[go: up one dir, main page]

CN119484167B - Sensor attack detection method, device, medium and product in Internet of vehicles - Google Patents

Sensor attack detection method, device, medium and product in Internet of vehicles Download PDF

Info

Publication number
CN119484167B
CN119484167B CN202510065394.7A CN202510065394A CN119484167B CN 119484167 B CN119484167 B CN 119484167B CN 202510065394 A CN202510065394 A CN 202510065394A CN 119484167 B CN119484167 B CN 119484167B
Authority
CN
China
Prior art keywords
data
vehicles
attack detection
sensor
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202510065394.7A
Other languages
Chinese (zh)
Other versions
CN119484167A (en
Inventor
张辉
张翰文
蔡幼忠
刘炎
王仲宁
刘秀娇
梁经国
付河
张宏
周绍栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Guangri Electricity Facilities Co Ltd
Original Assignee
Guangzhou Guangri Electricity Facilities Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Guangri Electricity Facilities Co Ltd filed Critical Guangzhou Guangri Electricity Facilities Co Ltd
Priority to CN202510065394.7A priority Critical patent/CN119484167B/en
Publication of CN119484167A publication Critical patent/CN119484167A/en
Application granted granted Critical
Publication of CN119484167B publication Critical patent/CN119484167B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0475Generative networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/094Adversarial learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Molecular Biology (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • General Physics & Mathematics (AREA)
  • Biomedical Technology (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biophysics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Traffic Control Systems (AREA)

Abstract

The application discloses a method, equipment, medium and product for detecting sensor attack in the Internet of vehicles, which relate to the field of intelligent vehicles, and comprise the steps of preprocessing data of a real vehicle; the novel generation countermeasure network is adopted to obtain generation data according to the preprocessed data, and comprises an abnormal data generation model and an abnormal data discrimination model based on a self-adaptive self-attention mechanism, attack detection is carried out according to sample data consisting of the generation data and the preprocessed data, the novel generation countermeasure network is updated by adopting a dynamic adjustment module based on a self-adaptive feedback mechanism according to a detection result, the updated novel generation countermeasure network is utilized to generate abnormal data, and sensor attack detection is carried out according to the generated abnormal data. The application can realize accurate, efficient and real-time optimized Internet of vehicles data analysis and network attack detection, thereby ensuring the safe operation of the intelligent driving vehicle.

