杰
黄清泉
张子成
朱东华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Automobile Group Co Ltd
Original Assignee
Guangzhou Automobile Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Automobile Group Co Ltd filed Critical Guangzhou Automobile Group Co Ltd
Priority to CN202010001919.8A priority Critical patent/CN113060082B/en
Publication of CN113060082A publication Critical patent/CN113060082A/en
Application granted granted Critical
Publication of CN113060082B publication Critical patent/CN113060082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0231Circuits relating to the driving or the functioning of the vehicle
    • B60R16/0232Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Mechanical Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application discloses an abnormality processing method and device of a vehicle-mounted firewall, the vehicle-mounted firewall and an automobile, which are applied to the technical field of automobiles and are used for solving the technical problem that the prior art cannot distinguish between a harmful abnormal state and a harmless abnormality under the condition that the automobiles are not networked. The method provided by the application comprises the following steps: reading historical abnormality recorded in an initial alarm record table when the whole vehicle is powered on; when an abnormality is reported in the period from the power-on of the whole vehicle to the power-off of the whole vehicle, scoring the reported abnormality once, and updating the score of the reported corresponding abnormality in the initial alarm record table; when the unreported historical abnormality exists in the initial alarm record table during the period from the power-on of the whole vehicle to the power-off of the whole vehicle, scoring the unreported historical abnormality once, and updating the score of the unreported abnormality in the initial alarm record table; if the updated abnormal score is within the preset range, judging the abnormal score as harmful, otherwise, judging the abnormal score as harmless.

Description

车载防火墙的异常处理方法、装置、车载防火墙及汽车Exception handling method and device of vehicle-mounted firewall, vehicle-mounted firewall and automobile

技术领域Technical field

本申请涉及汽车技术领域,尤其涉及一种车载防火墙的异常处理方法、装置、车载防火墙及汽车。The present application relates to the field of automotive technology, and in particular to an exception handling method and device for a vehicle-mounted firewall, a vehicle-mounted firewall and an automobile.

背景技术Background technique

现有技术中车载防火墙通过对检查出的车辆异常行为进行警报,能够有效地识别车辆的异常状态和遭受的黑客恶意攻击。In the existing technology, the vehicle-mounted firewall can effectively identify the abnormal state of the vehicle and the malicious attacks suffered by hackers by alerting the detected abnormal vehicle behavior.

由于车辆自身运行状态的波动、设计和生产上的误差、电子元器件老化等因素,导致车辆网络通信存在与设计预期不相符的异常状态,这种异常状态对车辆无害却有可能会触发防火墙的警报。我们认为这一类异常,不属于黑客恶意攻击等有害的车辆异常状态,而可以定义为一辆车的“特性”。Due to factors such as fluctuations in the vehicle's own operating status, design and production errors, aging of electronic components, etc., vehicle network communication has an abnormal state that is inconsistent with design expectations. This abnormal state is harmless to the vehicle but may trigger the firewall. of alert. We believe that this type of anomaly does not belong to harmful vehicle anomalies such as malicious attacks by hackers, but can be defined as the "characteristics" of a vehicle.

现有的车载防火墙无法将车辆的“特性”与黑客恶意攻击等有害的车辆异常状态加以区分,导致会将与车辆的“特性”相关的异常当作有害异常加以报警,导致现有车载防火墙对异常的报警存在报错的情况。Existing vehicle-mounted firewalls cannot distinguish the "characteristics" of the vehicle from harmful vehicle anomalies such as malicious attacks by hackers. As a result, anomalies related to the "characteristics" of the vehicle will be regarded as harmful anomalies and alarmed. As a result, the existing vehicle-mounted firewalls will Abnormal alarms may result in errors.

发明内容Contents of the invention

本申请实施例提供一种车载防火墙的异常处理方法、装置、车载防火墙及汽车,以解决现有技术无法在汽车不联网的情况下将车辆的“特性”与黑客恶意攻击等有害的车辆异常状态加以区分的技术问题。Embodiments of the present application provide an exception handling method and device for a vehicle-mounted firewall, a vehicle-mounted firewall and a car to solve the problem that the existing technology cannot combine the "characteristics" of the vehicle with malicious attacks by hackers and other harmful vehicle abnormal states when the car is not connected to the Internet. technical issues to distinguish.

根据本申请的一个方面提供的一种车载防火墙的异常处理方法,所述方法包括:According to one aspect of the present application, an exception handling method for a vehicle-mounted firewall is provided. The method includes:

整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数;When the entire vehicle is powered on, the initial alarm record table is read, and the initial alarm record table records historical anomalies and scores of the historical anomalies;

当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数;When an exception is reported through the vehicle firewall between the time the entire vehicle is powered on and the vehicle is powered off, the reported exception is scored once, and the score of the reported corresponding exception in the initial alarm record table is updated;

当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数;When there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off, score the unreported historical anomalies once and update the corresponding unreported anomalies in the table. the score in the initial alarm record table;

若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。If the updated score of the anomaly is within the preset range, the corresponding anomaly is determined to be a harmful anomaly; otherwise, the corresponding anomaly is determined to be a harmless anomaly.

根据本申请的另一个方面提供的一种车载防火墙的异常处理装置,所述装置包括:According to another aspect of the present application, an exception handling device for a vehicle-mounted firewall is provided, and the device includes:

表读取模块,用于整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数;The table reading module is used to read the initial alarm record table when the entire vehicle is powered on. The initial alarm record table records historical anomalies and scores of the historical anomalies;

第一打分模块,用于当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数;The first scoring module is used to score an abnormality reported through the vehicle firewall during the period from when the entire vehicle is powered on to when the entire vehicle is powered off, and to update the reported corresponding abnormality in the initial alarm. Record the scores in the table;

第二打分模块,用于当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数;The second scoring module is used to score the unreported historical anomalies once and update them when there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off. The score of the corresponding anomaly that has not been reported in the initial alarm record table;

判断模块,用于若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。The judgment module is configured to judge the corresponding abnormality as a harmful abnormality if the updated score of the abnormality is within a preset range; otherwise, judge the corresponding abnormality as a harmless abnormality.

根据本申请的又一个方面提供的一种车载防火墙,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现所述车载防火墙的异常处理方法的步骤。A vehicle-mounted firewall provided according to yet another aspect of the present application includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, the The steps of the exception handling method of the vehicle-mounted firewall.

根据本申请的再一个方面提供的一种汽车,所述汽车包括所述的车载防火墙。According to yet another aspect of the present application, a car is provided, which includes the vehicle-mounted firewall.

本申请提出的车载防火墙的异常处理方法、装置、车载防火墙及汽车,对报出的异常和未报出的历史异常分别进行打分,通过分析可以得知无害异常具有高频且持续发生的特性,而有害异常不具有该特性,故在对报出的异常和未报出的历史异常分别进行打分时,均是仅在整车上电至整车下电期间打一次分,不论同一异常报出了多少次,均只对该异常打一次分,使得初始警报记录表中记录的异常的分数具有识别力,对各个异常最终所打的分数能够区分出有害异常和无害异常。The exception handling method, device, vehicle firewall and car proposed by this application are used to score reported exceptions and unreported historical exceptions respectively. Through analysis, it can be known that harmless exceptions have the characteristics of high frequency and continuous occurrence. , and harmful anomalies do not have this feature, so when reporting anomalies and unreported historical anomalies are scored separately, they are scored only once from when the entire vehicle is powered on to when the entire vehicle is powered off, regardless of whether the same exception is reported. No matter how many times it occurs, the anomaly will only be scored once, so that the score of the anomaly recorded in the initial alarm record table has the ability to identify, and the final score of each anomaly can distinguish harmful anomalies from harmless anomalies.

