Search

CN-121997348-A - Method and device for determining risk level, storage medium and electronic equipment

CN121997348ACN 121997348 ACN121997348 ACN 121997348ACN-121997348-A

Abstract

The embodiment of the application provides a method and a device for determining a risk level, a storage medium and electronic equipment, wherein the method comprises the steps of determining the safety level of an electronic control unit of a tested vehicle, respectively generating corresponding verification test scripts according to the safety level and a plurality of test strategies, wherein the plurality of test strategies comprise a seed randomness verification test strategy, a fault injection test strategy and an override test strategy, respectively executing the verification test scripts corresponding to the test strategies, and determining the risk level of a safety access service algorithm of the electronic control unit according to a test result.

Inventors

  • Zhuang Yuanqiang
  • LI QIUSHI
  • ZHOU SANGUO

Assignees

  • 上海汽车集团股份有限公司

Dates

Publication Date
20260508
Application Date
20241106

Claims (12)

  1. 1. A method for determining a risk level, comprising: determining the safety level of an electronic control unit of a tested vehicle; respectively generating corresponding verification test scripts according to the security level and a plurality of test strategies, wherein the plurality of test strategies comprise a seed randomness verification test strategy, a fault injection test strategy and an override test strategy; And respectively executing verification test scripts corresponding to the test strategies, and determining the risk level of the security access service algorithm of the electronic control unit according to the test results.
  2. 2. The method of claim 1, wherein determining a security level of an electronic control unit of the vehicle under test comprises: under the condition of receiving an anti-theft security level response corresponding to the anti-theft security level request sent by the electronic control unit, determining the security level of the electronic control unit as the anti-theft security level; Under the condition of receiving an extended security level response corresponding to the extended security level request sent by the electronic control unit, determining the security level of the electronic control unit as an extended security level; And under the condition that a refresh security level response corresponding to the refresh security level request sent by the electronic control unit is received, determining the security level of the electronic control unit as the refresh security level.
  3. 3. The method of claim 1, wherein executing the verification test script corresponding to the test policy comprises: under the condition that the test strategy is a seed randomness verification test strategy, sending a seed request corresponding to the security level to the electronic control unit; Dividing seed information corresponding to the seed request sent by the electronic control unit to generate a training set and a verification set; training the neural network through the seed information in the training set to obtain a prediction model; Predicting seed information in the verification set through the prediction model to obtain first prediction seed information; comparing the seed information in the verification set with first prediction seed information to obtain a first test result, wherein the test result comprises the first test result.
  4. 4. The method of claim 3, wherein comparing seed information in the verification set to first predicted seed information to obtain a first test result, the method further comprising determining a same target number in the seed information in the verification set as the first predicted seed information, and determining a total number of seed information in the verification set; Determining a target duty cycle from the target number and the total number; Determining that the risk level of the security access service algorithm indicated by the first test result is a high risk under the condition that the target duty ratio is larger than a first preset duty ratio; determining that the risk level of the security access service algorithm indicated by the first test result is a moderate risk under the condition that the target duty ratio is larger than a second preset duty ratio; and under the condition that the target duty ratio is smaller than or equal to a second preset duty ratio, determining that the first test result indicates that the risk level of the security access service algorithm is low risk, wherein the first preset duty ratio is larger than the second preset duty ratio.
  5. 5. A method according to claim 3, wherein training the neural network with seed information in the training set to obtain the predictive model comprises: Initializing parameters of the neural network, wherein the parameters comprise a first connection weight of an input layer and a hidden layer of the neural network, a second connection weight of the hidden layer and an output layer, a first bias of a neuron of the hidden layer and a second bias of a neuron of the output layer; the training step is executed, namely, the state parameters of the electronic control unit are input into the neural network, second prediction seed information is output through an output layer of the neural network, global errors of the neural network are determined according to the second prediction seed information and seed information of the verification set, gradients of each parameter are calculated according to a gradient descent method, and each parameter is corrected through learning rate and momentum proportionality coefficient of the neural network; And circularly executing the training step until the global error of the neural network is smaller than a preset error and/or the maximum iteration number is reached, so as to obtain the prediction model.
  6. 6. The method of claim 1, wherein executing the verification test script corresponding to the test policy comprises: Executing target operation and sending a seed request corresponding to the security level to the electronic control unit under the condition that the test strategy is the fault injection test strategy and the delay mechanism corresponding to the security access service is triggered, wherein the target operation at least comprises one of the following steps: Triggering the closing of a bus, powering up and powering down an electronic control unit, resetting the electronic control unit, adjusting the voltage of the electronic control unit to an overvoltage state, and adjusting the voltage of the electronic control unit to an undervoltage state; Under the condition that seed information corresponding to the seed request is received, determining that a risk level of the security access service algorithm indicated by a second test result is a high risk; and under the condition that seed information corresponding to the seed request is not received, determining that a second test result indicates that the risk level of the security access service algorithm is low risk, wherein the test result comprises the second test result.
  7. 7. The method of claim 6, wherein prior to performing the target operation, the method further comprises: triggering a delay mechanism corresponding to the security access service under the condition that the error key of the first time is sent to the electronic control unit and the electronic control unit is powered on or reset; And triggering a delay mechanism corresponding to the security access service under the condition that the error key of the second time is sent to the electronic control unit, wherein the second time is larger than the first time.
  8. 8. The method of claim 1, wherein executing the verification test script corresponding to the test policy comprises: Executing operations outside the security access authentication authority on the electronic control unit and determining first response information of the electronic control unit under the condition that the test strategy is the override test strategy and the security access authentication is not passed, wherein the security access authentication at least comprises one of extending the security access authentication, refreshing the security access authentication and preventing theft of the security access authentication; Determining that a third test result indicates that the risk level of the security access service algorithm is low risk under the condition that the first response information and/or the second response information is negative response information; and under the condition that the first response information and/or the second response information are positive response information, determining that a third test result indicates that the risk level of the security access service algorithm is high risk, wherein the test result comprises the third test result.
  9. 9. A risk level determining apparatus, comprising: the determining module is used for determining the safety level of the electronic control unit of the tested vehicle; The generation module is used for respectively generating corresponding verification test scripts according to the security level and a plurality of test strategies, wherein the plurality of test strategies comprise a seed randomness verification test strategy, A fault injection test strategy and an override test strategy; And the execution module is used for respectively executing the verification test scripts corresponding to the test strategies and determining the risk level of the security access service algorithm of the electronic control unit according to the test results.
  10. 10. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program, wherein the program when run performs the method of any one of claims 1 to 8.
  11. 11. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method according to any of the claims 1-8 by means of the computer program.
  12. 12. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the method of any of claims 1 to 8.