Description

Sensor attack detection method, device, medium and product in Internet of vehicles
Technical Field
The application relates to the field of intelligent vehicles, in particular to a method, equipment, medium and product for detecting sensor attack in the Internet of vehicles.
Background
With the development of intelligent driving technology, intelligent driving vehicles are becoming more and more intelligent, which include intelligent car lamp systems, auxiliary driving systems, etc., and rely on various sensors such as optical sensors, ambient Light sensors, radar, laser Detection AND RANGING (Light Detection) and infrared sensors to provide important information of the surrounding environment of the vehicle, and these information are transmitted through the vehicle-mounted network and the inter-vehicle network. Compared with a Vehicle-mounted network, the inter-Vehicle network realizes multi-party real-time two-way communication of vehicles, vehicles-to-vehicles (V2V), vehicles-to-Infrastructure (V2I) and the like, and although the communication mode can provide abundant information data, a large amount of redundant information irrelevant to attack detection tasks is brought, so that environmental data perceived by a sensor is distorted, and a decision system of the Vehicle is affected. The redundant data not only interfere with the extraction of effective information from the original data by the attack detection model, but also exacerbate the imbalance problem in the sample data, further increasing the complexity of detection. At the same time, despite millions of malicious attack events occurring each year, the disclosed sample data sets are very limited for security and privacy reasons, and especially samples that can cover a variety of attack patterns and points are more scarce. The randomness characteristic of the sensor attack makes the traditional deterministic detection method difficult to accurately identify the attack behavior, and is often accompanied by higher false alarm rate. Against threats such as denial of service attacks, replay attacks, and message tampering, these attacks may lead to data tampering or signal tampering, thereby enabling the autopilot system to make false decisions, directly compromising the safety of the vehicle and passengers.
In practical applications, the data sets of intelligent vehicle systems often face significant imbalance problems. Normal data occupies a large part, while anomaly/attack data is rare, which presents a great challenge for supervised learning-based detection systems. The data imbalance makes it difficult for the model to effectively identify a small amount of abnormal data, significantly reduces the detection capability, and increases the vulnerability of the system. While conventional detection methods based on nonlinear dynamics models face significant challenges in dealing with sensor attacks and in-vehicle network attacks, detection methods based on deep learning and reinforcement learning are limited by scarce attack data and unbalanced data sets.
In addition, the traditional deterministic detection method is poor in performance when dealing with the attacks, and high false positive rate or false negative is easy to generate. The problems of data imbalance and sample scarcity also exacerbate the difficulty of attack detection, and existing supervised learning methods cannot effectively address these challenges. Therefore, a more accurate and efficient attack detection technology is urgently needed to improve the safety and robustness of the intelligent car light system and the intelligent driving assistance system.
Disclosure of Invention
The application aims to provide a method, equipment, medium and product for detecting sensor attack in the Internet of vehicles, which can realize accurate, efficient and real-time optimized Internet of vehicles data analysis and network attack detection, thereby ensuring the safe operation of intelligent driving vehicles.
In order to achieve the above object, the present application provides the following solutions:
In a first aspect, the present application provides a method for detecting a sensor attack in the internet of vehicles, where the method for detecting a sensor attack in the internet of vehicles includes:
Acquiring data of a real vehicle in the Internet of vehicles, wherein the data comprises sensor data, network data and log data;
preprocessing data of a real vehicle;
Adopting a novel generation countermeasure network according to the preprocessed data to obtain generated data, wherein the novel generation countermeasure network comprises an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on the adaptive self-attention mechanism;
According to the detection results corresponding to the generated data, the sample data consisting of the preprocessed data and the preprocessed data, a novel generation countermeasure network is updated by adopting a dynamic adjustment module based on a self-adaptive feedback mechanism;
and generating abnormal data by using the updated novel generation countermeasure network, and carrying out sensor attack detection according to the generated abnormal data.
Optionally, the preprocessing the data of the real vehicle specifically includes:
mapping the data of the real vehicle to a uniform scale by adopting a normalization technology;
The network data after normalization processing is subjected to key performance indexes and routing information, wherein the key performance indexes comprise the number of data packets, the transmission delay of the data packets and the number of discarded data packets, and the routing information comprises survival time, payload size, source and target MAC addresses, IP addresses and port numbers;
The routing information is converted into a continuous feature vector using embedded coding.
Optionally, the abnormal data generation model based on the adaptive self-attention mechanism comprises an input layer, a full connection layer, a sample scaling layer, an upsampling layer, a convolution layer, a self-attention module based on the adaptive mechanism, a convolution layer, an activation function and an output layer which are connected in sequence.
Optionally, the abnormal data discrimination model based on the adaptive self-attention mechanism comprises an input layer, a full connection layer, an average pooling layer, a convolution layer, a self-attention module based on the adaptive mechanism, an average pooling layer, a convolution layer, an activation function and an output layer which are connected in sequence.
Optionally, the training goal of the novel generation countermeasure network is a very small and very large optimization problem, and specifically includes the following formula:
;
Wherein, In order to discriminate the model, the model is determined,To generate a model of the vehicle,AndLoss weights at time t, respectively, function,In order to pre-process the real data,To discriminate the predicted output probability of the model to the preprocessed real data,As a result of the desired value(s),As a probability distribution of the random noise vector z,To generate the output data of the model based on the probability distribution of the noise,To determine the predicted output probability of the model pair generated data,To predict an expected value of the output data; As a function of the loss of consistency of the time series, ,AndRespectively generating models inTime of day and time of dayOutput data at the moment; in order to balance the loss function for the attack category, ,Represent the firstThe number of class attack data is determined,Representing the total number of attack categories.
Optionally, the updated new generation counter-network loss weight specifically includes:
;
;
Wherein, AndRespectively, the updated loss weights are used to determine,AndTo adjust the super-parameters of the rate, for controlling the speed of the loss weight adjustment,In order to avoid a constant that is free of zero error,AndRespectively shown inTime of day and time series consistency loss functionAnd attack class balance loss functionThe error in the feedback of the correlation,AndAre respectively shown inTime of day and time series consistency loss functionAnd attack class balance loss functionAnd (3) the associated feedback error.