附图说明Description of drawings

为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present application more clearly, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. , for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without exerting creative labor.

图1是本申请一实施例中车载防火墙的异常处理方法的流程图;Figure 1 is a flow chart of an exception handling method of a vehicle-mounted firewall in an embodiment of the present application;

图2是本申请另一实施例中车载防火墙的异常处理方法的流程图;Figure 2 is a flow chart of an exception handling method of a vehicle-mounted firewall in another embodiment of the present application;

图3是本申请又一实施例中车载防火墙的异常处理方法的流程图;Figure 3 is a flow chart of an exception handling method of a vehicle-mounted firewall in yet another embodiment of the present application;

图4是本申请再一实施例中车载防火墙的异常处理方法的流程图;Figure 4 is a flow chart of an exception handling method of a vehicle-mounted firewall in yet another embodiment of the present application;

图5是本申请一实施例中车载防火墙的异常处理装置的示范性结构框图;Figure 5 is an exemplary structural block diagram of an exception handling device of a vehicle-mounted firewall in an embodiment of the present application;

图6是本申请一实施例中车载防火墙的结构框图;Figure 6 is a structural block diagram of a vehicle-mounted firewall in an embodiment of the present application;

图7是本申请一实施例中汽车的结构示意图。Figure 7 is a schematic structural diagram of a car in an embodiment of the present application.

具体实施方式Detailed ways

为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions and advantages of the present application more clear, the present application will be further described in detail below with reference to the drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application and are not used to limit the present application.

以下结合具体附图对本申请的实现进行详细的描述:The implementation of this application is described in detail below with reference to specific drawings:

图1是本申请一实施例中车载防火墙的异常处理方法的流程图,下面结合图1详细描述根据本申请一实施例的车载防火墙的异常处理方法,如图1所示,该车载防火墙的异常处理方法包括以下步骤S101至S104。Figure 1 is a flow chart of an exception handling method of a vehicle-mounted firewall according to an embodiment of the present application. The following is a detailed description of the exception handling method of a vehicle-mounted firewall according to an embodiment of the present application in conjunction with Figure 1. As shown in Figure 1, the abnormality of the vehicle-mounted firewall The processing method includes the following steps S101 to S104.

S101、整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数。S101. When the entire vehicle is powered on, the initial alarm record table is read. The initial alarm record table records historical anomalies and scores of the historical anomalies.

在其中的一个实施例中,该初始警报记录表可以存储在非易失性存储器中,该初始警报记录表中记录的历史异常可以既包括有害异常,也包括无害异常。In one embodiment, the initial alarm record table may be stored in a non-volatile memory, and the historical anomalies recorded in the initial alarm record table may include both harmful anomalies and harmless anomalies.

其中,所述有害异常例如遭受黑客的恶意攻击,所述无害异常例如因为车辆自身运行状态波动、设计和生产上的误差、电子元器件老化等因素导致车辆网络通信存在与设计预期不相符的异常状态。Among them, the harmful anomaly may be maliciously attacked by hackers, and the harmless anomaly may be caused by vehicle network communication being inconsistent with design expectations due to factors such as fluctuations in the vehicle's own operating status, design and production errors, aging of electronic components, etc. Abnormal status.

S102、当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数。S102. When an exception is reported through the vehicle firewall between the time the vehicle is powered on and the vehicle is powered off, score the reported exception once and update the score of the reported corresponding exception in the initial alarm record table. .

在其中一个实施例中,对报出的所述异常进行一次打分可以是在整车上电至整车下电期间异常首次报出时对该异常进行打分,在整车下电之前若该异常再报出则不再进行打分。In one of the embodiments, scoring the reported abnormality once may be to score the abnormality when the abnormality is reported for the first time during the period from when the entire vehicle is powered on to when the entire vehicle is powered off. If the abnormality is reported before the entire vehicle is powered off, If you report again, you will not be graded.

进一步地,对报出的所述异常进行一次打分可以是对报出的所述异常进行加分。Further, scoring the reported exception once may be adding points to the reported exception.

在其中一个实施例中,若报出的所述异常为所述初始警报记录表记录的历史异常,则获取该异常在该初始警报记录表中的历史分数,将该异常的历史分数加上本次所打的分数作为该异常的更新后的分数。In one embodiment, if the reported exception is a historical exception recorded in the initial alarm record table, the historical score of the exception in the initial alarm record table is obtained, and the historical score of the exception is added to this The score given this time is used as the updated score of the anomaly.

S103、当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数。S103. When there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off, score the unreported historical anomalies and update the unreported corresponding ones. The score of anomalies in the initial alert record table.

在其中一个实施例中,对该未报出的历史异常进行的打分与对报出的异常进行打分的打分符号相反。In one embodiment, the scoring sign for the unreported historical anomaly is opposite to the scoring sign for the reported anomaly.

在其中一个实施例中,对未报出的所述历史异常进行一次打分可以是对未报出的异常进行一次减分。In one embodiment, assigning a score to the historical anomaly that has not been reported may mean deducting points for the anomaly that has not been reported.

在该实施例中,由于有害异常不一定会在汽车每次上电都报出,而无害异常由于其具有持续发生的特性,对未报出的异常进行减分以体现出未报出的异常更可能是有害异常。In this embodiment, since harmful exceptions may not be reported every time the car is powered on, and harmless exceptions have the characteristics of continuous occurrence, points are deducted for unreported exceptions to reflect unreported exceptions. Exceptions are more likely to be harmful exceptions.

S104、若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。S104. If the updated score of the anomaly is within the preset range, determine the corresponding anomaly to be a harmful anomaly; otherwise, determine the corresponding anomaly to be a harmless anomaly.

在其中一个实施例中,该预设的范围可以是人为设定的范围,例如,当更新后的所述异常的分数大于预设的某一阈值时,判断该异常为无害异常,当更新后的所述异常的分数小于等于该阈值时,则判断对应的异常为有害异常。进一步地,可以对判断为有害的异常进行报警处理,也可以从所述初始警报记录表中删除分数大于该阈值的异常。In one embodiment, the preset range may be an artificially set range. For example, when the updated score of the anomaly is greater than a preset threshold, the anomaly is judged to be a harmless anomaly. When the updated When the score of the subsequent anomaly is less than or equal to the threshold, the corresponding anomaly is determined to be a harmful anomaly. Further, anomalies judged to be harmful may be subjected to alarm processing, or anomalies with a score greater than the threshold may be deleted from the initial alarm record table.

在其中一个实施例中,该方法还包括:In one embodiment, the method further includes:

判断对应的异常为有害异常时,对所述有害异常进行报警提醒;When the corresponding anomaly is judged to be a harmful anomaly, an alarm will be issued for the harmful anomaly;

判断对应的异常为无害异常时,将所述无害异常从所述初始警报记录表中删除。When it is determined that the corresponding exception is a harmless exception, the harmless exception is deleted from the initial alarm record table.

