基于深度学习的车身网络KWP2000协议漏洞挖掘

doi:10.6040/j.issn.1672-3961.0.2018.340

摘要/Abstract

摘要：

为实现无需协议的任何结构知识进行网络安全漏洞检测，基于深度学习生成对抗式神经网络(generative adversarial nets, GAN)，提出对车身网络关键字协议2000 (keyword protocol 2000, KWP2000)漏洞挖掘的方法。选用前向反馈网络作为生成模型，支持向量机作为判别模型。利用神经网络模型训练生成KWP2000协议数据的测试用例数据，再利用这些测试用例数据对KWP2000进行模糊测试。通过试验发现目标协议KWP2000的超长错误、编码错误等漏洞。试验研究表明，该模糊测试方法提高了效率和安全性。

关键词: 关键字协议2000, 深度学习, 生成对抗式网络, 模糊测试, 车载诊断

Abstract:

A kind of vehicle-onboard diagnosis Protocol standard, keyword protocol 2000 (KWP2000) KWP2000, was investigated in details. KWP2000 was widely used in the automobile industry and the loophole of possible communication Protocol. We analyzed the current situations of the fuzzing, and based on this, we proposed a generative adversarial networks (GAN) by deep learning neural network for automobile body network KWP2000 protocol hole mining method. The forward feedback network was closeted as the generation model, and the support vector machine was used as the discriminant model. We used the neural network model to train the test case data of the KWP2000 protocol data, the fuzzing of KWP2000 was carried out by using these test case data. Through experiments, we found that the target protocol KWP2000 had long loopholes, coding errors and other vulnerabilities. Experimental results showed that this fuzzing method was efficient and safe.

Key words: KWP2000, deep learning, generative adversarial nets, fuzzing, onboard diagnostic

中图分类号:

TP18

张成彬,赵慧,曹宗钰. 基于深度学习的车身网络KWP2000协议漏洞挖掘[J]. 山东大学学报 (工学版), 2019, 49(2): 17-22.

Chengbin ZHANG,Hui ZHAO,Zongyu CAO. The vulnerability mining method for KWP2000 protocol based on deep learning and fuzzing[J]. Journal of Shandong University(Engineering Science), 2019, 49(2): 17-22.