In a second aspect, the present application provides a sensor attack detection device in the internet of vehicles, where the sensor attack detection device in the internet of vehicles includes:
The system comprises a data acquisition unit, a data processing unit and a data processing unit, wherein the data acquisition unit is used for acquiring data of a real vehicle in the Internet of vehicles, and the data comprises sensor data, network data and log data;
the preprocessing unit is used for preprocessing the data of the real vehicle;
The data generation unit is used for obtaining generated data by adopting a novel generation countermeasure network according to the preprocessed data, wherein the novel generation countermeasure network comprises an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on the adaptive self-attention mechanism;
The model updating unit is used for carrying out attack detection according to sample data consisting of the generated data and the preprocessed data respectively to obtain corresponding detection results; according to the sample data composed of the generated data and the preprocessed data and the detection result corresponding to the preprocessed data, a dynamic adjustment module based on a self-adaptive feedback mechanism is adopted to update a novel generation countermeasure network;
The detection unit is used for generating abnormal data by utilizing the updated novel generation countermeasure network and carrying out sensor attack detection according to the generated abnormal data.
In a third aspect, the application provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the computer program to implement the method for detecting sensor attacks in the Internet of vehicles.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method for detecting sensor attacks in the internet of vehicles.
In a fifth aspect, the present application provides a computer program product, comprising a computer program which, when executed by a processor, implements the method for detecting a sensor attack in the internet of vehicles.
According to the specific embodiment provided by the application, the application has the following technical effects:
The application provides a sensor attack detection method, equipment, medium and product in the Internet of vehicles, and provides a sensor attack detection method for generating a countermeasure Network (GAN) based on a fusion mechanism, which can realize the Internet of vehicles attack detection suitable for small sample scenes. The application combines the self-adaptive mechanism, the feedback mechanism, the self-attention mechanism and the generation countermeasure network, and generates the high-fidelity abnormal data by reducing the influence of the small sample data so as to solve the problem of scarcity of the abnormal sample. The novel generation countermeasure network comprises an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on the adaptive self-attention mechanism, and can simulate various sensor attack scenes to generate vivid abnormal data. The self-attention mechanism plays a key role in the auxiliary judging model, captures the global dependency relationship in the sensor data, and remarkably improves the detection capability of the attack characteristics. The adaptive mechanism is introduced into the GAN to dynamically adjust the model parameters, so that the model parameters adapt to the changes of sensor data and attack modes, and the flexibility and the accuracy of detection are improved. The feedback mechanism continuously improves the detection performance and the robustness of the model through real-time feedback optimization to generate the countermeasure process between the model and the discrimination model. The combination enables the system to more accurately distinguish normal data from attack data under complex conditions, and effectively reduces false alarm rate. The application can solve the problem of data unbalance, and can still maintain stronger attack recognition capability under the condition of facing a large amount of normal data and a small amount of abnormal data.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for detecting sensor attack in Internet of vehicles according to an embodiment of the application;
FIG. 2 is a schematic diagram of a novel generation countermeasure network principle;
FIG. 3 is a schematic diagram of an anomaly data generation model based on an adaptive self-attention mechanism;
fig. 4 is a schematic diagram of an anomaly data discrimination model structure based on an adaptive self-attention mechanism.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The foregoing objects, features, and advantages of the application will be more readily apparent from the following detailed description of the application when taken in conjunction with the accompanying drawings and detailed description.
In one exemplary embodiment, as shown in fig. 1 and 2, there is provided a sensor attack detection method in the internet of vehicles, the method including the following S101 to S105. Wherein:
S101, acquiring data of a real vehicle in the Internet of vehicles, wherein the data comprises sensor data, network data and log data;
the sensor data comprises temperature, acceleration, pressure and the like, the network data comprises network nodes, delay rate, HTTP requests and the like, and the log data comprises access control records, process states and the like;
s102, preprocessing data of a real vehicle;
S102 specifically comprises the following steps:
S21, mapping the data of the real vehicle to a uniform scale by adopting a normalization technology, eliminating dimension differences among different data types, and laying a stable foundation for subsequent network training;
the normalized formula is typically:
;
Wherein, Is the original data of the data set,AndRespectively minimum and maximum values in the dataset. Magnitude differences among different data sources can be eliminated through a normalization technology, so that weight deviation in the model training process is avoided.
S22, carrying out key performance indexes and routing information on the network data after normalization processing, wherein the key performance indexes comprise the number of data packets, the transmission delay of the data packets and the number of discarded data packets, and the routing information comprises Time To Live (TTL), payload size, source and target MAC addresses, IP addresses and port numbers;
the key performance indicators are used for describing the running state and possible abnormal behaviors of the system;
Data packet transmission delay Calculated by the following formula:
;
Wherein, Is the total number of data packets that are to be transmitted,AndRespectively the firstArrival time and sending time of individual data packets, packet loss rateCan be defined as:
;
Wherein, For the number of dropped packets.
And inputting the key performance indexes into an abnormal database of the sensor of the expanded intelligent car lamp in the generation countermeasure network.
S23, the route information is converted into continuous feature vectors by adopting embedded codes.
Assume a source IP addressThrough an embedding matrixThe process of embedding the code can be expressed as:
;
Wherein, Is an indexed representation of discrete data, embedded matrixIs of the dimension ofWhereinIs the number of categories of discrete values,Is the embedding dimension.Is a length ofIs a continuous feature vector for model input.
And the data from different sources are uniformly processed in the data preprocessing stage, so that the consistency and high quality of the input data of the generated countermeasure network are ensured.
S103, adopting a novel generation countermeasure network according to the preprocessed data to obtain generation data, wherein the novel generation countermeasure network comprises an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on the adaptive self-attention mechanism;
