基于通信特征的CAN总线泛洪攻击检测方法  被引量：6

作　　者：季一木[1,2,3,4] 焦志鹏 刘尚东[1,2,3,4] 吴飞[3,5] 孙静[1,3] 王娜 陈治宇 毕强[1,3] 田鹏浩 JI Yimu;JIAO Zhipeng;LIU Shangdong;WU Fei;SUN Jing;WANG Na;CHEN Zhiyu;BI Qiang;TIAN Penghao(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory of High-Tech Research on Wireless Sensor Networks,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Institute of High Performance Computing and Big Data Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Research Center for High Performance Computing and Intelligent Processing Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;School of Automation,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)

机构地区：[1]南京邮电大学计算机学院,江苏南京210023 [2]南京邮电大学江苏省无线传感网高技术研究重点实验室,江苏南京210023 [3]南京邮电大学高性能计算与大数据处理研究所,江苏南京210023 [4]南京邮电大学高性能计算与智能处理工程研究中心,江苏南京210023 [5]南京邮电大学自动化学院,江苏南京210023

出　　处：《网络与信息安全学报》2020年第1期27-37,共11页Chinese Journal of Network and Information Security

基　　金：国家重点研发计划基金资助项目(No.2017YFB1401302,No.2017YFB0202200);国家自然科学基金资助项目(No.61572260,No.61872196);江苏省自然科学基金优秀青年基金资助项目(No.BK20170100);江苏省重点研发计划基金资助项目(No.BE2017166)。

摘　　要：CAN由于其突出的可靠性和灵活性,已成为当代汽车应用最广泛的现场总线。但是标准CAN协议没有提供足够的安全措施,易遭受窃听、重放、泛洪、拒绝服务攻击。为了有效检测CAN总线是否遭受到攻击,并在遭受泛洪攻击时将恶意报文滤除。对车载CAN总线报文通信特征进行了分析,提出一种入侵检测方法,该方法可以有效进行入侵检测、恶意报文滤除。通过实验验证,该方法可以100%检测出CAN总线是否遭受攻击,恶意报文过滤的准确率可达99%以上。CAN has become the most extensive fieldbus for contemporary automotive applications due to its outstanding reliability and flexibility.However,the standard CAN protocol does not provide sufficient security measures and is vulnerable to eavesdropping,replay,flooding,and denial of service attacks.In order to effectively detect whether the CAN bus is attacked,and to filter malicious messages when subjected to flooding attacks.The characteristics of vehicle CAN bus message communication were analyzed,and an intrusion detection method was proposed,which could effectively perform intrusion detection and malicious message filtering.Through experimental verification,the method can detect whether the CAN bus is attacked by 100%,and the accuracy of malicious packet filtering can reach over 99%.

关 键 词：CAN总线 通信特征 入侵检测 恶意报文过滤 

分 类 号：TP336[自动化与计算机技术—计算机系统结构]