本实施例通过对报出的异常和未报出的历史异常分别进行打分,通过分析可以得知无害异常具有高频且持续发生的特性,而有害异常不具有该特性,故在对报出的异常和未报出的历史异常分别进行打分时,均是仅在整车上电至整车下电期间打一次分,不论同一异常报出了多少次,均只对该异常打一次分,使得初始警报记录表中记录的异常的分数具有识别力,对各个异常最终所打的分数能够区分出有害异常和无害异常。In this embodiment, by scoring reported exceptions and unreported historical exceptions respectively, it can be learned through analysis that harmless exceptions have the characteristics of high frequency and continuous occurrence, while harmful exceptions do not have this characteristic, so when reporting When the anomalies and unreported historical anomalies are scored separately, they will only be scored once from the time when the entire vehicle is powered on to the time when the entire vehicle is powered off. No matter how many times the same exception is reported, the anomaly will only be scored once. This makes the anomaly scores recorded in the initial alarm record table discernible, and the final score assigned to each anomaly can distinguish harmful anomalies from harmless anomalies.

图2是本申请另一实施例中车载防火墙的异常处理方法的流程图,下面结合图2描述根据本申请另一实施例的车载防火墙的异常处理方法,如图2所示,该方法在包括上述步骤S101、S103及S104的基础上,上述步骤S102进一步包括以下步骤S201及S202。Figure 2 is a flow chart of an exception handling method for a vehicle-mounted firewall according to another embodiment of the present application. The following describes an exception handling method for a vehicle-mounted firewall according to another embodiment of the present application in conjunction with Figure 2. As shown in Figure 2, the method includes: On the basis of the above steps S101, S103 and S104, the above step S102 further includes the following steps S201 and S202.

S201、获取在整车上电至整车下电期间报出的所述异常;S201. Obtain the abnormality reported during the period from when the entire vehicle is powered on to when the entire vehicle is powered off;

S202、判断所述初始警报记录表中是否包含有报出的所述异常,若是,则对报出的所述异常在首次报出时进行一次加分,否则,则对报出的所述异常在首次报出时以零为基础分进行一次加分并将报出的所述异常及所打的分数保存在所述初始警报记录表中。S202. Determine whether the initial alarm record table contains the reported exception. If so, add points to the reported exception when it is reported for the first time. Otherwise, add points to the reported exception. When the alarm is reported for the first time, an additional score is added based on zero, and the abnormality reported and the score are saved in the initial alarm record table.

在其中一个实施例中,若报出的异常不为所述初始警报记录表中记录的历史异常,则将报出的异常保存在该初始警报记录表中时,可以将对该报出的异常所打的分数确定为该异常在初始警报记录表中记录的分数。In one embodiment, if the reported exception is not a historical exception recorded in the initial alarm record table, when the reported exception is saved in the initial alarm record table, the reported exception can be stored in the initial alarm record table. The score assigned is determined as the score recorded in the initial alarm record table for the anomaly.

图3是本申请又一实施例中车载防火墙的异常处理方法的流程图,下面结合图3描述根据本申请另一实施例的车载防火墙的异常处理方法,如图3所示,该方法在包括上述步骤S101、S102及S104的基础上,上述步骤S103进一步包括以下步骤S301。Figure 3 is a flow chart of an exception handling method for a vehicle-mounted firewall according to another embodiment of the present application. The following describes an exception handling method for a vehicle-mounted firewall according to another embodiment of the present application in conjunction with Figure 3. As shown in Figure 3, the method includes: On the basis of the above steps S101, S102 and S104, the above step S103 further includes the following step S301.

S301、当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次减分,并更新未报出的对应异常在所述初始警报记录表中的分数。S301. When there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off, deduct points for the unreported historical anomalies and update the unreported historical anomalies. The score corresponding to the anomaly in the initial alarm record table.

在该实施例中可以对报出的所述异常在首次报出时进行加分,对应地,对未报出的历史异常进行减分,以区分有害异常和无害异常。In this embodiment, points may be added to the reported anomaly when it is reported for the first time, and correspondingly, points may be deducted for unreported historical anomalies to distinguish harmful anomalies from harmless anomalies.

在其他实施例中,也可以对报出的所述异常在首次报出时进行减分,对应地,对未报出的历史异常进行加分,也可以区分有害异常和无害异常。In other embodiments, points may be deducted for the reported anomaly when it is reported for the first time, and correspondingly, points may be added for unreported historical anomalies, and harmful anomalies and harmless anomalies may also be distinguished.

本实施例通过对未报出的历史异常进行减分,同时对报出的异常进行加分,以拉开有害异常与无害异常之间的分数,便于车载防火墙区分有害异常和无害异常。This embodiment deducts points for unreported historical anomalies and adds points for reported anomalies, so as to widen the score between harmful anomalies and harmless anomalies, making it easier for the vehicle-mounted firewall to distinguish harmful anomalies from harmless anomalies.

图4是本申请再一实施例中车载防火墙的异常处理方法的流程图,进一步作为可选地如图4所示,上述步骤S101进一步包括以下步骤S401:Figure 4 is a flow chart of an exception handling method for a vehicle-mounted firewall in yet another embodiment of the present application. Alternatively, as shown in Figure 4, the above step S101 further includes the following step S401:

S401、整车上电时从非易失性存储器中读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数。S401. When the vehicle is powered on, an initial alarm record table is read from the non-volatile memory. The initial alarm record table records historical anomalies and scores of the historical anomalies.

在其中一个实施例中,该车载防火墙的异常处理方法进一步包括以下步骤S402。In one embodiment, the vehicle firewall exception handling method further includes the following step S402.

S402、所述整车下电时,将更新的所述初始警报记录表作为新的初始警报记录表存储至所述非易失性存储器中。S402. When the entire vehicle is powered off, store the updated initial alarm record table as a new initial alarm record table in the non-volatile memory.

根据本实施例的一个使用场景例如:通过M个点火周期(其中,M为预设值),车载防火墙学习一款车的总线通信协议总线上,不符合总线通信协议定义和设计目标的错误报文行为,以及因为电子器件老化和总线负载率变化导致的报文周期波动等行为。忽略因物理因素影响或设计原因导致的车辆异常行为,并且暴露和突出恶意攻击和有危害的车辆异常状态。According to a usage scenario of this embodiment, for example: through M ignition cycles (where M is a preset value), the vehicle-mounted firewall learns the bus communication protocol of a vehicle and generates an error message that does not meet the bus communication protocol definition and design goals. Message behavior, as well as message cycle fluctuations caused by aging of electronic components and changes in bus load rate. Ignore abnormal vehicle behaviors caused by physical factors or design reasons, and expose and highlight malicious attacks and harmful abnormal vehicle states.

本申请在车载防火墙内部增加警报记录表功能,储存车载防火墙发出的警报(或者说是异常),和对该警报的评分,并且本申请设计一套方法给每一条警报评分。This application adds an alarm record table function inside the vehicle firewall to store the alarms (or abnormalities) issued by the vehicle firewall and the scores for the alarms. This application also designs a method to score each alarm.

