Search

CN-116707964-B - Network intrusion detection method, device, equipment and storage medium

CN116707964BCN 116707964 BCN116707964 BCN 116707964BCN-116707964-B

Abstract

The application discloses a network intrusion detection method, device, equipment and storage medium, wherein the method comprises the steps of obtaining a target vehicle control instruction and instruction characteristic information corresponding to the target vehicle control instruction, wherein the instruction characteristic information represents a behavior control sequence corresponding to the target vehicle control instruction so as to obtain first detection information according to the instruction characteristic information and standard instruction characteristic information, wherein the standard instruction characteristic information represents a standard behavior control sequence corresponding to the target vehicle control instruction, and further, according to the first detection information, a network intrusion detection result is obtained.

Inventors

  • ZHANG BINJIE
  • HU HONGXING

Assignees

  • 中汽创智科技有限公司

Dates

Publication Date
20260512
Application Date
20230630

Claims (8)

  1. 1. A method of network intrusion detection, the method comprising: Acquiring a target vehicle control instruction, instruction characteristic information corresponding to the target vehicle control instruction, historical vehicle control network flow information and actual vehicle control network flow value corresponding to the target vehicle control instruction, wherein the instruction characteristic information characterizes a behavior control sequence corresponding to the target vehicle control instruction, the historical vehicle control network flow information is vehicle control network flow information in a preset historical time period, the target vehicle control instruction is a vehicle control instruction to be detected in communication data between a vehicle control terminal and a server, and the behavior control sequence of the vehicle control instruction has singleness; obtaining first detection information according to the instruction characteristic information and standard instruction characteristic information, wherein the standard instruction characteristic information represents a standard behavior control sequence corresponding to the target vehicle control instruction; obtaining dynamic flow baseline information according to the historical vehicle control network flow information; Obtaining second detection information according to the dynamic flow baseline information and the actual vehicle control network flow value; And obtaining a network intrusion detection result according to the first detection information and the second detection information.
  2. 2. The method according to claim 1, wherein the obtaining the first detection information according to the instruction characteristic information and the standard instruction characteristic information includes: according to the instruction characteristic information, obtaining characteristic sequence information corresponding to the target vehicle control instruction, wherein the characteristic sequence information is sequencing information for sequencing the instruction characteristic information; and obtaining the first detection information according to the characteristic sequence information and standard characteristic sequence information corresponding to the standard instruction characteristic information.
  3. 3. The method according to claim 2, wherein the obtaining the first detection information according to the feature sequence information and the standard feature sequence information corresponding to the standard instruction feature information includes: and performing cross matching on the characteristic sequence information and the standard characteristic sequence information to obtain the first detection information.
  4. 4. The method of claim 1, wherein the obtaining second detection information according to the dynamic traffic baseline information and the actual vehicle control network traffic value includes: obtaining a predicted vehicle control network flow value corresponding to the target vehicle control instruction according to the dynamic flow baseline information; And obtaining the second detection information according to the predicted vehicle control network flow value and the actual vehicle control network flow value.
  5. 5. The method of claim 4, wherein the obtaining the second detection information according to the predicted vehicle control network flow value and the actual vehicle control network flow value includes: Obtaining a comparison result between the predicted vehicle control network flow value and the actual vehicle control network flow value according to the predicted vehicle control network flow value and the actual vehicle control network flow value; And obtaining the second detection information according to the comparison result.
  6. 6. A network intrusion detection device, the device comprising: The system comprises a data acquisition module, a control terminal and a service end, wherein the data acquisition module is used for acquiring a target vehicle control instruction, instruction characteristic information corresponding to the target vehicle control instruction, historical vehicle control network flow information and an actual vehicle control network flow value corresponding to the target vehicle control instruction, the instruction characteristic information represents a behavior control sequence corresponding to the target vehicle control instruction, the historical vehicle control network flow information is vehicle control network flow information in a preset historical time period, the target vehicle control instruction is a vehicle control instruction to be detected in communication data between the vehicle control terminal and the service end, and the behavior control sequence of the vehicle control instruction has singleness; The first detection information determining module is used for obtaining first detection information according to the instruction characteristic information and the standard instruction characteristic information, wherein the standard instruction characteristic information represents a standard behavior control sequence corresponding to the target vehicle control instruction; the dynamic flow baseline information determining module is used for obtaining dynamic flow baseline information according to the historical vehicle control network flow information; The second detection information determining module is used for obtaining second detection information according to the dynamic flow baseline information and the actual vehicle control network flow value; And the detection result determining module is used for obtaining a network intrusion detection result according to the first detection information and the second detection information.
  7. 7. A network intrusion detection device, comprising a processor and a memory, wherein the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the network intrusion detection method according to any one of claims 1-5.
  8. 8. A computer readable storage medium, wherein at least one instruction or at least one program is stored in the storage medium, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the network intrusion detection method according to any one of claims 1 to 5.