the abnormal data generating model based on the adaptive self-attention mechanism is a part of a generating countermeasure network, and has the main task of generating samples which have similar distribution with normal data and contain abnormal behaviors for expanding a training data set, and the self-attention mechanism can be introduced to effectively improve the accuracy of the generating model, as shown in fig. 3, the abnormal data generating model based on the adaptive self-attention mechanism comprises an input layer, a full connection layer, a sample scaling layer, an up-sampling layer, a convolution layer, a self-attention module based on the adaptive mechanism, a convolution layer, an activation function and an output layer which are connected in sequence.
In the abnormal data generation model, first, real dataAs the preprocessed data, the preprocessed data will be used as a reference for the discrimination model. The input of the abnormal data generation model is a random noise vectorBy generating a modelGenerated abnormal data,Generating trainable parameters of a model for abnormal data, the task of which is to generate and real dataSamples that are similar in distribution but contain abnormal behavior make it difficult for the abnormal data discrimination model to distinguish whether the data is generated or from real abnormal data.
The self-attention mechanism in the abnormal data generation model is able to capture global context information during the generation process, optimizing the data generation process by modeling correlations between different portions of the generated samples. The abnormal data generation model introducing the self-attention mechanism calculates the dependency relationship between each position and other positions in the generated data. Assuming that the generated data vector is(Query vector),(Key vector),(Value vector) which is self-attentiveThe calculation formula is as follows:
;
Wherein, As the dimension of the key vector,Based on vehicle system conditionsDynamically generated adjustment matrices, typically associated with vehicle system conditions of interest, e.g. specifying vehicle conditionsIs thatThe dynamic adjustment matrixThe method comprises the following steps:
;
Wherein, Is thatFor mapping the state vector to a dimension space of the query-key similarity matrix; Is the offset. The query vector and the key vector are correlated through dot product calculation to obtain specific attention score, and the specific attention score and the dynamic adjustment matrix obtained according to the vehicle state are used for measuring the interaction among all features in the generated data. And finally, multiplying the result by the value vector to obtain a final output vector. This process corresponds to recombining features according to the correlation between different locations and adaptively adjusting the data features of interest according to the vehicle state, ultimately generating a feature map with global dependencies. After the feature map is transferred to the abnormal data generation model, the abnormal data generation model can dynamically adjust weights of different features in the generation process, so that high-quality data containing complex abnormal behaviors is generated.
The abnormal data discrimination model based on the self-adaptive self-attention mechanism is used for improving the capability of the model to discriminate real data from generated data around capturing through the global characteristic dependency relationship, and as shown in fig. 4, the abnormal data discrimination model based on the self-adaptive self-attention mechanism comprises an input layer, a full connection layer, an average pooling layer, a convolution layer, a self-attention module based on the self-adaptive mechanism, an average pooling layer, a convolution layer, an activation function and an output layer which are sequentially connected.
The abnormal data discrimination model receives two types of input, one type is preprocessed real dataAnother type is exception data generated by a generative model. The task of the abnormal data discrimination model is to analyze the two types of data and judge the authenticity of the input data by calculating the characteristic distribution of the two types of data. Self-attention mechanisms play a critical role in the anomaly data discrimination model.
Firstly, after the input data is processed by a full connection layer and an average pooling layer, the local characteristics are extracted by a convolution layer, and the local characteristics are converted into a tensor containing a multi-channel characteristic diagram. On the basis of the feature map, the abnormal data discrimination model introduces a self-attention mechanism to expand the perception of the model on the global features. Self-attention mechanism first maps feature graphs into query vectors by linear transformationKey vectorSum vectorThe vectors represent features at different locations in the input data. Self-attention mechanism calculates query vectors through cosine similaritySum key vectorAnd (3) obtaining an attention weight matrix, wherein the matrix represents the correlation between each position and other positions in the input data, and a specific calculation formula is as follows:
;
Wherein, Representing dataSum dataSimilarity between them. Through cosine similarity, the abnormal data discrimination model can better capture the directionality and relative relation in the data, rather than simple numerical values. To ensure that the attention weights can be reasonably assigned, the similarity scores are normalized by a softmax function and weighted to obtain global feature vectors:
;
The abnormal data discrimination model can combine the local features and the global features of the data through a self-attention mechanism, so that the long-range dependency relationship between the data can be better understood. For example, in analyzing network attack data, the abnormal data discrimination model can identify interactions between multiple data packets through an attention mechanism rather than relying on local information of a single data packet. The abnormal data discrimination model can identify complex attack modes and abnormal behaviors, and improves the discrimination capability of the generated data and the real data.
Finally, the global features processed by the self-attention mechanism are transferred to a convolution layer or a full-connection layer, also called a classification layer, through a sigmoid functionOutputting the probability value of the real data:
;
Wherein, Is a matrix of weights for the classification layer,Is a dynamic adjustment matrix derived from vehicle system conditions,The representation flattens the weighted feature map into vectors for final classification prediction. The abnormal data discrimination model utilizes a probability value representing the authenticity of the input data to optimize the model through the following loss functions, so that the abnormal data discrimination model can gradually improve the accuracy of discriminating the real data from the generated data:
;
in the formula, the last item Is a regularization term used to prevent the weight matrix of the classification layer from oversubscribing the vehicle features and causing data generation imbalance. The loss function measures the classification accuracy of the model by using cross entropy loss and is used for optimizing the performance of the abnormal data discrimination model.
The adaptive mechanism enables the abnormal data discrimination model to dynamically adjust the focus on different data features to more accurately classify. The self-adaptive mechanism prevents the weight matrix of the classification layer in the abnormal data discrimination model from paying excessive attention to certain specific vehicle characteristics, such as position, speed and the like, by dynamically adjusting the interaction between the characteristics, thereby causing the imbalance problem in the data generation process. Through self-adaptive weight adjustment, the abnormal data discrimination model can ensure balanced attention to all input features.