警报的评分通过其在多次点火周期中连续出现的情况计算得出,反映了警报在车辆运行过程中的持续性。当记录表中的某一条警报的分值大于等于一个阈值x时,可以判断触发该警报的是持续高频发生的异常行为,则车载防火墙不再产生和发送该警报。An alarm's score is calculated based on its consecutive occurrence over multiple ignition cycles, reflecting the alarm's persistence during vehicle operation. When the score of an alarm in the record table is greater than or equal to a threshold x, it can be judged that the alarm is triggered by abnormal behavior that continues to occur at a high frequency, and the on-board firewall will no longer generate and send the alarm.

车载防火墙在每一次整车上电时从非易失性存储器中将记录表读取到内存中,并且在车载防火墙运行期间,车载防火墙更新和维护内存中的记录表。车载防火墙在每一次整车下电前,将内存中的警报记录表写入非易失性中,覆盖旧的警报记录表。所以本申请让车载防火墙维护两个警报记录表:一个在内存中,运行时使用;一个在非易失性存储器中,用来在车辆不运行期间保存警报记录表内容。车载防火墙只对内存中的警报记录表进行修改,对非易失性存储器中的记录表只做覆盖和读取操作。The vehicle-mounted firewall reads the record table from the non-volatile memory into the memory every time the vehicle is powered on, and during the operation of the vehicle-mounted firewall, the vehicle-mounted firewall updates and maintains the record table in the memory. Before each vehicle is powered off, the vehicle-mounted firewall writes the alarm record table in the memory into non-volatile memory, overwriting the old alarm record table. Therefore, this application allows the vehicle-mounted firewall to maintain two alarm record tables: one in memory, used during operation; one in non-volatile memory, used to save the contents of the alarm record table when the vehicle is not running. The on-board firewall only modifies the alarm record table in the memory, and only overwrites and reads the record table in the non-volatile memory.

每一次点火周期,也就是一次整车上电和整车下电之间车辆运行期间,车载防火墙对警报记录表中每一条警报的评分进行且只进行一次更新。如果本次点火周期某条警报的评分增加了,则不会再减少;反而,如果在整车下电前,某条警报的评分没有发生变化,则此时会将分值减少。除非某条警报的分值超过了阈值x,则车载防火墙不再对这条警报的评分进行修改。During each ignition cycle, that is, while the vehicle is running between the time the vehicle is powered on and the vehicle is powered off, the on-board firewall updates the score of each alarm in the alarm record table only once. If the score of an alarm increases during this ignition cycle, it will not be reduced; on the contrary, if the score of an alarm does not change before the vehicle is powered off, the score will be reduced at this time. Unless the score of an alarm exceeds the threshold x, the on-board firewall will no longer modify the score of this alarm.

在该场景下,如果一个点火周期内发生了至少一次某条警报,该异常的分数+2;反之,分数-1。详细逻辑如下所述:In this scenario, if an alarm occurs at least once within an ignition cycle, the score of the abnormality is +2; otherwise, the score is -1. The detailed logic is described below:

1)如果警报记录表中的某条警报分值大于等于阈值x,则整车下电期间内不对该警报的分数进行修改;1) If the score of an alarm in the alarm record table is greater than or equal to the threshold x, the score of the alarm will not be modified while the vehicle is powered off;

2)如果发生了某条警报,且该警报在记录表中分数大于等于1且小于阈值x,且该警报的分值在本次点火周期中还没有被修改过,则它的分数+2,且在本次点火周期中后续不再修改;2) If an alarm occurs, and the alarm's score in the record table is greater than or equal to 1 and less than the threshold x, and the alarm's score has not been modified in this ignition cycle, its score + 2, And it will not be modified later in this ignition cycle;

3)如果发生了某条警报,且该警报在记录表中分数大于等于1且小于等于阈值x,且在本次点火周期中已经修改过该警报的分值,则无需更新记录表;3) If an alarm occurs, and the alarm's score in the record table is greater than or equal to 1 and less than or equal to the threshold x, and the alarm's score has been modified during this ignition cycle, there is no need to update the record table;

4)如果整车下电下电时,记录表中某条警报对应的分值没有被修改过,且该条警报的分值大于等于1且小于等于阈值x,则将分数-1;4) If the score corresponding to an alarm in the record table has not been modified when the vehicle is powered off, and the score of the alarm is greater than or equal to 1 and less than or equal to the threshold x, then the score will be -1;

5)如果某条警报的分值在-1后等于或小于0,则从记录表中删除该条警报的记录;5) If the score of an alarm is equal to or less than 0 after -1, delete the record of the alarm from the record table;

6)如果警报记录表没有该警报的记录,则新建该警报记录,且该警报的初始评分为2。6) If the alarm record table does not have a record for the alarm, create a new alarm record, and the initial score of the alarm is 2.

每次车载防火墙在发送警报前对比警报记录表,根据警报记录表中各个警报的分数可以对该异常进行如下处理:Each time the on-board firewall compares the alarm record table before sending an alarm, the exception can be processed as follows based on the scores of each alarm in the alarm record table:

1)存在相同的警报,且评分大于等于阈值x,则对该警报不再发送报警提醒;1) If the same alarm exists and the score is greater than or equal to the threshold x, no alarm reminder will be sent to the alarm;

2)存在相同的警报,且评分大于等于1且小于阈值x,则对该警报发送报警提醒;2) The same alarm exists, and the score is greater than or equal to 1 and less than the threshold x, then an alarm reminder is sent to the alarm;

3)不存在相同的警报,则新建该条警报的记录,对应初始分数为2。3) If the same alarm does not exist, a new record of the alarm will be created, with the corresponding initial score being 2.

本实施例通过在每次整车下电时,将该更新的所述初始警报记录表作为新的初始警报记录表存储至所述非易失性存储器中,使得整车下次上电时,在非易失性存储器中读取的初始警报记录表是更新后的初始警报记录表,使得该车载防火墙的异常处理方法具有循环性,因此在多次整车下电、整车上电的循环中,可以通过分数积累进一步区分开有害异常和无害异常,使得有害异常和无害异常的区分更加明显,使车载防火墙能够不通过空中下载或刷新的方式,自己能够更新策略降低误报率。In this embodiment, each time the vehicle is powered off, the updated initial alarm record table is stored in the non-volatile memory as a new initial alarm record table, so that the next time the vehicle is powered on, The initial alarm record table read in the non-volatile memory is the updated initial alarm record table, which makes the exception handling method of the vehicle firewall cyclic. In the system, harmful anomalies and harmless anomalies can be further distinguished through score accumulation, making the distinction between harmful anomalies and harmless anomalies more obvious, allowing the on-board firewall to update its own policies to reduce the false alarm rate without over-the-air downloading or refreshing.

图5是本申请一实施例中车载防火墙的异常处理装置的示范性结构框图,下面结合图5详细描述根据本申请一实施例的车载防火墙的异常处理装置,如图5所示,该车载防火墙的异常处理装置100包括表读取模块11、第一打分模块12、第二打分模块13及判断模块14。Figure 5 is an exemplary structural block diagram of an exception handling device for a vehicle-mounted firewall according to an embodiment of the present application. The following is a detailed description of the exception handling device for a vehicle-mounted firewall according to an embodiment of the present application in conjunction with Figure 5. As shown in Figure 5, the vehicle-mounted firewall The exception handling device 100 includes a table reading module 11, a first scoring module 12, a second scoring module 13 and a judgment module 14.

表读取模块11,用于整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数。The table reading module 11 is used to read the initial alarm record table when the entire vehicle is powered on. The initial alarm record table records historical anomalies and scores of the historical anomalies.