Description

Network intrusion detection method, device, equipment and storage medium Technical Field The present application relates to the field of vehicle security threat detection and analysis technologies, and in particular, to a network intrusion detection method, device, equipment, and storage medium. Background In order to ensure the safety of the interaction system between the vehicle control terminal and the server, network intrusion detection is required to be performed on the network of the interaction system between the vehicle control terminal and the server, so that potential threats in the interaction system are timely identified through the network intrusion detection, the defending capability of the system is enhanced, and further serious life and property losses caused by malicious attack from hackers on the interaction between the vehicle control terminal and the server can be avoided. At present, a network intrusion detection scheme mainly adopts two modes of misuse detection and abnormal behavior detection, wherein the misuse detection is to compare an observed attack type with a known threat rule type so as to realize network intrusion detection, the abnormal behavior detection is to identify attacks based on normal behaviors of a system so as to realize network intrusion detection, but the misuse detection can only detect the known intrusion threat attacks and can not detect unknown intrusion threat attacks, and although the abnormal behavior detection can detect the unknown intrusion threat attacks, the conventional abnormal behavior detection method can not realize timely, comprehensive, rapid and accurate intrusion detection, and is extremely easy to cause interaction between a vehicle control terminal and a server to suffer from hacking attacks. Accordingly, there is a need for an improved network intrusion detection scheme that addresses the problems with the prior art described above. Disclosure of Invention In order to solve the problems in the prior art, the embodiment of the application provides a network intrusion detection method, a device, equipment and a technical scheme of a storage medium, wherein the technical scheme is as follows: in one aspect, a network intrusion detection method is provided, the method comprising: Acquiring a target vehicle control instruction and instruction characteristic information corresponding to the target vehicle control instruction, wherein the instruction characteristic information characterizes a behavior control sequence corresponding to the target vehicle control instruction; obtaining first detection information according to the instruction characteristic information and standard instruction characteristic information, wherein the standard instruction characteristic information represents a standard behavior control sequence corresponding to the target vehicle control instruction; and obtaining a network intrusion detection result according to the first detection information. Further, the obtaining the first detection information according to the instruction feature information and the standard instruction feature information includes: according to the instruction characteristic information, obtaining characteristic sequence information corresponding to the target vehicle control instruction, wherein the characteristic sequence information is sequencing information for sequencing the instruction characteristic information; and obtaining the first detection information according to the characteristic sequence information and standard characteristic sequence information corresponding to the standard instruction characteristic information. Further, the obtaining the first detection information according to the feature sequence information and the standard feature sequence information corresponding to the standard instruction feature information includes: and performing cross matching on the characteristic sequence information and the standard characteristic sequence information to obtain the first detection information. Further, before the network intrusion detection result is obtained according to the first detection information, the method further includes: Acquiring historical vehicle control network flow information and an actual vehicle control network flow value corresponding to the target vehicle control instruction, wherein the historical vehicle control network flow information is vehicle control network flow information in a preset historical time period; obtaining dynamic flow baseline information according to the historical vehicle control network flow information; and obtaining second detection information according to the dynamic flow baseline information and the actual vehicle control network flow value. Further, the obtaining second detection information according to the dynamic flow baseline information and the actual vehicle control network flow value includes: obtaining a predicted vehicle control network flow value corresponding