The anomaly data discriminant model obtains global feature information by computing similarities between vectors, rather than relying solely on local information for individual packets. The self-attention mechanism enables the discriminant model to better detect and classify complex attack patterns and abnormal behavior. The abnormal data discrimination model outputs probability values of data authenticity and is optimized using a cross entropy based loss function (10). The abnormal data discrimination model can continuously adjust the classification strategy, so that the detection precision of abnormal data and the accuracy of real data are improved.
Through the self-adaptive mechanism and the self-attention mechanism, the abnormal data discrimination model can better extract global characteristic information and capture complex dependency relationships among data, so that the recognition capability of the abnormal data discrimination model on various attack behaviors is improved. The robustness and the accuracy of the abnormal data discrimination model in the face of complex sensor data and diversified attack scenes can be ensured, and the performance of the whole detection system is effectively improved;
when novel generation countermeasure network trains, the abnormal data generation model receives a random noise vector And converts it into high-dimensional generated data through a series of nonlinear transformations. These transformations typically include multiple convolutions, deconvolutions, or fully connected layers, with the resulting data desirably approximating the distribution of the real data. The abnormal data discrimination model receives the generated data and the real data simultaneously, and classifies the capturing of the global features through a self-attention mechanism. The self-attention mechanism calculates the dependency relationship among different positions of the input data through the mapping operation of the query, the key and the value, and performs weighted summation on the data based on the relationship weights so that the discrimination model can better extract global features to judge the authenticity of the input data.
Training of the abnormal data generation model and training of the abnormal data discrimination model are alternately performed. If the loss function of the generated model is setThe method comprises the following steps:
;
Wherein, In order for the noise distribution to be random,Is the output data of the generation model,The output probability of the abnormal data discrimination model for the prediction of the generated data. In each round, the anomaly data generation model attempts to enable false anomaly data to be generated that is not detected by the discrimination model by minimizing its loss function. At the same time, the abnormal data discrimination model maximizes the accuracy of classification of the real data while minimizing the classification error of the generated data by optimizing its own loss function (10). The abnormal data generation model expects its output to be mistaken for real data by the discrimination model, and the abnormal data discrimination model continuously improves the ability to discriminate between the generated data and the real data.
The novel training goal of generating the countermeasure network is a very small and extremely large optimization problem, and specifically comprises the following formulas:
;
Wherein, In order to discriminate the model, the model is determined,To generate a model of the vehicle,AndLoss weights at time t, respectively, function,In order to pre-process the real data,To discriminate the predicted output probability of the model to the preprocessed real data,In order to be a desired value thereof,As a probability distribution of the random noise vector z,To generate the output data of the model based on the probability distribution of the noise,To determine the predicted output probability of the model pair generated data,Outputting a desired value of data for the prediction; for the consistency loss function of the time sequence, the generated data is ensured to have reasonable continuity on the time sequence, and the data generated between adjacent time steps by the abnormal data generation model is prevented from being changed too much, thereby meeting the data requirement of the design time sequence of the intelligent car light system sensor, ,AndRespectively generating models inTime of day and time of dayOutput data at the moment; for the attack class balance loss function, since different types of attacks may have different distributions in actual data, generating data needs to cover multiple types of attack modes, and introduction is performed Ensures that the distribution of different types of attack data output by the abnormal data generation model is more balanced, avoids that the abnormal data generation model excessively deviates to certain attack types in training and ignores other attack types,,Represent the firstThe number of class attack data is determined,Representing the total number of attack categories.
The novel whole training process for generating the countermeasure network promotes the generated data to be more and more lifelike by repeatedly adjusting the parameters of the abnormal data generation model and the abnormal data discrimination model, and the discrimination capability of the abnormal data discrimination model is also enhanced. Finally, the abnormal data generation model generates high-quality abnormal data, and the abnormal data discrimination model can more accurately identify real and false modes in complex data through analysis of a self-attention mechanism and global features. In the process, the abnormal data generation model and the abnormal data discrimination model of the GAN compete with each other, so that the improvement of the overall performance of the model is promoted.
In order to further improve the accuracy of the detection system, the database is dynamically expanded and the detection result is timely obtained through an attack detection and result feedback mechanism, so that the novel generation countermeasure network is updated, and the continuous improvement of the novel generation countermeasure network is ensured. All the detection results are fed back into the database, and especially for erroneous normal samples or unrecognized attack samples, these abnormal data will be marked by error analysis and data resampling is performed or additional attack samples are introduced to enrich the training data set. By retraining the novel generation countermeasure network, the loss weight of the novel generation countermeasure network can be dynamically adjusted, so that the recognition capability of different types of attacks is improved, and continuous optimization can be ensured when different attack modes and environment changes are faced. The feedback mechanism allows the database to be continually expanded and optimized to cover more diverse attack types and variations, thereby significantly improving the robustness and generalization ability of the model.
That is, the feedback mechanism may be a dynamic adjustment module of the adaptive feedback mechanism, so that the detection can be self-adjusted according to the change of the feedback attack detection error result. Assuming feedback errorRepresenting the detection error of the novel generation countermeasure network in the current iteration, which is calculated by mean square error:
;
Wherein, Is the number of samples; And Respectively the firstTrue output values and system detection values of the individual samples;
the updated new generation of loss weights against the network specifically includes:
;
;
Wherein, AndRespectively, the updated loss weights are used to determine,AndTo adjust the super-parameters of the rate, for controlling the speed of the loss weight adjustment,In order to avoid a constant that is free of zero error,AndRespectively shown inTime of day and time series consistency loss functionAnd attack class balance loss functionThe error in the feedback of the correlation,AndAre respectively shown in-1 Time-of-day and time-series consistency loss functionAnd attack class balance loss functionAnd (3) the associated feedback error.