图/表 7

表1

表2

图1

图2

图3

图4

图5

参考文献 23

1	史家康, 彭巍, 赵军辉. 汽车诊断与车载诊断系统(OBD)简介[J]. 运输经理世界, 2011, (11): 99- 101.
	SHI Jiakang , PENG Wei , ZHAO Jiahui . Introduction to automotive diagnosis and vehicle-mounted diagnosis system (OBD)[J]. World of Transportation Managers, 2011, (11): 99- 101.
2	FANG X J, DU J Y, JIA M Q, et al. Development of ECU calibration system for electronic controlled engine based on labview[C]// International Conference on Electric Information and Control Engineering. Wuhan, China: IEEE Press, 2011: 4930-4933.
3	HAMIDA E B , NOURA H , ZNAIDI W . Security of cooperative intelligent transport systems: standards, threats analysis and cryptographic countermeasures[J]. Electronics, 2015, 4 (3): 380- 423. doi: 10.3390/electronics4030380
4	张亚丰, 洪征, 吴礼发, 等. 基于状态的工控协议Fuzzing测试技术[J]. 计算机科学, 2017, 44 (5): 132- 140.
	ZHANG Yafeng , HONG Zheng , WU Lifa , et al. Testing technology of state-based industrial control protocol fuzzing[J]. Computer Science, 2017, 44 (5): 132- 140.
5	KANG M J , KANG J W . Intrusion detection system using deep neural network for in-vehicle network security[J]. Plos One, 2016, 11 (6): e0155781. doi: 10.1371/journal.pone.0155781
6	刘国权, 张伯英, 宋卫锋. KWP2000协议分析及开发测试[J]. 汽车技术, 2006, (5): 20- 24. doi: 10.3969/j.issn.1000-3703.2006.05.006
	LIU Guoquan , ZHANG Boying , SONG Weifeng . The analysis and development test of protocol KWP2000[J]. Automobile Technology, 2006, (5): 20- 24. doi: 10.3969/j.issn.1000-3703.2006.05.006
7	JING F , WANG J , ZHONG J , et al. Development of a new calibration tool for in-vehicle electronic control units based on KWP2000[J]. Transactions of Csice, 2003, 21 (3): 265- 271.
8	CHEN Chen , CUI Baojiang , MA Jinxin , et al. A systematic review of fuzzing techniques[J]. Computers & Security, 2018, 75, 118- 137.
9	PETSIOS T, TANG, A, STOLFO S, et al. NEZHA: efficient domain-independent differential testing[C]//2017 IEEE Symposium on Security and Privacy. CA, USA: IEEE Press, 2017: 615-632.
10	GODEFROID P, PELEG H, SINGH R. Learn & fuzz: machine learning for input fuzzing[C]// 32nd IEEE/ACM International Conference on Automated Software Engineering. IL, USA: IEEE Press, 2017: 50-59.
11	MICHALSKI , RYSZARDS , JAIME G , et al. Machine learning: an artificial intelligence approach[M]. Germany: Springer Science & Business Media, 2013.
12	孙志森, 席耀一, 李强, 等. 人工智能与神经网络发展研究[J]. 计算机科学与应用, 2018, 8 (2): 154- 165.
	SUN Zhisen , XI Yaoyi , LI Qiang , et al. Research on the development of artificial intelligence and neural network[J]. Computer Science and Application, 2018, 8 (2): 154- 165.
13	王坤峰, 苟超, 段艳杰, 等. 生成式对抗网络GAN的研究进展与展望[J]. 自动化学报, 2017, 43 (3): 321- 332.
	WANG Kunfeng , GOU Chao , DUAN Yanjie , et al. Research progress and prospect of GAN with generative antagonistic network[J]. Journal of Automation, 2017, 43 (3): 321- 332.
14	胡聪丛, 胡桓. 深度神经网络的发展现状[J]. 电子技术与软件工程, 2017, (4): 29- 31.
	HU Congcong , HU Heng . Development status of deep neural network[J]. Electronics Technology and Ssoftware Engineering, 2017, (4): 29- 31.
15	王万良, 李卓蓉. 生成式对抗网络研究进展[J]. 通信学报, 2018, (2): 135- 148. doi: 10.3969/j.issn.1001-2400.2018.02.023
	WANG Wanliang , LI Zuorong . Research progress of generative countermeasures network[J]. Journal of Communications, 2018, (2): 135- 148. doi: 10.3969/j.issn.1001-2400.2018.02.023
16	张喜升.对抗样本和生成对抗网络:深度学习中的对抗方法综述[D].天津:南开大学, 2016.
	ZHANG Xisheng. Antagonism sample and generation of antagonism network: a review of antagonism methods in deep learning[D]. Tianjing: Nankai University, 2016.
17	黄娜娜, 万良, 邓烜堃, 等. 一种基于序列最小优化算法的跨站脚本漏洞检测技术[J]. 信息网络安全, 2017, (10): 55- 62. doi: 10.3969/j.issn.1671-1122.2017.10.009
	HUANG Nana , WAN Liang , DENG Xuankun , et al. A cross-site script vulnerability detection technology based on sequence minimum optimization algorithm[J]. Information Network Security, 2017, (10): 55- 62. doi: 10.3969/j.issn.1671-1122.2017.10.009
18	包姣.基于深度神经网络的回归模型及其应用研究[D].成都:电子科技大学, 2017.
	BAO Jiao. Regression model based on deep neural network and its application research[D]. Chengdu: University of Electronic Science and Technology, 2017.
19	张明理, 杨晓亮, 滕云, 等. 基于主成分分析与前向反馈传播神经网络的风电场输出功率预测[J]. 电网技术, 2011, 35 (3): 183- 187.
	ZHANG Mingli , YANG Xiaoliang , TENG Yun , et al. Prediction of wind farm output power based on principal component analysis and forward feedback propagation neural network[J]. Power System Technology, 2011, 35 (3): 183- 187.
20	洪洋,葛振华,王纪凯,等.深度卷积对抗生成网络综述[C]//第18届中国系统仿真技术及其应用学术年会论文集(18th CCSSTA 2017).兰州:中国科技大学出版社, 2017: 279-283.
	HONG Yang, GE Zhenhua, WANG Jikai, et al. Review of deep convolution antagonistic generation network[C]//Annual conference of Chinese System Simulation Technology and its Application (18th CCSSTA 2017). Lanzhou: Press of University of Science and Technology of China, 2017: 279-283.
21	朱纯, 王翰林, 魏天远, 等. 基于深度卷积生成对抗网络的语音生成技术[J]. 仪表技术, 2018, (2): 13- 15. doi: 10.3969/j.issn.1002-1841.2018.02.004
	ZHU Chun , WANG Hanlin , WEI Tianyuan , et al. Speech generation gechnology based on deep convolution generation antagonistic[J]. Instrument Technology, 2018, (2): 13- 15. doi: 10.3969/j.issn.1002-1841.2018.02.004
22	袁辰,钱丽萍,张慧,等.基于生成对抗网络的恶意域名训练数据生成[J/OL].计算机应用研究, 2019, 36(5).[2018-03-14] http://www.arocmag.com/article/02-2019-05-042.html.
	YUAN Chen, QIAN Liping, ZHANG Hui, et al. Malicious domain name training data generation based on generation antagonistic network[J/OL]. Computer application research, 2019, 36(5).[2018-03-14]. http://www.arocmag.com/article/02-2019-05-042.html.
23	王劼, 肖安雁, 杨巍. 基于模糊神经网络的自适应重合闸[J]. 武汉大学学报(工学版), 2008, (41): 115- 118.
	WANG Jie , XIAO Anyan , YANG Wei . Adaptive reclosing based on fuzzy neural network[J]. Engineering Journal of Wuhan University, 2008, (41): 115- 118.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