在其中的一个实施例中,该初始警报记录表可以存储在非易失性存储器中,该初始警报记录表中记录的历史异常可以既包括有害异常,也包括无害异常。In one embodiment, the initial alarm record table may be stored in a non-volatile memory, and the historical anomalies recorded in the initial alarm record table may include both harmful anomalies and harmless anomalies.

其中,所述有害异常例如遭受黑客的恶意攻击,所述无害异常例如因为车辆自身运行状态波动、设计和生产上的误差、电子元器件老化等因素导致车辆网络通信存在与设计预期不相符的异常状态。Among them, the harmful anomaly may be maliciously attacked by hackers, and the harmless anomaly may be caused by vehicle network communication being inconsistent with design expectations due to factors such as fluctuations in the vehicle's own operating status, design and production errors, aging of electronic components, etc. Abnormal status.

第一打分模块12,用于当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数。The first scoring module 12 is configured to, when an exception is reported through the on-board firewall between the time the entire vehicle is powered on and the entire vehicle is powered off, score the reported exception once, and update the reported corresponding exception to the initial value. The score in the alarm record table.

在其中一个实施例中,对报出的所述异常进行一次打分可以是在整车上电至整车下电期间异常首次报出时对该异常进行打分,在整车下电之前若该异常再报出则不再进行打分。In one of the embodiments, scoring the reported abnormality once may be to score the abnormality when the abnormality is reported for the first time during the period from when the entire vehicle is powered on to when the entire vehicle is powered off. If the abnormality is reported before the entire vehicle is powered off, If you report again, you will not be graded.

进一步地,对报出的所述异常进行一次打分可以是对报出的所述异常进行加分。Further, scoring the reported exception once may be adding points to the reported exception.

在其中一个实施例中,若报出的所述异常为所述初始警报记录表记录的历史异常,则获取该异常在该初始警报记录表中的历史分数,将该异常的历史分数加上本次所打的分数作为该异常的更新后的分数。In one embodiment, if the reported exception is a historical exception recorded in the initial alarm record table, the historical score of the exception in the initial alarm record table is obtained, and the historical score of the exception is added to this The score given this time is used as the updated score of the anomaly.

第二打分模块13,用于当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数。The second scoring module 13 is used to score the unreported historical anomalies once in the initial alarm record table between when the entire vehicle is powered on and when the entire vehicle is powered off, and Update the score of the corresponding anomaly that has not been reported in the initial alarm record table.

在其中一个实施例中,对该未报出的历史异常进行的打分与对报出的异常进行打分的打分符号相反。In one embodiment, the scoring sign for the unreported historical anomaly is opposite to the scoring sign for the reported anomaly.

在其中一个实施例中,对未报出的所述历史异常进行一次打分可以是对未报出的异常进行一次减分。In one embodiment, assigning a score to the historical anomaly that has not been reported may mean deducting points for the anomaly that has not been reported.

在该实施例中,由于有害异常不一定会在汽车每次上电都报出,而无害异常由于其具有持续发生的特性,对未报出的异常进行减分以体现出未报出的异常更可能是有害异常。In this embodiment, since harmful exceptions may not be reported every time the car is powered on, and harmless exceptions have the characteristics of continuous occurrence, points are deducted for unreported exceptions to reflect unreported exceptions. Exceptions are more likely to be harmful exceptions.

在其中一个实施例中,该第二打分模块13对该未报出的历史异常进行的打分与对报出的异常进行打分的打分符号相反。In one of the embodiments, the second scoring module 13 scores the unreported historical anomaly with a scoring sign that is opposite to the scoring sign for the reported anomaly.

判断模块14,用于若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。The determination module 14 is configured to determine that the corresponding anomaly is a harmful anomaly if the updated score of the anomaly is within a preset range; otherwise, determine that the corresponding anomaly is a harmless anomaly.

在其中一个实施例中,该预设的范围可以是人为设定的范围,例如,当更新后的所述异常的分数大于预设的某一阈值时,判断该异常为无害异常,当更新后的所述异常的分数小于等于该阈值时,则判断对应的异常为有害异常。进一步地,可以对判断为有害的异常进行报警处理,也可以从所述初始警报记录表中删除分数大于该阈值的异常。In one embodiment, the preset range may be an artificially set range. For example, when the updated score of the anomaly is greater than a preset threshold, the anomaly is judged to be a harmless anomaly. When the updated When the score of the subsequent anomaly is less than or equal to the threshold, the corresponding anomaly is determined to be a harmful anomaly. Further, anomalies judged to be harmful may be subjected to alarm processing, or anomalies with a score greater than the threshold may be deleted from the initial alarm record table.

在其中一个实施例中,该第一打分模块12包括:In one embodiment, the first scoring module 12 includes:

异常获取单元,用于获取在整车上电至整车下电期间报出的所述异常;An exception acquisition unit is used to acquire the abnormality reported during the period from when the entire vehicle is powered on to when the entire vehicle is powered off;

第一判断单元,用于判断所述初始警报记录表中是否包含有报出的所述异常,若是,则对报出的所述异常在首次报出时进行一次加分,否则,则对报出的所述异常在首次报出时以零为基础分进行一次加分并将报出的所述异常及所打的分数保存在所述初始警报记录表中。The first judgment unit is used to judge whether the initial alarm record table contains the reported exception. If so, add points to the reported exception when it is reported for the first time. Otherwise, add points to the reported exception. When the abnormality is reported for the first time, points will be added based on zero, and the reported abnormality and the score will be saved in the initial alarm record table.

在其中一个实施例中,若报出的异常不为所述初始警报记录表中记录的历史异常,则将报出的异常保存在该初始警报记录表中时,可以将对该报出的异常所打的分数确定为该异常在初始警报记录表中记录的分数。In one embodiment, if the reported exception is not a historical exception recorded in the initial alarm record table, when the reported exception is saved in the initial alarm record table, the reported exception can be stored in the initial alarm record table. The score assigned is determined as the score recorded in the initial alarm record table for the anomaly.

在其中一个实施例中,该第二打分模块13包括:In one embodiment, the second scoring module 13 includes:

减分单元,用于当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次减分。The point reduction unit is used to deduct points for the unreported historical anomalies when there are historical anomalies that have not been reported in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off.

在该实施例中可以通过该第一打分模块12可以对报出的所述异常在首次报出时进行加分,对应地,可以通过该第二打分模块13对未报出的历史异常进行减分,以区分有害异常和无害异常。In this embodiment, the first scoring module 12 can be used to add points to the reported anomaly when it is reported for the first time. Correspondingly, the second scoring module 13 can be used to deduct points for unreported historical anomalies. to distinguish harmful anomalies from harmless anomalies.

在其他实施例中,也可以该第一打分模块12对报出的所述异常在首次报出时进行减分,对应地,通过该第二打分模块13对未报出的历史异常进行加分,也可以区分有害异常和无害异常。In other embodiments, the first scoring module 12 can also deduct points for the reported anomaly when it is reported for the first time, and correspondingly, the second scoring module 13 can add points for unreported historical anomalies. , can also distinguish harmful anomalies from harmless anomalies.

