您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(工学版)》

山东大学学报 (工学版) ›› 2019, Vol. 49 ›› Issue (2): 17-22.doi: 10.6040/j.issn.1672-3961.0.2018.340

• 机器学习与数据挖掘 • 上一篇    下一篇

基于深度学习的车身网络KWP2000协议漏洞挖掘

张成彬1(),赵慧2,曹宗钰2   

  1. 1. 盐城工学院信息工程学院,江苏 盐城 224051
    2. 华东师范大学国家可信嵌入式软件工程技术研究中心,上海 200062
  • 收稿日期:2018-08-13 出版日期:2019-04-20 发布日期:2019-04-19
  • 作者简介:张成彬(1976—),女,江苏盐城人,副教授,硕士,主要研究方向为物联网,深度学习. E-mail:zchengbin@163.com
  • 基金资助:
    江苏省前瞻性联合研究项目:基于物联网与深度学习的污水处理智能监控系统研究与开发(BY2016065-06)

The vulnerability mining method for KWP2000 protocol based on deep learning and fuzzing

Chengbin ZHANG1(),Hui ZHAO2,Zongyu CAO2   

  1. 1. College of Information Engineering, Yancheng Institute of Technology, Yancheng 224051, Jiangsu, China
    2. National Trusted Embedded Software Engineering Technoloy Research Center, East China Normal University, Shanghai 200062, China
  • Received:2018-08-13 Online:2019-04-20 Published:2019-04-19
  • Supported by:
    江苏省前瞻性联合研究项目:基于物联网与深度学习的污水处理智能监控系统研究与开发(BY2016065-06)

RichHTML

19

PDF (PC)

482

摘要:

为实现无需协议的任何结构知识进行网络安全漏洞检测,基于深度学习生成对抗式神经网络(generative adversarial nets, GAN),提出对车身网络关键字协议2000 (keyword protocol 2000, KWP2000)漏洞挖掘的方法。选用前向反馈网络作为生成模型,支持向量机作为判别模型。利用神经网络模型训练生成KWP2000协议数据的测试用例数据,再利用这些测试用例数据对KWP2000进行模糊测试。通过试验发现目标协议KWP2000的超长错误、编码错误等漏洞。试验研究表明,该模糊测试方法提高了效率和安全性。

关键词: 关键字协议2000, 深度学习, 生成对抗式网络, 模糊测试, 车载诊断

Abstract:

A kind of vehicle-onboard diagnosis Protocol standard, keyword protocol 2000 (KWP2000) KWP2000, was investigated in details. KWP2000 was widely used in the automobile industry and the loophole of possible communication Protocol. We analyzed the current situations of the fuzzing, and based on this, we proposed a generative adversarial networks (GAN) by deep learning neural network for automobile body network KWP2000 protocol hole mining method. The forward feedback network was closeted as the generation model, and the support vector machine was used as the discriminant model. We used the neural network model to train the test case data of the KWP2000 protocol data, the fuzzing of KWP2000 was carried out by using these test case data. Through experiments, we found that the target protocol KWP2000 had long loopholes, coding errors and other vulnerabilities. Experimental results showed that this fuzzing method was efficient and safe.

Key words: KWP2000, deep learning, generative adversarial nets, fuzzing, onboard diagnostic

中图分类号: 

  • TP18

表1

网络层协议数据单元(N_PDU)格式"

地址信息 协议控制信息 数据域
N_AI(1) N_PCI(2) N_Data(3)

表2

ISO 15765协议网络层四种PDU对应的PCI格式"

N_PDU
名称		Byte #1Byte#2 Byte#3
Bit#7-4 Bit#3-0
单帧(SF) N_PCItype=0 SF_DL N/A N/A
第一帧(FF) N_PCItype=1 FF_DL FF_DL N/A
连续帧(CF) N_PCItype=2 SN N/A N/A
流控制帧(FC) N_PCItype=3 FS BS STmin

图1

生成对抗式网络模型"

图2

前向反馈网络模型"

图3

支持向量机原理图"

图4

KMP2000协议安全性测试的生成对抗式网络模型"

图5

安全性测试方法结构图"