地址信息	协议控制信息	数据域
N_AI⁽¹⁾	N_PCI⁽²⁾	N_Data⁽³⁾

N_PDU 名称	Byte #1		Byte#2	Byte#3
N_PDU 名称	Bit#7-4	Bit#3-0	Byte#2	Byte#3
单帧(SF)	N_PCItype=0	SF_DL	N/A	N/A
第一帧(FF)	N_PCItype=1	FF_DL	FF_DL	N/A
连续帧(CF)	N_PCItype=2	SN	N/A	N/A
流控制帧(FC)	N_PCItype=3	FS	BS	STmin

[1]	李常刚,李宝亮,曹永吉,王佳颖. 人工智能在电力系统潮流计算中的应用综述及展望[J]. 山东大学学报 (工学版), 2025, 55(5): 1-17.
[2]	周群颖,隋家成,张继,王洪元. 基于自监督卷积和无参数注意力机制的工业品表面缺陷检测[J]. 山东大学学报 (工学版), 2025, 55(4): 40-47.
[3]	薛冰冰,王勇,杨维浩,王川,于迪,王旭. 基于ETC收费数据的高速公路交通流数据修复及实时预测[J]. 山东大学学报 (工学版), 2025, 55(3): 58-71.
[4]	董明书,陈俐企,马川义,张珠皓,孙仁娟,管延华,庄培芝. 沥青路面内部裂缝雷达图像智能判识算法研究[J]. 山东大学学报 (工学版), 2025, 55(3): 72-79.
[5]	常新功,苏敏惠,周志刚. 基于进化集成的图神经网络解释方法[J]. 山东大学学报 (工学版), 2024, 54(4): 1-12.
[6]	索大翔,李波. 基于Gromov-Wasserstein最优传输的输电线路小目标检测方法[J]. 山东大学学报 (工学版), 2024, 54(3): 22-29.
[7]	宋辉,张轶哲,张功萱,孟元. 基于类权重和最小化预测熵的测试时集成方法[J]. 山东大学学报 (工学版), 2024, 54(3): 36-43.
[8]	刘新,刘冬兰,付婷,王勇,常英贤,姚洪磊,罗昕,王睿,张昊. 基于联邦学习的时间序列预测算法[J]. 山东大学学报 (工学版), 2024, 54(3): 55-63.
[9]	聂秀山,巩蕊,董飞,郭杰,马玉玲. 短视频场景分类方法综述[J]. 山东大学学报 (工学版), 2024, 54(3): 1-11.
[10]	李璐,张志军,范钰敏,王星,袁卫华. 面向冷启动用户的元学习与图转移学习序列推荐[J]. 山东大学学报 (工学版), 2024, 54(2): 69-79.
[11]	高泽文,王建,魏本征. 基于混合偏移轴向自注意力机制的脑胶质瘤分割算法[J]. 山东大学学报 (工学版), 2024, 54(2): 80-89.
[12]	陈成,董永权,贾瑞,刘源. 基于交互序列特征相关性的可解释知识追踪[J]. 山东大学学报 (工学版), 2024, 54(1): 100-108.
[13]	李家春,李博文,常建波. 一种高效且轻量的RGB单帧人脸反欺诈模型[J]. 山东大学学报 (工学版), 2023, 53(6): 1-7.
[14]	王旭晴,魏伟波,杨光宇,宋金涛,吕婷,潘振宽. 基于算法展开的图像盲去模糊深度学习网络[J]. 山东大学学报 (工学版), 2023, 53(6): 35-46.
[15]	王碧瑶,韩毅,崔航滨,刘毅超,任铭然,高维勇,陈姝廷,刘嘉巍,崔洋. 基于图像的道路语义分割检测方法[J]. 山东大学学报 (工学版), 2023, 53(5): 37-47.