基于威胁情报的汽车攻击检测技术  

作　　者：郭必桁 彭扬[1] 汪向阳 陈丽蓉[1] 罗蕾[1] 赵焕宇 GUO Biheng;PENG Yang;WANG Xiangyang;CHEN Lirong;LUO Lei;ZHAO Huanyu(School of Computer Science and Engineering(Cyberspace Security),University of Electronic Science and Technology of China,Chengdu 611731,China;State Key Laboratory of Intelligent Vehicle Safety Technology,Chongqing 400023,China;Guangdong Vecentek Information Technology Co.,Ltd.,Dongguan 523429,China)

机构地区：[1]电子科技大学计算机科学与工程(网络空间安全)学院,成都611731 [2]智能汽车安全技术全国重点实验室,重庆400023 [3]广东为辰信息科技有限公司,东莞523429

出　　处：《网络空间安全科学学报》2024年第2期86-96,共11页Journal of Cybersecurity

基　　金：智能汽车安全技术全国重点实验室开放基金(IVSTSKL-202316)。

摘　　要：随着汽车的复杂性和连接性不断增加,确保汽车网络安全已成为一个关键问题。传统的基于规则的入侵检测系统难以全面应对复杂且多变的网络攻击问题,为此提出了一种基于威胁情报的汽车攻击检测技术。将获取的开源威胁情报与实时采集的车辆威胁数据相结合,利用威胁情报对汽车遭受的网络安全攻击进行检测和分析。利用知识图谱技术对公开威胁情报进行存储和整合,从而对车辆遭受的网络攻击进行分析,并通过关键词提取和文本相似性分析技术,从开源威胁情报中提取出新的与汽车相关的威胁情报。同时,利用另一个知识图谱来分析从实际车辆获取的实时威胁数据,对车辆所遭受的网络攻击进行检测和识别。通过对威胁情报的利用和分析,构建了一种基于情报的汽车攻击检测技术。With the increasing complexity and connectivity of automobiles,ensuring automotive network security has become a critical issue.Traditional rule-based intrusion detection systems were found to struggle to comprehensively address the complex and evolving network threats of today.To address this issue,an automotive attack detection technology based on network security threat intelligence was proposed.Open-source threat intelligence was combined with real-time threat data collected from vehicles,utilizing threat intelligence to detect and analyze network security attacks on automobiles.Knowledge graph technology was employed to store and integrate public threat intelligence,enabling the analysis of network attacks on vehicles.Additionally,keyword extraction and text similarity analysis techniques were used to extract new automotive-related threat intelligence from open-source threat intelligence.Simultaneously,another knowledge graph was used to analyze real-time threat data obtained from actual vehicles,allowing the detection and identification of network attacks on vehicles.Through the utilization and analysis of threat intelligence,an intelligence-based automotive attack detection technology is developed.

关 键 词：智能网联汽车 攻击检测 威胁情报 知识图谱 攻击分析 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]