1 史家康, 彭巍, 赵军辉. 汽车诊断与车载诊断系统(OBD)简介[J]. 运输经理世界, 2011, (11): 99- 101.
SHI Jiakang , PENG Wei , ZHAO Jiahui . Introduction to automotive diagnosis and vehicle-mounted diagnosis system (OBD)[J]. World of Transportation Managers, 2011, (11): 99- 101.
2 FANG X J, DU J Y, JIA M Q, et al. Development of ECU calibration system for electronic controlled engine based on labview[C]// International Conference on Electric Information and Control Engineering. Wuhan, China: IEEE Press, 2011: 4930-4933.
3 HAMIDA E B , NOURA H , ZNAIDI W . Security of cooperative intelligent transport systems: standards, threats analysis and cryptographic countermeasures[J]. Electronics, 2015, 4 (3): 380- 423.
doi: 10.3390/electronics4030380
4 张亚丰, 洪征, 吴礼发, 等. 基于状态的工控协议Fuzzing测试技术[J]. 计算机科学, 2017, 44 (5): 132- 140.
ZHANG Yafeng , HONG Zheng , WU Lifa , et al. Testing technology of state-based industrial control protocol fuzzing[J]. Computer Science, 2017, 44 (5): 132- 140.
5 KANG M J , KANG J W . Intrusion detection system using deep neural network for in-vehicle network security[J]. Plos One, 2016, 11 (6): e0155781.
doi: 10.1371/journal.pone.0155781
6 刘国权, 张伯英, 宋卫锋. KWP2000协议分析及开发测试[J]. 汽车技术, 2006, (5): 20- 24.
doi: 10.3969/j.issn.1000-3703.2006.05.006
LIU Guoquan , ZHANG Boying , SONG Weifeng . The analysis and development test of protocol KWP2000[J]. Automobile Technology, 2006, (5): 20- 24.
doi: 10.3969/j.issn.1000-3703.2006.05.006
7 JING F , WANG J , ZHONG J , et al. Development of a new calibration tool for in-vehicle electronic control units based on KWP2000[J]. Transactions of Csice, 2003, 21 (3): 265- 271.
8 CHEN Chen , CUI Baojiang , MA Jinxin , et al. A systematic review of fuzzing techniques[J]. Computers & Security, 2018, 75, 118- 137.
9 PETSIOS T, TANG, A, STOLFO S, et al. NEZHA: efficient domain-independent differential testing[C]//2017 IEEE Symposium on Security and Privacy. CA, USA: IEEE Press, 2017: 615-632.
10 GODEFROID P, PELEG H, SINGH R. Learn & fuzz: machine learning for input fuzzing[C]// 32nd IEEE/ACM International Conference on Automated Software Engineering. IL, USA: IEEE Press, 2017: 50-59.
11 MICHALSKI , RYSZARDS , JAIME G , et al. Machine learning: an artificial intelligence approach[M]. Germany: Springer Science & Business Media, 2013.
12 孙志森, 席耀一, 李强, 等. 人工智能与神经网络发展研究[J]. 计算机科学与应用, 2018, 8 (2): 154- 165.
SUN Zhisen , XI Yaoyi , LI Qiang , et al. Research on the development of artificial intelligence and neural network[J]. Computer Science and Application, 2018, 8 (2): 154- 165.
13 王坤峰, 苟超, 段艳杰, 等. 生成式对抗网络GAN的研究进展与展望[J]. 自动化学报, 2017, 43 (3): 321- 332.
WANG Kunfeng , GOU Chao , DUAN Yanjie , et al. Research progress and prospect of GAN with generative antagonistic network[J]. Journal of Automation, 2017, 43 (3): 321- 332.
14 胡聪丛, 胡桓. 深度神经网络的发展现状[J]. 电子技术与软件工程, 2017, (4): 29- 31.
HU Congcong , HU Heng . Development status of deep neural network[J]. Electronics Technology and Ssoftware Engineering, 2017, (4): 29- 31.
15 王万良, 李卓蓉. 生成式对抗网络研究进展[J]. 通信学报, 2018, (2): 135- 148.
doi: 10.3969/j.issn.1001-2400.2018.02.023
WANG Wanliang , LI Zuorong . Research progress of generative countermeasures network[J]. Journal of Communications, 2018, (2): 135- 148.
doi: 10.3969/j.issn.1001-2400.2018.02.023
16 张喜升.对抗样本和生成对抗网络:深度学习中的对抗方法综述[D].天津:南开大学, 2016.
ZHANG Xisheng. Antagonism sample and generation of antagonism network: a review of antagonism methods in deep learning[D]. Tianjing: Nankai University, 2016.
17 黄娜娜, 万良, 邓烜堃, 等. 一种基于序列最小优化算法的跨站脚本漏洞检测技术[J]. 信息网络安全, 2017, (10): 55- 62.
doi: 10.3969/j.issn.1671-1122.2017.10.009