Description

Method and device for determining risk level, storage medium and electronic equipment Technical Field The application relates to the field of information security, in particular to a method and a device for determining a risk level, a storage medium and electronic equipment. Background Along with the continuous promotion of the intelligent and networking processes of automobiles, the requirements of people on the safety and the reliability of the automobiles are continuously improved, and the information safety is also gradually paid attention as an important one. The implementation of the whole vehicle function depends on a controller, and single controller safety is a basic stone of whole vehicle safety. However, the controller is also more likely to be a break for an illegal man attack, and the application program is tampered and illegally updated to the controller, so that the function of the whole vehicle is changed or paralyzed, which is one of the threats. Before the ECU is accessed and rewritten, the ECU needs to access safely through unified diagnostic service (Unified Diagnostic Services, abbreviated as UDS), the UDS secure access service flow is that a seed request is sent to the ECU by an upper computer, after seed information fed back by an electronic control unit (Electronic Control Unit, abbreviated as ECU) is received, a key is calculated and sent to the ECU, and the ECU judges whether the secure access is allowed after comparison. The algorithm in the security access authentication process is not required by industry unified standards, is mostly self-designed by OEM, has little verification of the security of the algorithm, has the risk of being bypassed, but the existing temporary scheme can systematically and efficiently detect the risk. Aiming at the problem that the safety of the safety access service of the electronic control unit of the vehicle is not fully verified in the prior art, no effective solution is proposed at present. Accordingly, there is a need for improvements in the related art to overcome the drawbacks of the related art. Disclosure of Invention The embodiment of the application provides a method and a device for determining a risk level, a storage medium and electronic equipment, which are used for at least solving the problem that the safety of a safety access service of an electronic control unit of a vehicle is not fully verified in the prior art. According to one embodiment of the application, a method for determining a risk level is provided, which comprises the steps of determining the safety level of an electronic control unit of a tested vehicle, respectively generating corresponding verification test scripts according to the safety level and a plurality of test strategies, wherein the plurality of test strategies comprise a seed randomness verification test strategy, a fault injection test strategy and an override test strategy, respectively executing the verification test scripts corresponding to the test strategies, and determining the risk level of a security access service algorithm of the electronic control unit according to a test result. In one exemplary embodiment, determining the security level of an electronic control unit of a vehicle under test comprises switching a session mode of the electronic control unit to an extended session mode, sending a theft protection security level request to the electronic control unit, determining the security level of the electronic control unit to be a theft protection security level when a theft protection security level response corresponding to the theft protection security level request sent by the electronic control unit is received, switching the session mode of the electronic control unit to the extended session mode, sending an extended security level request to the electronic control unit, determining the security level of the electronic control unit to be an extended security level when an extended security level response corresponding to the extended security level request sent by the electronic control unit is received, switching the session mode of the electronic control unit to a refresh session mode, sending a refresh security level request to the electronic control unit, and determining the security level of the electronic control unit to be a refresh security level when a refresh security level response corresponding to the refresh security level request sent by the electronic control unit is received. In an exemplary embodiment, the verification test script corresponding to the test strategy is executed respectively, and the verification test script comprises the steps of sending a seed request corresponding to the security level to the electronic control unit under the condition that the test strategy is a seed randomness verification test strategy, dividing seed information corresponding to the seed request sent by the electronic control unit to generate a training set and a verification set,