本实施例通过对未报出的历史异常进行减分,同时对报出的异常进行加分,以拉开有害异常与无害异常之间的分数,便于车载防火墙区分有害异常和无害异常。This embodiment deducts points for unreported historical anomalies and adds points for reported anomalies, so as to widen the score between harmful anomalies and harmless anomalies, making it easier for the vehicle-mounted firewall to distinguish harmful anomalies from harmless anomalies.

在其中一个实施例中,该车载防火墙的异常处理装置100还包括:In one embodiment, the exception handling device 100 of the vehicle firewall further includes:

报警模块,用于判断对应的异常为有害异常时,对所述有害异常进行报警提醒;The alarm module is used to alarm and remind the harmful abnormality when it is judged that the corresponding abnormality is a harmful abnormality;

删除模块,用于判断对应的异常为无害异常时,将所述无害异常从所述初始警报记录表中删除。A deletion module, configured to delete the harmless exception from the initial alarm record table when it is determined that the corresponding exception is a harmless exception.

在其中一个实施例中,所述表读取模块11具体用于在整车上电时,从非易失性存储器中读取所述初始警报记录表;In one embodiment, the table reading module 11 is specifically used to read the initial alarm record table from the non-volatile memory when the vehicle is powered on;

进一步地,该车载防火墙的异常处理装置100还包括:Further, the exception handling device 100 of the vehicle firewall also includes:

存储模块,用于在整车下电时,将更新的所述初始警报记录表作为新的初始警报记录表存储至所述非易失性存储器中。A storage module configured to store the updated initial alarm record table as a new initial alarm record table into the non-volatile memory when the vehicle is powered off.

本实施例提供的车载防火墙的异常处理装置通过对报出的异常和未报出的历史异常分别进行打分,通过分析可以得知无害异常具有高频且持续发生的特性,而有害异常不具有该特性,故在对报出的异常和未报出的历史异常分别进行打分时,均是仅在整车上电至整车下电期间打一次分,不论同一异常报出了多少次,均只对该异常打一次分,使得初始警报记录表中记录的异常的分数具有识别力,对各个异常最终所打的分数能够区分出有害异常和无害异常。The exception handling device of the vehicle-mounted firewall provided in this embodiment scores reported exceptions and unreported historical exceptions respectively. Through analysis, it can be learned that harmless exceptions have the characteristics of high frequency and continuous occurrence, while harmful exceptions do not. Due to this feature, when reporting exceptions and unreported historical exceptions are scored separately, the score is only scored once from when the entire vehicle is powered on to when the vehicle is powered off. No matter how many times the same exception is reported, the score will be scored. The anomaly is only scored once, so that the anomaly score recorded in the initial alarm record table has the ability to identify, and the final score for each anomaly can distinguish harmful anomalies from harmless anomalies.

图6是本申请一实施例中车载防火墙的结构框图,关于车载防火墙的异常处理装置的具体限定可以参见上文中对于车载防火墙的异常处理方法的限定,在此不再赘述。上述车载防火墙的异常处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于车载防火墙中的处理器中,也可以以软件形式存储于车载防火墙中的存储器中,以便于处理器调用执行以上各个模块对应的操作。Figure 6 is a structural block diagram of a vehicle-mounted firewall in an embodiment of the present application. For specific limitations on the exception handling device of the vehicle-mounted firewall, please refer to the limitations on the exception handling method of the vehicle-mounted firewall mentioned above, which will not be described again here. Each module in the above-mentioned exception handling device of the vehicle-mounted firewall may be implemented in whole or in part by software, hardware, or a combination thereof. Each of the above modules can be embedded in or independent of the processor in the vehicle firewall in the form of hardware, or can be stored in the memory of the vehicle firewall in the form of software, so that the processor can call and execute the operations corresponding to each of the above modules.

在一个实施例中,提供了一种车载防火墙,其内部结构图可以如图6所示。该车载防火墙包括通过系统总线连接的处理器、存储器、网络接口、输出装置和输入装置。其中,该车载防火墙的处理器用于提供计算和控制能力。该车载防火墙的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机程序,具体用于存储初始警报记录表。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该车载防火墙的网络接口用于与外部设备通过网络连接通信。该计算机程序被处理器执行时以实现一种车载防火墙的异常处理方法。In one embodiment, a vehicle-mounted firewall is provided, the internal structure diagram of which can be shown in Figure 6 . The vehicle-mounted firewall includes a processor, a memory, a network interface, an output device, and an input device connected through a system bus. Among them, the processor of the vehicle-mounted firewall is used to provide computing and control capabilities. The memory of the vehicle-mounted firewall includes non-volatile storage media and internal memory. The non-volatile storage medium stores an operating system and a computer program, and is specifically used to store the initial alarm record table. This internal memory provides an environment for the execution of operating systems and computer programs in non-volatile storage media. The network interface of the vehicle firewall is used to communicate with external devices through a network connection. When the computer program is executed by the processor, it implements an exception handling method for the vehicle-mounted firewall.

在一个实施例中,提供了一种车载防火墙,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现上述实施例中车载防火墙的异常处理方法的步骤,例如图1所示的步骤101至步骤104。或者,处理器执行计算机程序时实现上述实施例中车载防火墙的异常处理装置的各模块/单元的功能,例如图5所示模块11至模块14的功能。为避免重复,这里不再赘述。In one embodiment, a vehicle-mounted firewall is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, the exception handling of the vehicle-mounted firewall in the above embodiment is implemented. The steps of the method are, for example, steps 101 to 104 shown in Figure 1 . Alternatively, when the processor executes the computer program, the functions of each module/unit of the exception handling device of the vehicle-mounted firewall in the above embodiment are implemented, such as the functions of modules 11 to 14 shown in FIG. 5 . To avoid repetition, they will not be repeated here.

在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现上述实施例中车载防火墙的异常处理方法的步骤,例如图1所示的步骤101至步骤104。或者,计算机程序被处理器执行时实现上述实施例中车载防火墙的异常处理装置的各模块/单元的功能,例如图5所示模块11至模块14的功能。为避免重复,这里不再赘述。In one embodiment, a computer-readable storage medium is provided, with a computer program stored thereon. When the computer program is executed by a processor, the steps of the exception handling method of the vehicle-mounted firewall in the above embodiment are implemented, for example, as shown in Figure 1 Step 101 to step 104. Alternatively, when the computer program is executed by the processor, the functions of each module/unit of the exception handling device of the vehicle firewall in the above embodiment are realized, such as the functions of modules 11 to 14 shown in Figure 5 . To avoid repetition, they will not be repeated here.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be completed by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile computer-readable storage. In the media, when executed, the computer program may include the processes of the above method embodiments.

根据本申请的再一个方面提供的一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现所述车载防火墙的异常处理方法的步骤。According to yet another aspect of the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the steps of the exception handling method of the vehicle-mounted firewall are implemented.

其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

图7是本申请一实施例中汽车的结构示意图,如图7所示,该汽车包括上述的车载防火墙。Figure 7 is a schematic structural diagram of a car in an embodiment of the present application. As shown in Figure 7, the car includes the above-mentioned vehicle-mounted firewall.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。Those skilled in the art can clearly understand that for the convenience and simplicity of description, only the division of the above functional units and modules is used as an example. In actual applications, the above functions can be allocated to different functional units and modules according to needs. Module completion means dividing the internal structure of the device into different functional units or modules to complete all or part of the functions described above.