HUANG Nana , WAN Liang , DENG Xuankun , et al. A cross-site script vulnerability detection technology based on sequence minimum optimization algorithm[J]. Information Network Security, 2017, (10): 55- 62.
doi: 10.3969/j.issn.1671-1122.2017.10.009
18 包姣.基于深度神经网络的回归模型及其应用研究[D].成都:电子科技大学, 2017.
BAO Jiao. Regression model based on deep neural network and its application research[D]. Chengdu: University of Electronic Science and Technology, 2017.
19 张明理, 杨晓亮, 滕云, 等. 基于主成分分析与前向反馈传播神经网络的风电场输出功率预测[J]. 电网技术, 2011, 35 (3): 183- 187.
ZHANG Mingli , YANG Xiaoliang , TENG Yun , et al. Prediction of wind farm output power based on principal component analysis and forward feedback propagation neural network[J]. Power System Technology, 2011, 35 (3): 183- 187.
20 洪洋,葛振华,王纪凯,等.深度卷积对抗生成网络综述[C]//第18届中国系统仿真技术及其应用学术年会论文集(18th CCSSTA 2017).兰州:中国科技大学出版社, 2017: 279-283.
HONG Yang, GE Zhenhua, WANG Jikai, et al. Review of deep convolution antagonistic generation network[C]//Annual conference of Chinese System Simulation Technology and its Application (18th CCSSTA 2017). Lanzhou: Press of University of Science and Technology of China, 2017: 279-283.
21 朱纯, 王翰林, 魏天远, 等. 基于深度卷积生成对抗网络的语音生成技术[J]. 仪表技术, 2018, (2): 13- 15.
doi: 10.3969/j.issn.1002-1841.2018.02.004
ZHU Chun , WANG Hanlin , WEI Tianyuan , et al. Speech generation gechnology based on deep convolution generation antagonistic[J]. Instrument Technology, 2018, (2): 13- 15.
doi: 10.3969/j.issn.1002-1841.2018.02.004
22 袁辰,钱丽萍,张慧,等.基于生成对抗网络的恶意域名训练数据生成[J/OL].计算机应用研究, 2019, 36(5).[2018-03-14] http://www.arocmag.com/article/02-2019-05-042.html.
YUAN Chen, QIAN Liping, ZHANG Hui, et al. Malicious domain name training data generation based on generation antagonistic network[J/OL]. Computer application research, 2019, 36(5).[2018-03-14]. http://www.arocmag.com/article/02-2019-05-042.html.
23 王劼, 肖安雁, 杨巍. 基于模糊神经网络的自适应重合闸[J]. 武汉大学学报(工学版), 2008, (41): 115- 118.
WANG Jie , XIAO Anyan , YANG Wei . Adaptive reclosing based on fuzzy neural network[J]. Engineering Journal of Wuhan University, 2008, (41): 115- 118.
[1] 李力钊,蔡国永,潘角. 基于C-GRU的微博谣言事件检测方法[J]. 山东大学学报 (工学版), 2019, 49(2): 102-106, 115.
[2] 侯霄雄,许新征,朱炯,郭燕燕. 基于AlexNet和集成分类器的乳腺癌计算机辅助诊断方法[J]. 山东大学学报 (工学版), 2019, 49(2): 74-79.
[3] 谢志峰,吴佳萍,马利庄. 基于卷积神经网络的中文财经新闻分类方法[J]. 山东大学学报(工学版), 2018, 48(3): 34-39.
[4] 唐乐爽,田国会,黄彬. 一种基于DSmT推理的物品融合识别算法[J]. 山东大学学报(工学版), 2018, 48(1): 50-56.
[5] 周福娜,高育林,王佳瑜,文成林. 基于深度学习的缓变故障早期诊断及寿命预测[J]. 山东大学学报(工学版), 2017, 47(5): 30-37.
[6] 何正义,曾宪华,曲省卫,吴治龙. 基于集成深度学习的时间序列预测模型[J]. 山东大学学报(工学版), 2016, 46(6): 40-47.
[7] 郑毅, 朱成璋. 基于深度信念网络的PM2.5预测[J]. 山东大学学报(工学版), 2014, 44(6): 19-25.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 王素玉,艾兴,赵军,李作丽,刘增文 . 高速立铣3Cr2Mo模具钢切削力建模及预测[J]. 山东大学学报(工学版), 2006, 36(1): 1 -5 .
[2] 李 侃 . 嵌入式相贯线焊接控制系统开发与实现[J]. 山东大学学报(工学版), 2008, 38(4): 37 -41 .
[3] 李梁,罗奇鸣,陈恩红. 对象级搜索中基于图的对象排序模型(英文)[J]. 山东大学学报(工学版), 2009, 39(1): 15 -21 .
[4] 陈瑞,李红伟,田靖. 磁极数对径向磁轴承承载力的影响[J]. 山东大学学报(工学版), 2018, 48(2): 81 -85 .
[5] 季涛,高旭,孙同景,薛永端,徐丙垠 . 铁路10 kV自闭/贯通线路故障行波特征分析[J]. 山东大学学报(工学版), 2006, 36(2): 111 -116 .
[6] 浦剑1 ,张军平1 ,黄华2 . 超分辨率算法研究综述[J]. 山东大学学报(工学版), 2009, 39(1): 27 -32 .
[7] 秦通,孙丰荣*,王丽梅,王庆浩,李新彩. 基于极大圆盘引导的形状插值实现三维表面重建[J]. 山东大学学报(工学版), 2010, 40(3): 1 -5 .
[8] 刘文亮,朱维红,陈涤,张泓泉. 基于雷达图像的运动目标形态检测及跟踪技术[J]. 山东大学学报(工学版), 2010, 40(3): 31 -36 .
[9] 孙国华,吴耀华,黎伟. 消费税控制策略对供应链系统绩效的影响[J]. 山东大学学报(工学版), 2009, 39(1): 63 -68 .
[10] 孙炜伟,王玉振. 考虑饱和的发电机单机无穷大系统有限增益镇定[J]. 山东大学学报(工学版), 2009, 39(1): 69 -76 .
版权所有 © 2018 《山东大学学报(工学版)》编辑部 
地址: 济南市山大南路27号(250100)  电话: 0531-88366735  E-mail: xbgxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发