By adaptively adjusting the novel generated loss function of the countermeasure network, detection errors caused by environment and attack mode changes can be better dealt with, and therefore the effectiveness and accuracy of attack detection are obviously improved.
S104, carrying out attack detection according to sample data composed of generated data and preprocessed data to obtain corresponding detection results, and updating a novel generation countermeasure network by adopting a dynamic adjustment module based on a self-adaptive feedback mechanism according to the detection results corresponding to the sample data composed of generated data and preprocessed data;
s105, generating abnormal data by using the updated novel generation countermeasure network, and detecting sensor attack according to the generated abnormal data.
S101-S105 are implemented, an countermeasure network is introduced and generated, the problem of rareness of abnormal data is solved, and the generated model can simulate various high-fidelity attack data, so that the adaptability of the model to diversified attack scenes is greatly improved. And secondly, the fusion application of the self-attention mechanism, the feedback mechanism and the self-adaption mechanism enables the global dependency relationship of abnormal data to be captured in a complex and changeable environment, enhances the sensitivity to attack characteristics, and particularly in a complex network environment, the model can still keep high-efficiency and accurate detection capability. In addition, the traditional attack detection system is often limited by high false alarm rate and false alarm rate, and the application greatly reduces the possibility of false alarm by generating diversified abnormal data and combining global feature analysis, thereby improving the reliability and stability of the whole detection. The application not only improves flexibility and expandability, but also ensures easy integration in different intelligent car lamp systems and car networking environments, and meets complex and changeable application requirements.
The application has wide application prospect, especially in the fields of automatic driving and Internet of vehicles. With the continuous promotion of intelligent traffic technology, communication and environment perception between vehicles become more complex, and the effect of an on-board sensor system in night driving safety is increasingly prominent. The sensor attack detection technology based on the fusion mechanism for generating the countermeasure network can effectively improve the recognition capability of the vehicle-mounted system to potential threats, and provides higher safety guarantee for the automatic driving vehicle. In addition, the application is not only suitable for intelligent vehicles, but also can be popularized to other systems or network environments which rely on multiple sensors, such as intelligent infrastructure monitoring and the like. Along with popularization of the internet of vehicles technology, the intelligent traffic system is expected to become a key component part in future intelligent traffic systems, and provides important guarantee for reducing network attack risks and improving driving safety and traffic efficiency. Meanwhile, with further development and optimization of technology, the intelligent traffic system can find application scenes in wider industrial Internet of things and intelligent city projects, and assist in future construction of intelligent cities and intelligent traffic systems.
Based on the same inventive concept, the embodiment of the application also provides a sensor attack detection device in the internet of vehicles, which is used for realizing the sensor attack detection method in the internet of vehicles. The implementation scheme of the device for solving the problem is similar to that described in the above method, so the specific limitation in the embodiments of the sensor attack detection device in the internet of vehicles provided below may refer to the limitation of the sensor attack detection method in the internet of vehicles, and is not repeated herein.
In one exemplary embodiment, there is provided a sensor attack detection device in the internet of vehicles, including:
The system comprises a data acquisition unit, a data processing unit and a data processing unit, wherein the data acquisition unit is used for acquiring data of a real vehicle in the Internet of vehicles, and the data comprises sensor data, network data and log data;
the preprocessing unit is used for preprocessing the data of the real vehicle;
The data generation unit is used for obtaining generated data by adopting a novel generation countermeasure network according to the preprocessed data, wherein the novel generation countermeasure network comprises an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on the adaptive self-attention mechanism;
The model updating unit is used for carrying out attack detection according to sample data consisting of the generated data and the preprocessed data respectively to obtain corresponding detection results; according to the sample data composed of the generated data and the preprocessed data and the detection result corresponding to the preprocessed data, a dynamic adjustment module based on a self-adaptive feedback mechanism is adopted to update a novel generation countermeasure network;
The detection unit is used for generating abnormal data by utilizing the updated novel generation countermeasure network and carrying out sensor attack detection according to the generated abnormal data.
The sensor attack detection device based on the fusion mechanism to generate the countermeasure network is not only suitable for the sensor safety problem in the intelligent driving vehicle, but also can be applied to various systems containing sensors. For example, unmanned sensor networks, industrial sensors in smart factories, environmental monitoring systems in smart cities, etc. In addition, the application scene of the application is not limited to the field of transportation, and can be widely applied to various places, such as an intelligent transportation management system, a security monitoring system, an energy management system and the like. The application is also applicable to intelligent driving vehicles under various road conditions. For example, the application can be used in multi-path conditions under highways, urban roads, rural roads or complex environments, can monitor and resist sensor attacks which may occur in real time, and ensures safe driving of vehicles. Meanwhile, the intelligent driving vehicle can be suitable for running of the intelligent driving vehicle under various weather conditions, traffic conditions and various emergencies, so that omnibearing safety protection is provided.
In an exemplary embodiment, a computer device is provided, which may be a server or a terminal. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method for detecting sensor attacks in the internet of vehicles.
In an exemplary embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method embodiments described above.
In an exemplary embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic RandomAccess Memory, DRAM), etc.
The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
In the present application, all the actions of obtaining signals, information or data are performed under the premise of conforming to the corresponding data protection regulation policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The principles and embodiments of the present application have been described herein with reference to specific examples, which are intended to facilitate an understanding of the principles and concepts of the application and are to be varied in scope and detail by persons of ordinary skill in the art based on the teachings herein. In view of the foregoing, this description should not be construed as limiting the application.