以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-described embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the above-mentioned implementations. The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions in the embodiments of this application, and should be included in within the protection scope of this application.

Claims (10)

1.一种车载防火墙的异常处理方法,其特征在于,所述方法包括:1. An exception handling method for a vehicle-mounted firewall, characterized in that the method includes: 整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数;When the entire vehicle is powered on, the initial alarm record table is read, and the initial alarm record table records historical anomalies and scores of the historical anomalies; 当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数;When an exception is reported through the vehicle firewall between the time the entire vehicle is powered on and the vehicle is powered off, the reported exception is scored once, and the score of the reported corresponding exception in the initial alarm record table is updated; 当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数;When there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off, score the unreported historical anomalies once and update the corresponding unreported anomalies in the table. the score in the initial alarm record table; 若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。If the updated score of the anomaly is within the preset range, the corresponding anomaly is determined to be a harmful anomaly; otherwise, the corresponding anomaly is determined to be a harmless anomaly. 2.根据权利要求1所述的车载防火墙的异常处理方法,其特征在于,所述当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数的步骤包括:2. The abnormality handling method of the vehicle-mounted firewall according to claim 1, characterized in that when an abnormality is reported through the vehicle-mounted firewall during the period from powering on the entire vehicle to powering off the entire vehicle, the abnormality reported is processed. The steps of scoring once and updating the score of the reported corresponding anomaly in the initial alarm record table include: 获取在整车上电至整车下电期间报出的所述异常;Obtain the exception reported during the period from when the entire vehicle is powered on to when the entire vehicle is powered off; 判断所述初始警报记录表中是否包含有报出的所述异常,若是,则对报出的所述异常在首次报出时进行一次加分,否则,则对报出的所述异常在首次报出时以零为基础分进行一次加分并将报出的所述异常及所打的分数保存在所述初始警报记录表中。Determine whether the initial alarm record table contains the reported exception. If so, add points to the reported exception when it is reported for the first time. Otherwise, add points to the reported exception when it is reported for the first time. When reporting, an additional score is added based on zero, and the reported abnormality and the score are saved in the initial alarm record table. 3.根据权利要求1所述的车载防火墙的异常处理方法,其特征在于,所述当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分的步骤包括:3. The abnormality handling method of the vehicle-mounted firewall according to claim 1, characterized in that when there is an unreported historical abnormality in the initial alarm record table during the period from when the entire vehicle is powered on to when the entire vehicle is powered off, The steps for scoring the unreported historical anomalies include: 当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次减分。When there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off, points will be deducted once for the unreported historical anomalies. 4.根据权利要求1所述的车载防火墙的异常处理方法,其特征在于,所述方法还包括:4. The vehicle firewall exception handling method according to claim 1, characterized in that the method further includes: 判断对应的异常为有害异常时,对所述有害异常进行报警提醒;When the corresponding anomaly is judged to be a harmful anomaly, an alarm will be issued for the harmful anomaly; 判断对应的异常为无害异常时,将所述无害异常从所述初始警报记录表中删除。When it is determined that the corresponding exception is a harmless exception, the harmless exception is deleted from the initial alarm record table. 5.根据权利要求1至4任一项所述的车载防火墙的异常处理方法,其特征在于,所述整车上电时读取初始警报记录表的步骤包括:5. The abnormality handling method of the vehicle-mounted firewall according to any one of claims 1 to 4, characterized in that the step of reading the initial alarm record table when the entire vehicle is powered on includes: 所述整车上电时,从非易失性存储器中读取所述初始警报记录表;When the entire vehicle is powered on, the initial alarm record table is read from the non-volatile memory; 所述整车下电时,将更新的所述初始警报记录表作为新的初始警报记录表存储至所述非易失性存储器中。When the entire vehicle is powered off, the updated initial alarm record table is stored in the non-volatile memory as a new initial alarm record table. 6.一种车载防火墙的异常处理装置,其特征在于,所述装置包括:6. An exception handling device for a vehicle-mounted firewall, characterized in that the device includes: 表读取模块,用于整车上电时读取初始警报记录表,所述初始警报记录表中记录有历史异常及所述历史异常的分数;The table reading module is used to read the initial alarm record table when the entire vehicle is powered on. The initial alarm record table records historical anomalies and scores of the historical anomalies; 第一打分模块,用于当在整车上电至整车下电期间通过车载防火墙报出异常时,对报出的所述异常进行一次打分,并更新报出的对应异常在所述初始警报记录表中的分数;The first scoring module is used to score an abnormality reported through the vehicle firewall during the period from when the entire vehicle is powered on to when the entire vehicle is powered off, and to update the reported corresponding abnormality in the initial alarm. Record the scores in the table; 第二打分模块,用于当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次打分,并更新未报出的对应异常在所述初始警报记录表中的分数;The second scoring module is used to score the unreported historical anomalies once and update them when there are unreported historical anomalies in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off. The score of the corresponding anomaly that has not been reported in the initial alarm record table; 判断模块,用于若更新后的所述异常的分数在预设范围之内时,判断对应的异常为有害异常,否则,判断所述对应的异常为无害异常。The judgment module is configured to judge the corresponding abnormality as a harmful abnormality if the updated score of the abnormality is within a preset range; otherwise, judge the corresponding abnormality as a harmless abnormality. 7.根据权利要求6所述的车载防火墙的异常处理装置,其特征在于,所述第一打分模块包括:7. The vehicle firewall exception handling device according to claim 6, wherein the first scoring module includes: 异常获取单元,用于获取在整车上电至整车下电期间报出的所述异常;An exception acquisition unit is used to acquire the abnormality reported during the period from when the entire vehicle is powered on to when the entire vehicle is powered off; 第一判断单元,用于判断所述初始警报记录表中是否包含有报出的所述异常,若是,则对报出的所述异常在首次报出时进行一次加分,否则,则对报出的所述异常在首次报出时以零为基础分进行一次加分并将报出的所述异常及所打的分数保存在所述初始警报记录表中。The first judgment unit is used to judge whether the initial alarm record table contains the reported exception. If so, add points to the reported exception when it is reported for the first time. Otherwise, add points to the reported exception. When the abnormality is reported for the first time, points will be added based on zero, and the reported abnormality and the score will be saved in the initial alarm record table. 8.根据权利要求6所述的车载防火墙的异常处理装置,其特征在于,所述第二打分模块包括:8. The vehicle firewall exception handling device according to claim 6, wherein the second scoring module includes: 减分单元,用于当在整车上电至整车下电期间所述初始警报记录表中存在未报出的历史异常时,对未报出的所述历史异常进行一次减分。The point reduction unit is used to deduct points for the unreported historical anomalies when there are historical anomalies that have not been reported in the initial alarm record table from when the entire vehicle is powered on to when the entire vehicle is powered off. 9.一种车载防火墙,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至5中任一项所述车载防火墙的异常处理方法的步骤。9. A vehicle-mounted firewall, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that when the processor executes the computer program, the processor implements the claims as claimed in The steps of the exception handling method for the vehicle-mounted firewall described in any one of 1 to 5. 10.一种汽车,其特征在于,所述汽车包括如权利要求9所述的车载防火墙。10. A car, characterized in that the car includes a vehicle-mounted firewall as claimed in claim 9.
CN202010001919.8A 2020-01-02 2020-01-02 Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile Active CN113060082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010001919.8A CN113060082B (en) 2020-01-02 2020-01-02 Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010001919.8A CN113060082B (en) 2020-01-02 2020-01-02 Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile

