车载CAN总线脱离攻击及其入侵检测算法

In-vehicle CAN bus-off attack and its intrusion detection algorithm

CAN总线脱离攻击作为一种新型的攻击方式,通过CAN总线通信的错误处理机制,可以使节点不断产生通信错误并从CAN总线上脱离。针对上述攻击所引发的车载CAN总线通信安全问题,提出了一种车载CAN总线脱离攻击入侵检测算法。首先,总结了车载CAN总线脱离攻击发生的条件与特点,指出正常报文与恶意报文的同步发送是实现总线脱离攻击的难点,并利用前置报文满足同步发送的条件来实现总线脱离攻击。其次,提取了CAN总线脱离攻击的特征,通过累计错误帧的发送数量,并根据报文发送频率的变化实现了对CAN总线脱离攻击的检测。最后,利用基于STM32F407ZGT6的CAN通信节点模拟车内电子控制单元(ECU),实现了恶意报文和被攻击报文的同步发送。进行了CAN总线脱离攻击实验和入侵检测算法的验证。实验结果表明,检测算法对高优先级恶意报文的检测率在95%以上,因此可以有效保护车载CAN总线通信网络的安全。

As a new type of attack,the CAN(Controller Area Network)bus-off attack can force the node to generate communication errors continuously and disconnect from the CAN bus through the error handling mechanism of the CAN bus communication.Aiming at the security problem of in-vehicle CAN bus communication caused by the bus-off attack,an intrusion detection algorithm for the in-vehicle CAN bus-off attack was proposed.Firstly,the conditions and characteristics of the CAN bus-off attack were summarized.It was pointed out that the synchronous transmission of normal message and malicious message is the difficulty of realizing the bus-off attack.And the front-end message satisfying the condition of synchronous transmission was used to realize the bus-off attack.Secondly,the characteristics of the CAN bus-off attack were extracted.By accumulating the transmission number of error frames and according to the change of message transmission frequency,the detection of the CAN bus-off attack was realized.Finally,the CAN communication node based on STM32F407ZGT6 was used to simulate the Electronic Control Unit(ECU)in the vehicle,and the synchronous transmission of the malicious message and the attacked message was realized.The experiment of CAN bus-off attack and the verification of intrusion detection algorithm were carried out.Experimental results show that the detection rate of the algorithm for high priority malicious messages is more than 95%,so the algorithm can effectively protect the security of the in-vehicle CAN bus communication network.