Claims (8)

1.一种车联网中传感器攻击检测方法,其特征在于,所述车联网中传感器攻击检测方法包括:1. A sensor attack detection method in a vehicle network, characterized in that the sensor attack detection method in a vehicle network comprises: 获取车联网中真实车辆的数据;所述数据包括:传感器数据、网络数据以及日志数据;Acquire data of real vehicles in the Internet of Vehicles; the data includes: sensor data, network data and log data; 对真实车辆的数据进行预处理;Preprocess the data of real vehicles; 根据预处理后的数据,采用生成对抗网络,得到生成数据;所述生成对抗网络包括:基于自适应自注意力机制的异常数据生成模型和基于自适应自注意力机制的异常数据判别模型;According to the preprocessed data, a generative adversarial network is used to obtain generated data; the generative adversarial network includes: an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on an adaptive self-attention mechanism; 分别根据生成数据与预处理后的数据组成的样本数据和预处理后的数据进行攻击检测,得到对应的检测结果;根据生成数据与预处理后的数据组成的样本数据和预处理后的数据对应的检测结果,采用基于自适应反馈机制的动态调整模块更新生成对抗网络;Perform attack detection on sample data consisting of generated data and preprocessed data and preprocessed data to obtain corresponding detection results; update the generative adversarial network using a dynamic adjustment module based on an adaptive feedback mechanism according to the detection results corresponding to the sample data consisting of generated data and preprocessed data and preprocessed data; 利用更新后的生成对抗网络,进行异常数据的生成;并根据生成的异常数据进行传感器攻击检测;The updated generative adversarial network is used to generate abnormal data; and sensor attack detection is performed based on the generated abnormal data; 所述基于自适应自注意力机制的异常数据生成模型包括:依次连接的输入层、全连接层、样本缩放层、向上采样层、卷积层、基于自适应机制的自注意力模块、卷积层、激活函数以及输出层;The abnormal data generation model based on the adaptive self-attention mechanism includes: an input layer, a fully connected layer, a sample scaling layer, an upsampling layer, a convolution layer, a self-attention module based on an adaptive mechanism, a convolution layer, an activation function and an output layer connected in sequence; 基于自适应自注意力机制的异常数据判别模型包括:依次连接的输入层、全连接层、平均池化层、卷积层、基于自适应机制的自注意力模块、平均池化层、卷积层、激活函数以及输出层。The abnormal data discrimination model based on the adaptive self-attention mechanism includes: an input layer, a fully connected layer, an average pooling layer, a convolution layer, a self-attention module based on an adaptive mechanism, an average pooling layer, a convolution layer, an activation function and an output layer connected in sequence. 2.根据权利要求1所述的车联网中传感器攻击检测方法,其特征在于,所述对真实车辆的数据进行预处理,具体包括:2. The sensor attack detection method in the connected vehicle network according to claim 1 is characterized in that the preprocessing of the real vehicle data specifically includes: 采用归一化技术,将真实车辆的数据映射到统一的尺度上;Use normalization technology to map the real vehicle data to a uniform scale; 对归一化处理后的网络数据进行关键性能指标和路由信息的提取;所述关键性能指标包括:数据包数量、数据包传输延迟和丢弃数据包的数量;所述路由信息包括:生存时间、有效载荷大小、源和目标MAC地址、IP地址以及端口号;Extracting key performance indicators and routing information from the normalized network data; the key performance indicators include: number of data packets, data packet transmission delay, and number of discarded data packets; the routing information includes: lifetime, payload size, source and destination MAC addresses, IP addresses, and port numbers; 采用嵌入编码将路由信息转换为连续特征向量。Embedded coding is used to convert routing information into continuous feature vectors. 3.根据权利要求1所述的车联网中传感器攻击检测方法,其特征在于,生成对抗网络的训练目标为一个极小极大优化问题,具体包括以下公式:3. The sensor attack detection method in the connected vehicle network according to claim 1 is characterized in that the training objective of the generative adversarial network is a minimax optimization problem, specifically including the following formula: ; 其中,为判别模型,为生成模型,分别为t时刻的损失权重,函数为预处理后的真实数据,为判别模型对预处理后的真实数据的预测输出概率,为期望值,为随机噪声向量z的概率分布,为基于该噪声的概率分布下生成模型的输出数据,为判别模型对生成数据的预测输出概率,为预测输出数据的期望值;为时间序列一致性损失函数,分别为生成模型在时刻和时刻的输出数据;为攻击类别平衡损失函数,表示第类攻击数据的数量,表示攻击类别的总数。in, is the discriminant model, To generate the model, and They are the loss weights at time t, and the function , is the real data after preprocessing. To determine the predicted output probability of the model for the preprocessed real data, is the expected value, is the probability distribution of the random noise vector z, is the output data of the model generated based on the probability distribution of the noise, To discriminate the predicted output probability of the model for the generated data, To predict the expected value of the output data; is the time series consistency loss function, , and The generative models are Moment and Output data at each moment; is the attack class balancing loss function, , Indicates The number of attack data. Indicates the total number of attack categories. 4.根据权利要求3所述的车联网中传感器攻击检测方法,其特征在于,更新后的生成对抗网络的损失权重,具体包括:4. The sensor attack detection method in the connected vehicle network according to claim 3, characterized in that the updated loss weight of the generative adversarial network specifically includes: ; ; 其中,分别为更新后的损失权重,为调节速率的超参数,用于控制损失权重调整的速度,为用于避免除零误差的常数,分别表示在时刻与时间序列一致性损失函数和攻击类别平衡损失函数相关的反馈误差,为分别表示在时刻与时间序列一致性损失函数和攻击类别平衡损失函数相关的反馈误差。in, and are the updated loss weights, and It is a hyperparameter for adjusting the rate, which is used to control the speed of loss weight adjustment. is a constant used to avoid division by zero errors, and Respectively expressed in Moment and time series consistency loss function and attack category balance loss function The associated feedback error, and To represent respectively Moment and time series consistency loss function and attack category balance loss function Related feedback errors. 5.一种车联网中传感器攻击检测设备,用于实现权利要求1-4中任一项所述的车联网中传感器攻击检测方法,其特征在于,所述车联网中传感器攻击检测设备包括:5. A sensor attack detection device in an Internet of Vehicles, used to implement the sensor attack detection method in an Internet of Vehicles according to any one of claims 1 to 4, characterized in that the sensor attack detection device in an Internet of Vehicles comprises: 数据获取单元,用于获取车联网中真实车辆的数据;所述数据包括:传感器数据、网络数据以及日志数据;A data acquisition unit, used to acquire data of real vehicles in the Internet of Vehicles; the data includes: sensor data, network data and log data; 预处理单元,用于对真实车辆的数据进行预处理;A preprocessing unit, used for preprocessing the data of the real vehicle; 数据生成单元,用于根据预处理后的数据,采用生成对抗网络,得到生成数据;所述生成对抗网络包括:基于自适应自注意力机制的异常数据生成模型和基于自适应自注意力机制的异常数据判别模型;A data generation unit, configured to obtain generated data by using a generative adversarial network according to the preprocessed data; the generative adversarial network comprises: an abnormal data generation model based on an adaptive self-attention mechanism and an abnormal data discrimination model based on an adaptive self-attention mechanism; 模型更新单元,用于分别根据生成数据与预处理后的数据组成的样本数据和预处理后的数据进行攻击检测,得到对应的检测结果;根据生成数据与预处理后的数据组成的样本数据和预处理后的数据对应的检测结果,采用基于自适应反馈机制的动态调整模块更新生成对抗网络;A model updating unit is used to perform attack detection according to sample data composed of the generated data and the preprocessed data and the preprocessed data, respectively, to obtain corresponding detection results; according to the detection results corresponding to the sample data composed of the generated data and the preprocessed data and the preprocessed data, a dynamic adjustment module based on an adaptive feedback mechanism is used to update the generative adversarial network; 检测单元,用于利用更新后的生成对抗网络,进行异常数据的生成;并根据生成的异常数据进行传感器攻击检测。The detection unit is used to generate abnormal data using the updated generative adversarial network; and perform sensor attack detection based on the generated abnormal data. 6.一种计算机设备,包括:存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序以实现权利要求1-4中任一项所述的车联网中传感器攻击检测方法。6. A computer device, comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the sensor attack detection method in a connected vehicle network according to any one of claims 1 to 4. 7.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1-4中任一项所述的车联网中传感器攻击检测方法。7. A computer-readable storage medium having a computer program stored thereon, characterized in that when the computer program is executed by a processor, the sensor attack detection method in a connected vehicle network according to any one of claims 1 to 4 is implemented. 8.一种计算机程序产品,包括计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1-4中任一项所述的车联网中传感器攻击检测方法。8. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the sensor attack detection method in the connected vehicle network according to any one of claims 1 to 4 is implemented.
CN202510065394.7A 2025-01-16 2025-01-16 Sensor attack detection method, device, medium and product in Internet of vehicles Active CN119484167B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510065394.7A CN119484167B (en) 2025-01-16 2025-01-16 Sensor attack detection method, device, medium and product in Internet of vehicles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510065394.7A CN119484167B (en) 2025-01-16 2025-01-16 Sensor attack detection method, device, medium and product in Internet of vehicles