Publications (2)

Publication Number Publication Date
CN113060082A CN113060082A (en) 2021-07-02
CN113060082B true CN113060082B (en) 2023-12-15

Family

ID=76558167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010001919.8A Active CN113060082B (en) 2020-01-02 2020-01-02 Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile

Country Status (1)

Country Link
CN (1) CN113060082B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1197822A2 (en) * 2000-10-13 2002-04-17 Hitachi, Ltd. On-vehicle breakdown-warning report system
CN105320050A (en) * 2015-11-27 2016-02-10 奇瑞汽车股份有限公司 Gateway-based vehicle function centralized control method
CN105553946A (en) * 2015-12-08 2016-05-04 严威 Vehicle-mounted system and its control method based on CAN bus firewall
CN105591858A (en) * 2015-12-02 2016-05-18 广州汽车集团股份有限公司 Vehicle gateway control method and device
JP2016134170A (en) * 2015-01-20 2016-07-25 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Fraud dealing method and electronic control unit
CN106170953A (en) * 2014-04-17 2016-11-30 松下电器(美国)知识产权公司 Vehicle-mounted network system, abnormal detection electronic control unit, and abnormal detection method
CN106965758A (en) * 2016-01-14 2017-07-21 福特全球技术公司 Motor vehicles with communication equipment
CN107444309A (en) * 2016-05-12 2017-12-08 福特全球技术公司 Vehicle network communications protection
CN107548503A (en) * 2015-06-17 2018-01-05 克朗设备公司 Dynamic vehicle performance evaluation instrument with smoothing filter
CN108173929A (en) * 2017-12-26 2018-06-15 中车大连机车车辆有限公司 Wireless upload and expert diagnostic system of the medium-and low-speed maglev train based on TRDP agreements
JP2018157463A (en) * 2017-03-21 2018-10-04 オムロンオートモーティブエレクトロニクス株式会社 On-vehicle communication system, communication management device, and vehicle controller
CN109866710A (en) * 2019-02-18 2019-06-11 苏州工业园区职业技术学院 A kind of In-vehicle networking abnormality detection system
CN110174885A (en) * 2019-06-05 2019-08-27 江苏盛海智能科技有限公司 A kind of fast diagnosis method and terminal of automatic driving vehicle

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9361463B2 (en) * 2013-12-11 2016-06-07 Ut-Batelle, Llc Detection of anomalous events
US10326793B2 (en) * 2015-06-10 2019-06-18 RunSafe Security, Inc. System and method for guarding a controller area network
US11252180B2 (en) * 2015-06-29 2022-02-15 Argus Cyber Security Ltd. System and method for content based anomaly detection in an in-vehicle communication network
US10666615B2 (en) * 2015-08-03 2020-05-26 Sectigo, Inc. Method for detecting, blocking and reporting cyber-attacks against automotive electronic control units
WO2018026030A1 (en) * 2016-08-03 2018-02-08 엘지전자 주식회사 Vehicle and method for controlling same

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1197822A2 (en) * 2000-10-13 2002-04-17 Hitachi, Ltd. On-vehicle breakdown-warning report system
CN106170953A (en) * 2014-04-17 2016-11-30 松下电器(美国)知识产权公司 Vehicle-mounted network system, abnormal detection electronic control unit, and abnormal detection method
JP2016134170A (en) * 2015-01-20 2016-07-25 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Fraud dealing method and electronic control unit
CN107548503A (en) * 2015-06-17 2018-01-05 克朗设备公司 Dynamic vehicle performance evaluation instrument with smoothing filter
CN105320050A (en) * 2015-11-27 2016-02-10 奇瑞汽车股份有限公司 Gateway-based vehicle function centralized control method
CN105591858A (en) * 2015-12-02 2016-05-18 广州汽车集团股份有限公司 Vehicle gateway control method and device
CN105553946A (en) * 2015-12-08 2016-05-04 严威 Vehicle-mounted system and its control method based on CAN bus firewall
CN106965758A (en) * 2016-01-14 2017-07-21 福特全球技术公司 Motor vehicles with communication equipment
CN107444309A (en) * 2016-05-12 2017-12-08 福特全球技术公司 Vehicle network communications protection
JP2018157463A (en) * 2017-03-21 2018-10-04 オムロンオートモーティブエレクトロニクス株式会社 On-vehicle communication system, communication management device, and vehicle controller
CN108173929A (en) * 2017-12-26 2018-06-15 中车大连机车车辆有限公司 Wireless upload and expert diagnostic system of the medium-and low-speed maglev train based on TRDP agreements
CN109866710A (en) * 2019-02-18 2019-06-11 苏州工业园区职业技术学院 A kind of In-vehicle networking abnormality detection system
CN110174885A (en) * 2019-06-05 2019-08-27 江苏盛海智能科技有限公司 A kind of fast diagnosis method and terminal of automatic driving vehicle

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于车载FlexRay网络的入侵检测算法的研究;刘恬佳;《中国优秀硕士学位论文全文数据库 (工程科技Ⅱ辑)》(第01期);第C035-415页 *

Also Published As

Publication number Publication date
CN113060082A (en) 2021-07-02

Similar Documents

Publication Publication Date Title
US20250053640A1 (en) In-memory protection for controller security
US20240380763A1 (en) Centralized controller management and anomaly detection
EP3635562B1 (en) In-memory protection for controller security
KR101638613B1 (en) In-vehicle network intrusion detection system and method for controlling the same
WO2020261262A1 (en) Systems and methods for assessing risk in networked vehicle components
KR20240089282A (en) Universal intrusion detection and prevention for vehicular networks
CN108196940B (en) Method for deleting container and related equipment
KR102829534B1 (en) Apparatus for detecting network intrusion of a vehicle, system having the same and method thereof
US20220012233A1 (en) Creation of a Blockchain with Blocks Comprising an Adjustable Number of Transaction Blocks and Multiple Intermediate Blocks
CN112035472A (en) Data processing method, data processing device, computer equipment and storage medium
CA3130314A1 (en) Order state unified management method and device, computer equipment and storage medium
CN113060082B (en) Abnormality processing method and device for vehicle-mounted firewall, vehicle-mounted firewall and automobile
CN118312342B (en) Method, device, electronic device and readable storage medium for storing diagnostic events
CN107798250B (en) Sensitive information shielding rule issuing method, application server and computer readable storage medium
CN115668191A (en) Control System
JP5518021B2 (en) Information processing device
KR102791245B1 (en) Apparatus for gateway of a vehicle, system having the same and method for detect invasion thereof
CN116049028A (en) Method, system, medium and equipment for positioning out-of-order writing problem based on flash memory
CN114374536A (en) Industrial control firewall and configuration file protection method thereof
CN106062876A (en) Data storage method and device
US20230214479A1 (en) Method and system for detecting and preventing unauthorized access to a computer
CN114285722B (en) A distributed storage cluster node communication alarm method, device, equipment and medium
CN112363927B (en) Code testing method, device, computer equipment and storage medium
CN112100570B (en) Specify the processing method, intelligent terminal, and storage medium of the hooked function
JP2019179486A (en) Information processing device, control method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant