Research And Implementation Of Defense Technology For In-vehicle Network Of Connected Vehicle

With the networking and intellectualization of the automobile,the automobile is gradually connected to the Internet,getting more and more convenient and intelligent services from the Internet,but at the same time,the automobile also opens more and more network interfaces to the outside world,and the automobile is facing more and more severe network threats.In recent years,there have been many cases in which white hat hackers and security researchers have realized remote intrusion and control of automobiles,and the network security of automobile has become particularly important.Because the vehicle was a closed system before,the network security of the traditional in-vehicle network communication technology is very poor,and the in-vehicle communication network is often the ultimate target network for the attacker to achieve the purpose of interference or even control of the vehicle,so for the Internet vehicle,the network security of in-vehicle communication network is very important.In this paper,we introduce and compare several common in-vehicle network communication technologies,and make a deep study on the most widely used CAN network and automotive Ethernet with good development prospects,and we analyze their network security,and summarize and classify the security research and related solutions currently used in CAN network and automotive Ethernet.Based on the research of predecessors,this paper puts forward the applicable security solution for CAN network and Ethernet respectively,and designs and implements a set of detection and defense system based on the vehicle network system with CAN network and automotive Ethernet as the main body.In this paper,we study the design features of vehicle CAN network communication matrix and the file format of communication matrix,then we propose CAN network intrusion detection and defense methods which use CAN network communication matrix to check from three dimensions of signal,message and network.It can effectively detect or defend attacks such as injection,tampering and replay.We study the SecOC security mechanism while is applicable to automotive Ethernet,and analyze its characteristics and shortcomings.Then on the base of these,combined with the characteristics of vehicle communication data,we put forward a dynamic encryption data method based on the idea of mobile target defense.By encrypting the key data with a changed key,the shortcomings of in-vehicle network communication data clear text transmission and high repetition rate can be remedied.It can add the difficulty of network being cracked and attacked.And filter the communication data according to the device authority and application layer protocol.It can effectively detect and defend the attack message.Finally,we make a test and estimate of the defense system.The test results show that the defense system designed in this paper can effectively detect and defend CAN bus and vehicle Ethernet attacks,and can take into account the high real-time requirements of the vehicle control system.