Publications (2)

Publication Number Publication Date
CN119484167A CN119484167A (en) 2025-02-18
CN119484167B true CN119484167B (en) 2025-04-22

Family

ID=94584245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510065394.7A Active CN119484167B (en) 2025-01-16 2025-01-16 Sensor attack detection method, device, medium and product in Internet of vehicles

Country Status (1)

Country Link
CN (1) CN119484167B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118174918A (en) * 2024-03-13 2024-06-11 国网浙江省电力有限公司电力科学研究院 Power Internet of Things attack behavior detection method, system, device and medium
CN119299215A (en) * 2024-11-20 2025-01-10 武汉虹旭信息技术有限责任公司 Safety protection method and device for intelligent connected vehicles

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022259125A1 (en) * 2021-06-07 2022-12-15 Telefonaktiebolaget Lm Ericsson (Publ) Unsupervised gan-based intrusion detection system using temporal convolutional networks, self-attention, and transformers
CN115086054B (en) * 2022-06-23 2023-04-07 北京金睛云华科技有限公司 Malicious domain name detection method and device based on self-attention generation antagonistic network and electronic equipment
US20230421611A1 (en) * 2022-06-27 2023-12-28 Samsung Electronics Co., Ltd. Method and electronic device for handling secure virtual event in virtual environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118174918A (en) * 2024-03-13 2024-06-11 国网浙江省电力有限公司电力科学研究院 Power Internet of Things attack behavior detection method, system, device and medium
CN119299215A (en) * 2024-11-20 2025-01-10 武汉虹旭信息技术有限责任公司 Safety protection method and device for intelligent connected vehicles

Also Published As

Publication number Publication date
CN119484167A (en) 2025-02-18

Similar Documents

Publication Publication Date Title
James Sybil attack identification for crowdsourced navigation: A self-supervised deep learning approach
Wang et al. Fast and progressive misbehavior detection in internet of vehicles based on broad learning and incremental learning systems
CN113824684A (en) Vehicle-mounted network intrusion detection method and system based on transfer learning
Wu et al. A deep learning approach to secure vehicle to road side unit communications in intelligent transportation system
CN118196534A (en) Traffic trajectory anomaly detection method and device based on graph contrast learning
CN117456726B (en) Abnormal parking identification method based on artificial intelligence algorithm model
CN116015932A (en) Intrusion detection network model generation method and data traffic intrusion detection method
Hou et al. Hybrid intrusion detection model based on a designed autoencoder
CN120263940A (en) An intelligent video surveillance system and method based on deep learning
CN116484016A (en) A time series knowledge graph reasoning method and system based on automatic maintenance of time series paths
CN116095100A (en) Internal Intrusion Detection Method of Internet of Vehicles Based on Abnormal Behavior Discovery
CN120494971A (en) Abnormal transaction prevention and control method, device, computer equipment and readable storage medium
Zhang et al. FMD-IoV: Security and robust enhancement for federated multi-domain learning–based IoV
Na et al. Federal deep learning approach of intrusion detection system for in-vehicle communication network security
CN120791800B (en) Interactive Control Method and System for Multi-Robot Collaboration Based on Deep Learning
Luo Intrusion detection system for internet of vehicles based on ensemble learning and cnn
CN119484167B (en) Sensor attack detection method, device, medium and product in Internet of vehicles
Bouzeraib et al. A multi-objective genetic gan oversampling: Application to intelligent transport anomaly detection\
CN119272322A (en) A privacy-preserving multi-scale and multi-attention IoT attack detection method
CN118337514A (en) Method and device for detecting intrusion of automobile CAN (controller area network) network, electronic equipment and storage medium
CN118827187A (en) A CAN bus network anomaly detection method and system
CN118470639A (en) Park digital operation management system and method based on Internet of Things technology
Kumar et al. Deep learning model to improve security in IOT systems
CN116723006A (en) Internet of Things intrusion detection method and system based on edge computing and BiLSTM
CN115640828A (en) Vehicle-mounted digital twin cheating detection method based on antagonistic generation network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant